Context Navigation

← Previous Changeset
Next Changeset →

Changeset 244708 in webkit

Timestamp:

Apr 26, 2019 3:21:25 PM (5 years ago)

Author:

rmorisset@apple.com

Message:

All prototypes should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Saam Barati.

JSTests:

stress/function-prototype-indexed-accessor.js: Added.

Source/JavaScriptCore:

Otherwise we won't remember to run haveABadTime() when someone adds to them an indexed accessor.

I added a check used in both Structure::finishCreation() and Structure::changePrototypeTransition to make sure we don't
create structures with invalid prototypes.
It found a lot of objects that are used as prototypes in JSGlobalObject and yet were missing didBecomePrototype() in their finishCreation().
Somewhat surprisingly, some of them have names like FunctionConstructor and not only FooPrototype.

runtime/BigIntPrototype.cpp:

(JSC::BigIntPrototype::finishCreation):

runtime/BooleanPrototype.cpp:

(JSC::BooleanPrototype::finishCreation):

runtime/DatePrototype.cpp:

(JSC::DatePrototype::finishCreation):

runtime/ErrorConstructor.cpp:

(JSC::ErrorConstructor::finishCreation):

runtime/ErrorPrototype.cpp:

(JSC::ErrorPrototype::finishCreation):

runtime/FunctionConstructor.cpp:

(JSC::FunctionConstructor::finishCreation):

runtime/FunctionPrototype.cpp:

(JSC::FunctionPrototype::finishCreation):

runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorPrototype::finishCreation):

runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototype::finishCreation):

runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototype::finishCreation):

runtime/IntlPluralRulesPrototype.cpp:

(JSC::IntlPluralRulesPrototype::finishCreation):

runtime/JSArrayBufferPrototype.cpp:

(JSC::JSArrayBufferPrototype::finishCreation):

runtime/JSDataViewPrototype.cpp:

(JSC::JSDataViewPrototype::finishCreation):

runtime/JSGenericTypedArrayViewPrototypeInlines.h:

(JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):

runtime/JSGlobalObject.cpp:

(JSC::createConsoleProperty):

runtime/JSPromisePrototype.cpp:

(JSC::JSPromisePrototype::finishCreation):

runtime/JSTypedArrayViewConstructor.cpp:

(JSC::JSTypedArrayViewConstructor::finishCreation):

runtime/JSTypedArrayViewPrototype.cpp:

(JSC::JSTypedArrayViewPrototype::finishCreation):

runtime/NumberPrototype.cpp:

(JSC::NumberPrototype::finishCreation):

runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):

runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):

runtime/Structure.cpp:

(JSC::Structure::isValidPrototype):
(JSC::Structure::changePrototypeTransition):

runtime/Structure.h:
runtime/SymbolPrototype.cpp:

(JSC::SymbolPrototype::finishCreation):

wasm/js/WebAssemblyCompileErrorPrototype.cpp:

(JSC::WebAssemblyCompileErrorPrototype::finishCreation):

wasm/js/WebAssemblyInstancePrototype.cpp:

(JSC::WebAssemblyInstancePrototype::finishCreation):

wasm/js/WebAssemblyLinkErrorPrototype.cpp:

(JSC::WebAssemblyLinkErrorPrototype::finishCreation):

wasm/js/WebAssemblyMemoryPrototype.cpp:

(JSC::WebAssemblyMemoryPrototype::finishCreation):

wasm/js/WebAssemblyModulePrototype.cpp:

(JSC::WebAssemblyModulePrototype::finishCreation):

wasm/js/WebAssemblyPrototype.cpp:

(JSC::WebAssemblyPrototype::finishCreation):

wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:

(JSC::WebAssemblyRuntimeErrorPrototype::finishCreation):

wasm/js/WebAssemblyTablePrototype.cpp:

(JSC::WebAssemblyTablePrototype::finishCreation):

Source/WebCore:

It was found by existing tests, with the new assert in JSC::Structure

bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

bindings/scripts/CodeGeneratorJS.pm:

(GeneratePrototypeDeclaration):
(GenerateConstructorHelperMethods):

Location:

trunk

Files:

: 1 added
: 99 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/function-prototype-indexed-accessor.js (added)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/runtime/BigIntPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/BooleanPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/DatePrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/ErrorConstructor.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/ErrorPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/FunctionConstructor.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/FunctionPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeInlines.h (modified) (1 diff)
Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/JSPromisePrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/NumberPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/RegExpPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/StringPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/runtime/Structure.cpp (modified) (2 diffs)
Source/JavaScriptCore/runtime/Structure.h (modified) (2 diffs)
Source/JavaScriptCore/runtime/SymbolPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.cpp (modified) (1 diff)
Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp (modified) (1 diff)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/bindings/js/JSWindowProxy.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSMapLike.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSReadOnlyMapLike.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestCallTracer.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestEnabledBySetting.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.h (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInherit.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp (modified) (2 diffs)
Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifier.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp (modified) (1 diff)
Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-                      r244579
+                      r244708
+-04-26  Robin Morisset  <rmorisset@apple.com>
+        All prototypes should call didBecomePrototype()
+        https://bugs.webkit.org/show_bug.cgi?id=196315
+        Reviewed by Saam Barati.
+        * stress/function-prototype-indexed-accessor.js: Added.
 -04-23  Saam Barati  <sbarati@apple.com>

trunk/Source/JavaScriptCore/ChangeLog

-                      r244694
+                      r244708
+-04-26  Robin Morisset  <rmorisset@apple.com>
+        All prototypes should call didBecomePrototype()
+        https://bugs.webkit.org/show_bug.cgi?id=196315
+        Reviewed by Saam Barati.
+        Otherwise we won't remember to run haveABadTime() when someone adds to them an indexed accessor.
+        I added a check used in both Structure::finishCreation() and Structure::changePrototypeTransition to make sure we don't
+        create structures with invalid prototypes.
+        It found a lot of objects that are used as prototypes in JSGlobalObject and yet were missing didBecomePrototype() in their finishCreation().
+        Somewhat surprisingly, some of them have names like FunctionConstructor and not only FooPrototype.
+        * runtime/BigIntPrototype.cpp:
+        (JSC::BigIntPrototype::finishCreation):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::finishCreation):
+        * runtime/DatePrototype.cpp:
+        (JSC::DatePrototype::finishCreation):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::finishCreation):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::finishCreation):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::finishCreation):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::finishCreation):
+        * runtime/IntlCollatorPrototype.cpp:
+        (JSC::IntlCollatorPrototype::finishCreation):
+        * runtime/IntlDateTimeFormatPrototype.cpp:
+        (JSC::IntlDateTimeFormatPrototype::finishCreation):
+        * runtime/IntlNumberFormatPrototype.cpp:
+        (JSC::IntlNumberFormatPrototype::finishCreation):
+        * runtime/IntlPluralRulesPrototype.cpp:
+        (JSC::IntlPluralRulesPrototype::finishCreation):
+        * runtime/JSArrayBufferPrototype.cpp:
+        (JSC::JSArrayBufferPrototype::finishCreation):
+        * runtime/JSDataViewPrototype.cpp:
+        (JSC::JSDataViewPrototype::finishCreation):
+        * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
+        (JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::createConsoleProperty):
+        * runtime/JSPromisePrototype.cpp:
+        (JSC::JSPromisePrototype::finishCreation):
+        * runtime/JSTypedArrayViewConstructor.cpp:
+        (JSC::JSTypedArrayViewConstructor::finishCreation):
+        * runtime/JSTypedArrayViewPrototype.cpp:
+        (JSC::JSTypedArrayViewPrototype::finishCreation):
+        * runtime/NumberPrototype.cpp:
+        (JSC::NumberPrototype::finishCreation):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::finishCreation):
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::finishCreation):
+        * runtime/Structure.cpp:
+        (JSC::Structure::isValidPrototype):
+        (JSC::Structure::changePrototypeTransition):
+        * runtime/Structure.h:
+        * runtime/SymbolPrototype.cpp:
+        (JSC::SymbolPrototype::finishCreation):
+        * wasm/js/WebAssemblyCompileErrorPrototype.cpp:
+        (JSC::WebAssemblyCompileErrorPrototype::finishCreation):
+        * wasm/js/WebAssemblyInstancePrototype.cpp:
+        (JSC::WebAssemblyInstancePrototype::finishCreation):
+        * wasm/js/WebAssemblyLinkErrorPrototype.cpp:
+        (JSC::WebAssemblyLinkErrorPrototype::finishCreation):
+        * wasm/js/WebAssemblyMemoryPrototype.cpp:
+        (JSC::WebAssemblyMemoryPrototype::finishCreation):
+        * wasm/js/WebAssemblyModulePrototype.cpp:
+        (JSC::WebAssemblyModulePrototype::finishCreation):
+        * wasm/js/WebAssemblyPrototype.cpp:
+        (JSC::WebAssemblyPrototype::finishCreation):
+        * wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
+        (JSC::WebAssemblyRuntimeErrorPrototype::finishCreation):
+        * wasm/js/WebAssemblyTablePrototype.cpp:
+        (JSC::WebAssemblyTablePrototype::finishCreation):
 -04-26  Don Olmstead  <don.olmstead@sony.com>

trunk/Source/JavaScriptCore/runtime/BigIntPrototype.cpp

r244088	r244708
74	74	ASSERT(inherits(vm, info()));
75	75	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "BigInt"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	76	didBecomePrototype();
76	77	}
77	78

trunk/Source/JavaScriptCore/runtime/BooleanPrototype.cpp

r229410	r244708
60	60	Base::finishCreation(vm);
61	61	setInternalValue(vm, jsBoolean(false));
	62	didBecomePrototype();
62	63
63	64	ASSERT(inherits(vm, info()));

trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp

r241649	r244708
516	516	JSFunction* toPrimitiveFunction = JSFunction::create(vm, globalObject, 1, "[Symbol.toPrimitive]"_s, dateProtoFuncToPrimitiveSymbol, NoIntrinsic);
517	517	putDirectWithoutTransition(vm, vm.propertyNames->toPrimitiveSymbol, toPrimitiveFunction, PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	518	didBecomePrototype();
518	519
519	520	// The constructor will be added later, after DateConstructor has been built.

trunk/Source/JavaScriptCore/runtime/ErrorConstructor.cpp

r242650	r244708
49	49	putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(1), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
50	50	putDirectWithoutTransition(vm, vm.propertyNames->stackTraceLimit, jsNumber(globalObject(vm)->stackTraceLimit().valueOr(Options::defaultErrorStackTraceLimit())), static_cast<unsigned>(PropertyAttribute::None));
	51	didBecomePrototype();
51	52	}
52	53

trunk/Source/JavaScriptCore/runtime/ErrorPrototype.cpp

r240543	r244708
67	67	putDirectWithoutTransition(vm, vm.propertyNames->name, jsString(&vm, name), static_cast<unsigned>(PropertyAttribute::DontEnum));
68	68	putDirectWithoutTransition(vm, vm.propertyNames->message, jsEmptyString(&vm), static_cast<unsigned>(PropertyAttribute::DontEnum));
	69	didBecomePrototype();
69	70	}
70	71

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp

r242650	r244708
62	62	putDirectWithoutTransition(vm, vm.propertyNames->prototype, functionPrototype, PropertyAttribute::DontEnum \| PropertyAttribute::DontDelete \| PropertyAttribute::ReadOnly);
63	63	putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(1), PropertyAttribute::ReadOnly \| PropertyAttribute::DontEnum);
	64	didBecomePrototype();
64	65	}
65	66

trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp

r242650	r244708
55	55	Base::finishCreation(vm, name, NameVisibility::Visible, NameAdditionMode::WithoutStructureTransition);
56	56	putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(0), PropertyAttribute::DontDelete \| PropertyAttribute::ReadOnly \| PropertyAttribute::DontEnum);
	57	didBecomePrototype();
57	58	}
58	59

trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp

r236697	r244708
77	77
78	78	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Object"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	79	didBecomePrototype();
79	80	}
80	81

trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp

r236697	r244708
91	91
92	92	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Object"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	93	didBecomePrototype();
93	94	}
94	95

trunk/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp

r236697	r244708
89	89
90	90	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Object"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	91	didBecomePrototype();
91	92	}
92	93

trunk/Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.cpp

r236697	r244708
76	76
77	77	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Object"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	78	didBecomePrototype();
78	79	}
79	80

trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp

r242650	r244708
122	122	else
123	123	JSC_NATIVE_GETTER_WITHOUT_TRANSITION(vm.propertyNames->byteLength, sharedArrayBufferProtoGetterFuncByteLength, PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	124	didBecomePrototype();
124	125	}
125	126

trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp

r235935	r244708
111	111	Base::finishCreation(vm);
112	112	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "DataView"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	113	didBecomePrototype();
113	114	}
114	115

trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeInlines.h

r222473	r244708
46	46	putDirect(vm, vm.propertyNames->BYTES_PER_ELEMENT, jsNumber(ViewClass::elementSize), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly \| PropertyAttribute::DontDelete);
47	47
	48	didBecomePrototype();
48	49	}
49	50

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

r244211	r244708
233	233	{
234	234	JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
235		return ConsoleObject::create(vm, global, ConsoleObject::createStructure(vm, global, constructEmptyObject(global->globalExec())));
	235	JSValue prototype = constructEmptyObject(global->globalExec());
	236	prototype.getObject()->didBecomePrototype();
	237	return ConsoleObject::create(vm, global, ConsoleObject::createStructure(vm, global, prototype));
236	238	}
237	239

trunk/Source/JavaScriptCore/runtime/JSPromisePrototype.cpp

r222473	r244708
78	78	Base::finishCreation(vm);
79	79	putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Promise"), PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	80	didBecomePrototype();
80	81	}
81	82

trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp

r242650	r244708
56	56	JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->of, typedArrayConstructorOfCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
57	57	JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->from, typedArrayConstructorFromCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
	58
	59	didBecomePrototype();
58	60	}
59	61

trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp

r242650	r244708
335	335	putDirectWithoutTransition(vm, vm.propertyNames->iteratorSymbol, valuesFunction, static_cast<unsigned>(PropertyAttribute::DontEnum));
336	336
	337	didBecomePrototype();
337	338	}
338	339

trunk/Source/JavaScriptCore/runtime/NumberPrototype.cpp

r242713	r244708
83	83	JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->toString, numberProtoFuncToString, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, NumberPrototypeToStringIntrinsic);
84	84	ASSERT(inherits(vm, info()));
	85	didBecomePrototype();
85	86	}
86	87

trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp

r242699	r244708
82	82	JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->splitSymbol, regExpPrototypeSplitCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
83	83	JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->test, regExpPrototypeTestCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
	84
	85	didBecomePrototype();
84	86	}
85	87

trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp

r243081	r244708
173	173	// The constructor will be added later, after StringConstructor has been built
174	174	putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(0), PropertyAttribute::DontDelete \| PropertyAttribute::ReadOnly \| PropertyAttribute::DontEnum);
	175
	176	didBecomePrototype();
175	177	}
176	178

trunk/Source/JavaScriptCore/runtime/Structure.cpp

r243467	r244708
322	322	}
323	323
	324	bool Structure::isValidPrototype(JSValue prototype)
	325	{
	326	return prototype.isNull() \|\| (prototype.isObject() && prototype.getObject()->mayBePrototype());
	327	}
	328
324	329	void Structure::findStructuresAndMapForMaterialization(Vector<Structure, 8>& structures, Structure& structure, PropertyTable*& table)
325	330	{
…	…
545	550	Structure* Structure::changePrototypeTransition(VM& vm, Structure* structure, JSValue prototype, DeferredStructureTransitionWatchpointFire& deferred)
546	551	{
547		ASSERT(~~prototype.isObject() \|\| prototype.isNull(~~));
	552	ASSERT(isValidPrototype(prototype));
548	553
549	554	DeferGC deferGC(vm.heap);

trunk/Source/JavaScriptCore/runtime/Structure.h

-                      r243467
+                      r244708
+    {
         Base::finishCreation(vm);
         ASSERT(m_prototype.get().isEmpty() || m_prototype.isObject() || m_prototype.isNull());
+        ASSERT(m_prototype.get().isEmpty() || isValidPrototype(m_prototype.get()));
+    }
 …
     void checkConsistency();
+    JS_EXPORT_PRIVATE static bool isValidPrototype(JSValue);
     // This may grab the lock, or not. Do not call when holding the Structure's lock.
     PropertyTable* ensurePropertyTableIfNotEmpty(VM& vm)

trunk/Source/JavaScriptCore/runtime/SymbolPrototype.cpp

r236697	r244708
68	68	JSFunction* toPrimitiveFunction = JSFunction::create(vm, globalObject, 1, "[Symbol.toPrimitive]"_s, symbolProtoFuncValueOf, NoIntrinsic);
69	69	putDirectWithoutTransition(vm, vm.propertyNames->toPrimitiveSymbol, toPrimitiveFunction, PropertyAttribute::DontEnum \| PropertyAttribute::ReadOnly);
	70
	71	didBecomePrototype();
70	72	}
71	73

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.cpp

r218216	r244708
58	58	{
59	59	Base::finishCreation(vm);
	60	didBecomePrototype();
60	61	}
61	62

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.cpp

r233122	r244708
87	87	{
88	88	Base::finishCreation(vm);
	89	didBecomePrototype();
89	90	}
90	91

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.cpp

r218216	r244708
58	58	{
59	59	Base::finishCreation(vm);
	60	didBecomePrototype();
60	61	}
61	62

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp

r233122	r244708
110	110	Base::finishCreation(vm);
111	111	ASSERT(inherits(vm, info()));
	112	didBecomePrototype();
112	113	}
113	114

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.cpp

r218216	r244708
57	57	{
58	58	Base::finishCreation(vm);
	59	didBecomePrototype();
59	60	}
60	61

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp

r243051	r244708
382	382	JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION("instantiateStreaming", webAssemblyPrototypeInstantiateStreamingCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum));
383	383	}
	384
	385	didBecomePrototype();
384	386	}
385	387

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.cpp

r218216	r244708
58	58	{
59	59	Base::finishCreation(vm);
	60	didBecomePrototype();
60	61	}
61	62

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp

r233122	r244708
165	165	Base::finishCreation(vm);
166	166	ASSERT(inherits(vm, info()));
	167	didBecomePrototype();
167	168	}
168	169

trunk/Source/WebCore/ChangeLog

-                      r244704
+                      r244708
+-04-26  Robin Morisset  <rmorisset@apple.com>
+        All prototypes should call didBecomePrototype()
+        https://bugs.webkit.org/show_bug.cgi?id=196315
+        Reviewed by Saam Barati.
+        It was found by existing tests, with the new assert in JSC::Structure
+        * bindings/js/JSWindowProxy.cpp:
+        (WebCore::JSWindowProxy::setWindow):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GeneratePrototypeDeclaration):
+        (GenerateConstructorHelperMethods):
 -04-26  Eric Carlson  <eric.carlson@apple.com>

trunk/Source/WebCore/bindings/js/JSWindowProxy.cpp

r232337	r244708
98	98	// Perhaps the issue is that structure objects aren't seen when scanning the stack?
99	99	Strong<JSNonFinalObject> prototype(vm, isRemoteDOMWindow ? static_cast<JSNonFinalObject>(JSRemoteDOMWindowPrototype::create(vm, nullptr, &prototypeStructure)) : static_cast<JSNonFinalObject>(JSDOMWindowPrototype::create(vm, nullptr, &prototypeStructure)));
	100	prototype->didBecomePrototype();
100	101
101	102	JSDOMGlobalObject* window = nullptr;

trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

-                      r243555
+                      r244708
     push(@$outputArray, "        : JSC::JSNonFinalObject(vm, structure)\n");
     push(@$outputArray, "    {\n");
+    push(@$outputArray, "        didBecomePrototype();\n");
     push(@$outputArray, "    }\n");
 …
     if (!$generatingNamedConstructor and $interface->parentType) {
         my $parentClassName = "JS" . $interface->parentType->name;
+        push(@$outputArray, "    return ${parentClassName}::getConstructor(vm, &globalObject);\n");
+        push(@$outputArray, "    auto result = ${parentClassName}::getConstructor(vm, &globalObject);\n");
+        push(@$outputArray, "    result.getObject()->didBecomePrototype();\n");
+        push(@$outputArray, "    return result;\n");
     } else {
         AddToImplIncludes("<JavaScriptCore/FunctionPrototype.h>");

trunk/Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp

r240557	r244708
63	63	: JSC::JSNonFinalObject(vm, structure)
64	64	{
	65	didBecomePrototype();
65	66	}
66	67

trunk/Source/WebCore/bindings/scripts/test/JS/JSMapLike.cpp

r240557	r244708
82	82	: JSC::JSNonFinalObject(vm, structure)
83	83	{
	84	didBecomePrototype();
84	85	}
85	86

trunk/Source/WebCore/bindings/scripts/test/JS/JSReadOnlyMapLike.cpp

r240557	r244708
79	79	: JSC::JSNonFinalObject(vm, structure)
80	80	{
	81	didBecomePrototype();
81	82	}
82	83

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp

r240557	r244708
76	76	: JSC::JSNonFinalObject(vm, structure)
77	77	{
	78	didBecomePrototype();
78	79	}
79	80

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp

r240557	r244708
88	88	: JSC::JSNonFinalObject(vm, structure)
89	89	{
	90	didBecomePrototype();
90	91	}
91	92

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp

r240557	r244708
75	75	: JSC::JSNonFinalObject(vm, structure)
76	76	{
	77	didBecomePrototype();
77	78	}
78	79

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCallTracer.cpp

r240557	r244708
93	93	: JSC::JSNonFinalObject(vm, structure)
94	94	{
	95	didBecomePrototype();
95	96	}
96	97

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp

r240557	r244708
64	64	: JSC::JSNonFinalObject(vm, structure)
65	65	{
	66	didBecomePrototype();
66	67	}
67	68

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp

r240557	r244708
486	486	: JSC::JSNonFinalObject(vm, structure)
487	487	{
	488	didBecomePrototype();
488	489	}
489	490
…	…
495	496	template<> JSValue JSTestDOMJITConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
496	497	{
497		return JSNode::getConstructor(vm, &globalObject);
	498	auto result = JSNode::getConstructor(vm, &globalObject);
	499	result.getObject()->didBecomePrototype();
	500	return result;
498	501	}
499	502

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEnabledBySetting.cpp

r240557	r244708
85	85	: JSC::JSNonFinalObject(vm, structure)
86	86	{
	87	didBecomePrototype();
87	88	}
88	89

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp

r240557	r244708
145	145	: JSC::JSNonFinalObject(vm, structure)
146	146	{
	147	didBecomePrototype();
147	148	}
148	149
…	…
171	172	template<> JSValue JSTestEventConstructorConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
172	173	{
173		return JSEvent::getConstructor(vm, &globalObject);
	174	auto result = JSEvent::getConstructor(vm, &globalObject);
	175	result.getObject()->didBecomePrototype();
	176	return result;
174	177	}
175	178

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp

r240557	r244708
73	73	: JSC::JSNonFinalObject(vm, structure)
74	74	{
	75	didBecomePrototype();
75	76	}
76	77
…	…
82	83	template<> JSValue JSTestEventTargetConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
83	84	{
84		return JSEventTarget::getConstructor(vm, &globalObject);
	85	auto result = JSEventTarget::getConstructor(vm, &globalObject);
	86	result.getObject()->didBecomePrototype();
	87	return result;
85	88	}
86	89

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp

r240557	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp

r241348	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.h

r239191	r244708
103	103	: JSC::JSNonFinalObject(vm, structure)
104	104	{
	105	didBecomePrototype();
105	106	}
106	107	public:

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp

r240557	r244708
71	71	: JSC::JSNonFinalObject(vm, structure)
72	72	{
	73	didBecomePrototype();
73	74	}
74	75

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp

r240557	r244708
169	169	: JSC::JSNonFinalObject(vm, structure)
170	170	{
	171	didBecomePrototype();
171	172	}
172	173

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp

r240557	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp

r240557	r244708
74	74	: JSC::JSNonFinalObject(vm, structure)
75	75	{
	76	didBecomePrototype();
76	77	}
77	78

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp

r233122	r244708
70	70	: JSC::JSNonFinalObject(vm, structure)
71	71	{
	72	didBecomePrototype();
72	73	}
73	74

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp

r240557	r244708
71	71	: JSC::JSNonFinalObject(vm, structure)
72	72	{
	73	didBecomePrototype();
73	74	}
74	75

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp

r240557	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp

r240557	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp

r240557	r244708
73	73	: JSC::JSNonFinalObject(vm, structure)
74	74	{
	75	didBecomePrototype();
75	76	}
76	77

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp

r240557	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp

r240557	r244708
70	70	: JSC::JSNonFinalObject(vm, structure)
71	71	{
	72	didBecomePrototype();
72	73	}
73	74

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp

r240557	r244708
66	66	: JSC::JSNonFinalObject(vm, structure)
67	67	{
	68	didBecomePrototype();
68	69	}
69	70

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp

r240557	r244708
70	70	: JSC::JSNonFinalObject(vm, structure)
71	71	{
	72	didBecomePrototype();
72	73	}
73	74

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp

r240557	r244708
70	70	: JSC::JSNonFinalObject(vm, structure)
71	71	{
	72	didBecomePrototype();
72	73	}
73	74

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp

r240557	r244708
73	73	: JSC::JSNonFinalObject(vm, structure)
74	74	{
	75	didBecomePrototype();
75	76	}
76	77

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp

r240557	r244708
73	73	: JSC::JSNonFinalObject(vm, structure)
74	74	{
	75	didBecomePrototype();
75	76	}
76	77

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp

r240557	r244708
65	65	: JSC::JSNonFinalObject(vm, structure)
66	66	{
	67	didBecomePrototype();
67	68	}
68	69

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp

r240557	r244708
72	72	: JSC::JSNonFinalObject(vm, structure)
73	73	{
	74	didBecomePrototype();
74	75	}
75	76

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp

r240557	r244708
72	72	: JSC::JSNonFinalObject(vm, structure)
73	73	{
	74	didBecomePrototype();
74	75	}
75	76

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp

r240557	r244708
89	89	: JSC::JSNonFinalObject(vm, structure)
90	90	{
	91	didBecomePrototype();
91	92	}
92	93
…	…
109	110	template<> JSValue JSTestNodeConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
110	111	{
111		return JSNode::getConstructor(vm, &globalObject);
	112	auto result = JSNode::getConstructor(vm, &globalObject);
	113	result.getObject()->didBecomePrototype();
	114	return result;
112	115	}
113	116

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp

r241607	r244708
1820	1820	: JSC::JSNonFinalObject(vm, structure)
1821	1821	{
	1822	didBecomePrototype();
1822	1823	}
1823	1824

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp

r240557	r244708
69	69	: JSC::JSNonFinalObject(vm, structure)
70	70	{
	71	didBecomePrototype();
71	72	}
72	73

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp

r240557	r244708
68	68	: JSC::JSNonFinalObject(vm, structure)
69	69	{
	70	didBecomePrototype();
70	71	}
71	72

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp

r240557	r244708
73	73	: JSC::JSNonFinalObject(vm, structure)
74	74	{
	75	didBecomePrototype();
75	76	}
76	77

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.cpp

r240557	r244708
64	64	: JSC::JSNonFinalObject(vm, structure)
65	65	{
	66	didBecomePrototype();
66	67	}
67	68

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp

r240557	r244708
148	148	: JSC::JSNonFinalObject(vm, structure)
149	149	{
	150	didBecomePrototype();
150	151	}
151	152
…	…
175	176	template<> JSValue JSTestPromiseRejectionEventConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
176	177	{
177		return JSEvent::getConstructor(vm, &globalObject);
	178	auto result = JSEvent::getConstructor(vm, &globalObject);
	179	result.getObject()->didBecomePrototype();
	180	return result;
178	181	}
179	182

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp

r241198	r244708
105	105	: JSC::JSNonFinalObject(vm, structure)
106	106	{
	107	didBecomePrototype();
107	108	}
108	109

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp

r240557	r244708
62	62	: JSC::JSNonFinalObject(vm, structure)
63	63	{
	64	didBecomePrototype();
64	65	}
65	66
…	…
71	72	template<> JSValue JSTestSerializationIndirectInheritanceConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
72	73	{
73		return JSTestSerializationInherit::getConstructor(vm, &globalObject);
	74	auto result = JSTestSerializationInherit::getConstructor(vm, &globalObject);
	75	result.getObject()->didBecomePrototype();
	76	return result;
74	77	}
75	78

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInherit.cpp

r240557	r244708
72	72	: JSC::JSNonFinalObject(vm, structure)
73	73	{
	74	didBecomePrototype();
74	75	}
75	76
…	…
81	82	template<> JSValue JSTestSerializationInheritConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
82	83	{
83		return JSTestSerialization::getConstructor(vm, &globalObject);
	84	auto result = JSTestSerialization::getConstructor(vm, &globalObject);
	85	result.getObject()->didBecomePrototype();
	86	return result;
84	87	}
85	88

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp

r240557	r244708
74	74	: JSC::JSNonFinalObject(vm, structure)
75	75	{
	76	didBecomePrototype();
76	77	}
77	78
…	…
83	84	template<> JSValue JSTestSerializationInheritFinalConstructor::prototypeForStructure(JSC::VM& vm, const JSDOMGlobalObject& globalObject)
84	85	{
85		return JSTestSerializationInherit::getConstructor(vm, &globalObject);
	86	auto result = JSTestSerializationInherit::getConstructor(vm, &globalObject);
	87	result.getObject()->didBecomePrototype();
	88	return result;
86	89	}
87	90

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp

r240557	r244708
87	87	: JSC::JSNonFinalObject(vm, structure)
88	88	{
	89	didBecomePrototype();
89	90	}
90	91

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifier.cpp

r240557	r244708
69	69	: JSC::JSNonFinalObject(vm, structure)
70	70	{
	71	didBecomePrototype();
71	72	}
72	73

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp

r240557	r244708
69	69	: JSC::JSNonFinalObject(vm, structure)
70	70	{
	71	didBecomePrototype();
71	72	}
72	73

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp

r240557	r244708
70	70	: JSC::JSNonFinalObject(vm, structure)
71	71	{
	72	didBecomePrototype();
72	73	}
73	74

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp

r240557	r244708
70	70	: JSC::JSNonFinalObject(vm, structure)
71	71	{
	72	didBecomePrototype();
72	73	}
73	74

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp

r240557	r244708
69	69	: JSC::JSNonFinalObject(vm, structure)
70	70	{
	71	didBecomePrototype();
71	72	}
72	73

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp

r240557	r244708
71	71	: JSC::JSNonFinalObject(vm, structure)
72	72	{
	73	didBecomePrototype();
73	74	}
74	75

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp

r240557	r244708
72	72	: JSC::JSNonFinalObject(vm, structure)
73	73	{
	74	didBecomePrototype();
74	75	}
75	76

trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp

r240557	r244708
115	115	: JSC::JSNonFinalObject(vm, structure)
116	116	{
	117	didBecomePrototype();
117	118	}
118	119

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 244708 in webkit

Legend:

Download in other formats: