WebKit Bugzilla
Attachment 339672 Details for
Bug 145763
: Many builtin objects that are prototypes forget to set their isPrototype bit
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-145763-20180506152243.patch (text/plain), 59.29 KB, created by
Yusuke Suzuki
on 2018-05-05 23:22:44 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-05-05 23:22:44 PDT
Size:
59.29 KB
patch
obsolete
>Subversion Revision: 231399 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index b3b765d0f34ca83ccc0e51dd9a5a5549ee221710..3a02a3b0e6ee3dc1b91554ae0688821a686eed19 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,104 @@ >+2018-05-05 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ Many builtin object's that are prototypes forget to set their isPrototype bit >+ https://bugs.webkit.org/show_bug.cgi?id=145763 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Let's set TypeInfoMayBePrototype for builtin prototype objects. Instead of calling >+ `didBecomePrototype()` in finishCreation, we add TypeInfoMayBePrototype to >+ StructureFlags for prototype objects. >+ >+ * inspector/JSInjectedScriptHostPrototype.cpp: >+ (Inspector::JSInjectedScriptHostPrototype::finishCreation): >+ * inspector/JSInjectedScriptHostPrototype.h: >+ * inspector/JSJavaScriptCallFramePrototype.cpp: >+ (Inspector::JSJavaScriptCallFramePrototype::finishCreation): >+ * inspector/JSJavaScriptCallFramePrototype.h: >+ * runtime/ArrayIteratorPrototype.cpp: >+ (JSC::ArrayIteratorPrototype::finishCreation): >+ * runtime/ArrayIteratorPrototype.h: >+ * runtime/ArrayPrototype.cpp: >+ (JSC::ArrayPrototype::finishCreation): >+ * runtime/ArrayPrototype.h: >+ * runtime/AsyncFromSyncIteratorPrototype.cpp: >+ (JSC::AsyncFromSyncIteratorPrototype::finishCreation): >+ * runtime/AsyncFromSyncIteratorPrototype.h: >+ * runtime/AsyncFunctionPrototype.cpp: >+ (JSC::AsyncFunctionPrototype::finishCreation): >+ * runtime/AsyncFunctionPrototype.h: >+ * runtime/AsyncGeneratorFunctionPrototype.cpp: >+ (JSC::AsyncGeneratorFunctionPrototype::finishCreation): >+ * runtime/AsyncGeneratorFunctionPrototype.h: >+ * runtime/AsyncGeneratorPrototype.cpp: >+ (JSC::AsyncGeneratorPrototype::finishCreation): >+ * runtime/AsyncGeneratorPrototype.h: >+ * runtime/AsyncIteratorPrototype.cpp: >+ (JSC::AsyncIteratorPrototype::finishCreation): >+ * runtime/AsyncIteratorPrototype.h: >+ * runtime/BigIntPrototype.h: >+ * runtime/BooleanPrototype.h: >+ * runtime/DatePrototype.h: >+ * runtime/ErrorPrototype.h: >+ * runtime/FunctionPrototype.h: >+ * runtime/GeneratorFunctionPrototype.cpp: >+ (JSC::GeneratorFunctionPrototype::finishCreation): >+ * runtime/GeneratorFunctionPrototype.h: >+ * runtime/GeneratorPrototype.cpp: >+ (JSC::GeneratorPrototype::finishCreation): >+ * runtime/GeneratorPrototype.h: >+ * runtime/IntlCollatorPrototype.h: >+ * runtime/IntlDateTimeFormatPrototype.h: >+ * runtime/IntlNumberFormatPrototype.h: >+ * runtime/IntlPluralRulesPrototype.h: >+ * runtime/IteratorPrototype.cpp: >+ (JSC::IteratorPrototype::finishCreation): >+ * runtime/IteratorPrototype.h: >+ * runtime/JSArrayBufferPrototype.h: >+ * runtime/JSDataViewPrototype.h: >+ * runtime/JSGenericTypedArrayViewPrototype.h: >+ * runtime/JSInternalPromisePrototype.h: >+ * runtime/JSPromisePrototype.h: >+ * runtime/JSTypeInfo.h: >+ * runtime/JSTypedArrayViewPrototype.h: >+ * runtime/MapIteratorPrototype.cpp: >+ (JSC::MapIteratorPrototype::finishCreation): >+ * runtime/MapIteratorPrototype.h: >+ * runtime/MapPrototype.cpp: >+ (JSC::MapPrototype::finishCreation): >+ * runtime/MapPrototype.h: >+ * runtime/NativeErrorPrototype.h: >+ * runtime/NumberPrototype.h: >+ * runtime/ObjectPrototype.cpp: >+ (JSC::ObjectPrototype::finishCreation): >+ * runtime/ObjectPrototype.h: >+ * runtime/RegExpPrototype.h: >+ * runtime/SetIteratorPrototype.cpp: >+ (JSC::SetIteratorPrototype::finishCreation): >+ * runtime/SetIteratorPrototype.h: >+ * runtime/SetPrototype.cpp: >+ (JSC::SetPrototype::finishCreation): >+ * runtime/SetPrototype.h: >+ * runtime/StringIteratorPrototype.cpp: >+ (JSC::StringIteratorPrototype::finishCreation): >+ * runtime/StringIteratorPrototype.h: >+ * runtime/StringPrototype.h: >+ * runtime/SymbolPrototype.h: >+ * runtime/WeakMapPrototype.cpp: >+ (JSC::WeakMapPrototype::finishCreation): >+ * runtime/WeakMapPrototype.h: >+ * runtime/WeakSetPrototype.cpp: >+ (JSC::WeakSetPrototype::finishCreation): >+ * runtime/WeakSetPrototype.h: >+ * wasm/js/WebAssemblyCompileErrorPrototype.h: >+ * wasm/js/WebAssemblyInstancePrototype.h: >+ * wasm/js/WebAssemblyLinkErrorPrototype.h: >+ * wasm/js/WebAssemblyMemoryPrototype.h: >+ * wasm/js/WebAssemblyModulePrototype.h: >+ * wasm/js/WebAssemblyPrototype.h: >+ * wasm/js/WebAssemblyRuntimeErrorPrototype.h: >+ * wasm/js/WebAssemblyTablePrototype.h: >+ > 2018-05-05 Filip Pizlo <fpizlo@apple.com> > > DFG CFA phase should only do clobber asserts in debug >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 7a6d26c79c8e0fb80e2b1ce1cdedae9cdf240bb1..a7674394db7a79c3626cbc1ac100c88fdabfdaae 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,15 @@ >+2018-05-05 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ Many builtin object's that are prototypes forget to set their isPrototype bit >+ https://bugs.webkit.org/show_bug.cgi?id=145763 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Set TypeInfoMayBePrototype to prototype objects generated by IDL generator. >+ >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GeneratePrototypeDeclaration): >+ > 2018-05-05 Sam Weinig <sam@webkit.org> > > Cleanup XMLHttpRequestUpload a little >diff --git a/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.cpp b/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.cpp >index 549332962b794de867d8a026a514418def3ae9ec..811fa74fcadc4fd444abdbfb602af8fcb09e7a13 100644 >--- a/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.cpp >+++ b/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.cpp >@@ -59,7 +59,6 @@ void JSInjectedScriptHostPrototype::finishCreation(VM& vm, JSGlobalObject* globa > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("subtype", jsInjectedScriptHostPrototypeFunctionSubtype, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("functionDetails", jsInjectedScriptHostPrototypeFunctionFunctionDetails, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); >diff --git a/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.h b/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.h >index fdda9e5b28bfaff436c3d7b243cd13de9a7d0e91..7dad0cc74cdfc63b20d58dbf9378b1d8db0ca93d 100644 >--- a/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.h >+++ b/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.h >@@ -32,7 +32,7 @@ namespace Inspector { > class JSInjectedScriptHostPrototype final : public JSC::JSNonFinalObject { > public: > typedef JSC::JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot; >+ static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::TypeInfoMayBePrototype; > > DECLARE_INFO; > >diff --git a/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.cpp b/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.cpp >index 0d695d8a784f99faa52321b93230b6de30dedafa..a1d8047cfeeeea79420b651ba2d0c741eff0505e 100644 >--- a/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.cpp >+++ b/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.cpp >@@ -57,7 +57,6 @@ void JSJavaScriptCallFramePrototype::finishCreation(VM& vm, JSGlobalObject* glob > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("evaluateWithScopeExtension", jsJavaScriptCallFramePrototypeFunctionEvaluateWithScopeExtension, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("scopeDescriptions", jsJavaScriptCallFramePrototypeFunctionScopeDescriptions, static_cast<unsigned>(PropertyAttribute::DontEnum), 0); >diff --git a/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.h b/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.h >index 6fc1f9f387f50cc0bc650432d487263bc3957e8d..cb02b31ab40725c5b315a6c581e458beb643ef46 100644 >--- a/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.h >+++ b/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.h >@@ -32,7 +32,7 @@ namespace Inspector { > class JSJavaScriptCallFramePrototype final : public JSC::JSNonFinalObject { > public: > typedef JSC::JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot; >+ static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::TypeInfoMayBePrototype; > > DECLARE_INFO; > >diff --git a/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp >index b4e62a9028505b80853a7f67b58cd9d07769fdfa..3a6c12838af4e19ee23caef692f30587f97264fe 100644 >--- a/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp >@@ -50,7 +50,6 @@ void ArrayIteratorPrototype::finishCreation(VM& vm, JSGlobalObject*) > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Array Iterator"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > // ------------------------------ Array Functions ---------------------------- >diff --git a/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.h b/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.h >index 2551e974c65773c518e1928ff1682af37f986cba..213d5a83a3078a53d9630eed320bc3fec07272f2 100644 >--- a/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.h >@@ -32,7 +32,7 @@ namespace JSC { > class ArrayIteratorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = HasStaticPropertyTable | Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static ArrayIteratorPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >index 3e2843feae1ed344383f69a495540cfbb5a97756..27f0a26e9e545634f9c622cdb27caf90c58ceb33 100644 >--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >@@ -81,7 +81,6 @@ void ArrayPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > putDirectWithoutTransition(vm, vm.propertyNames->toString, globalObject->arrayProtoToStringFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().valuesPublicName(), globalObject->arrayProtoValuesFunction(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.h b/Source/JavaScriptCore/runtime/ArrayPrototype.h >index b0fd8a585e7ef39824a04aa381c4958306b3b18f..47503c52019b53772fc4f4e17cbb6378f76e9325 100644 >--- a/Source/JavaScriptCore/runtime/ArrayPrototype.h >+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.h >@@ -34,6 +34,7 @@ class ArrayPrototype final : public JSArray { > > public: > typedef JSArray Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > enum class SpeciesWatchpointStatus { > Uninitialized, >diff --git a/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.cpp >index 0ec9a5ead82b8a890689729adf61a9c30d60088d..658a12d8ec4a76354d9b8130fc2e246a5843c763 100644 >--- a/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.cpp >@@ -44,7 +44,6 @@ void AsyncFromSyncIteratorPrototype::finishCreation(VM& vm, JSGlobalObject* glob > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION("next", asyncFromSyncIteratorPrototypeNextCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum)); > JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION("return", asyncFromSyncIteratorPrototypeReturnCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum)); >diff --git a/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.h b/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.h >index b7e1531d6ce9e2e56687e3d9eab93c23fe355e98..fb82daca717ef2e68bf9276ef63628d43723cd9e 100644 >--- a/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/AsyncFromSyncIteratorPrototype.h >@@ -31,6 +31,7 @@ namespace JSC { > class AsyncFromSyncIteratorPrototype final : public JSNonFinalObject { > public: > using Base = JSNonFinalObject; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > DECLARE_INFO; > >diff --git a/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.cpp b/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.cpp >index 94b4c021c1279401ddf87d023ececb57ec43100a..f9e00ed7a176468358ce5f90689c8f8b199b2606 100644 >--- a/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.cpp >@@ -50,7 +50,6 @@ void AsyncFunctionPrototype::finishCreation(VM& vm) > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(0), PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "AsyncFunction"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.h b/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.h >index 77308a9d30c48c64b38d41dc456fb6675baab478..0b6812bda37fe32cac6f1d9058cfcda92e04b5c4 100644 >--- a/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.h >+++ b/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class AsyncFunctionPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > DECLARE_INFO; > >diff --git a/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.cpp b/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.cpp >index b911f77e9fa1677747a059c49cd42610f9b59ddb..380ffa0ebe5b4b96ee149e7d079c18e3841686e7 100644 >--- a/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.cpp >@@ -50,7 +50,6 @@ void AsyncGeneratorFunctionPrototype::finishCreation(VM& vm) > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(0), PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "AsyncGeneratorFunction"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.h b/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.h >index 70fb5137f01e6b550a652b87411da729b3013284..7658f567a14bd960a668e93824170b20425f811c 100644 >--- a/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.h >+++ b/Source/JavaScriptCore/runtime/AsyncGeneratorFunctionPrototype.h >@@ -31,7 +31,7 @@ namespace JSC { > class AsyncGeneratorFunctionPrototype final : public JSNonFinalObject { > public: > using Base = JSNonFinalObject; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > DECLARE_INFO; > >diff --git a/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.cpp b/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.cpp >index 37ceea512f5f782166af2eb072f778636a05249a..9db3254bd58e935371b98d93bb890a43316e0ce3 100644 >--- a/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.cpp >@@ -49,7 +49,6 @@ void AsyncGeneratorPrototype::finishCreation(VM& vm) > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "AsyncGenerator"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.h b/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.h >index 69ff15979893b5c6ec90ab80116d4d9991cf5ffd..05dc30db87339659713f8ffd40d3fb411f9acd02 100644 >--- a/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/AsyncGeneratorPrototype.h >@@ -34,7 +34,7 @@ namespace JSC { > class AsyncGeneratorPrototype final : public JSNonFinalObject { > public: > using Base = JSNonFinalObject; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static AsyncGeneratorPrototype* create(VM& vm, JSGlobalObject*, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp >index 800cfa09641c0ca2808f056012eda3d0232237f7..9e2b7a63f94611c30ee698861b25e388169b3d97 100644 >--- a/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp >@@ -39,7 +39,6 @@ void AsyncIteratorPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSFunction* asyncIteratorPrototypeFunction = JSFunction::create(vm, asyncIteratorPrototypeSymbolAsyncIteratorGetterCodeGenerator(vm), globalObject); > putDirectWithoutTransition(vm, vm.propertyNames->asyncIteratorSymbol, asyncIteratorPrototypeFunction, static_cast<unsigned>(PropertyAttribute::DontEnum)); >diff --git a/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.h b/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.h >index 166137589dc790c7b41fdbb4c04369609cc1a763..1b119c885557bcf6c4fb042ac2269cd0d1274217 100644 >--- a/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.h >@@ -32,7 +32,7 @@ namespace JSC { > class AsyncIteratorPrototype final : public JSNonFinalObject { > public: > using Base = JSNonFinalObject; >- static const unsigned StructureFlags = Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static AsyncIteratorPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/BigIntPrototype.h b/Source/JavaScriptCore/runtime/BigIntPrototype.h >index 626fff660afe1da5126e7f45c699872e85a22cc9..cb3df569ea86c4cd6e65287f2a02fb932e346e60 100644 >--- a/Source/JavaScriptCore/runtime/BigIntPrototype.h >+++ b/Source/JavaScriptCore/runtime/BigIntPrototype.h >@@ -33,7 +33,7 @@ namespace JSC { > class BigIntPrototype final : public JSNonFinalObject { > public: > using Base = JSNonFinalObject; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static BigIntPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/BooleanPrototype.h b/Source/JavaScriptCore/runtime/BooleanPrototype.h >index d8db049a7c26b920a08f7ce696f0f23d85c3484e..7e098a5228132c1dee8853cdfaef66892c7f6833 100644 >--- a/Source/JavaScriptCore/runtime/BooleanPrototype.h >+++ b/Source/JavaScriptCore/runtime/BooleanPrototype.h >@@ -27,7 +27,7 @@ namespace JSC { > class BooleanPrototype final : public BooleanObject { > public: > typedef BooleanObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static BooleanPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/DatePrototype.h b/Source/JavaScriptCore/runtime/DatePrototype.h >index 8a5fcfffd2143cd55696256ac562338dca26ad35..0996a02212e7f6c15d26f30d1569fb0e29359df8 100644 >--- a/Source/JavaScriptCore/runtime/DatePrototype.h >+++ b/Source/JavaScriptCore/runtime/DatePrototype.h >@@ -32,7 +32,7 @@ class DatePrototype final : public JSNonFinalObject { > > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static DatePrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/ErrorPrototype.h b/Source/JavaScriptCore/runtime/ErrorPrototype.h >index 2f0b4b6fce3ddc96fe9bdc37fe644defc38329c1..c46166238da6dba14bc3874540340b10728023a1 100644 >--- a/Source/JavaScriptCore/runtime/ErrorPrototype.h >+++ b/Source/JavaScriptCore/runtime/ErrorPrototype.h >@@ -29,7 +29,7 @@ class ObjectPrototype; > class ErrorPrototype : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static ErrorPrototype* create(VM& vm, JSGlobalObject*, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/FunctionPrototype.h b/Source/JavaScriptCore/runtime/FunctionPrototype.h >index 10899bdb95204ae784797e90f8f971a794a04ec1..e3014e8f425f45e4f91759c2fdf6911b948fdc75 100644 >--- a/Source/JavaScriptCore/runtime/FunctionPrototype.h >+++ b/Source/JavaScriptCore/runtime/FunctionPrototype.h >@@ -27,6 +27,7 @@ namespace JSC { > class FunctionPrototype final : public InternalFunction { > public: > typedef InternalFunction Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static FunctionPrototype* create(VM& vm, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.cpp b/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.cpp >index 0418ceefe3c49f31c646ec69fc913f1c3fb2a22c..421787aecf315d4170952c6cb277833831d3e074 100644 >--- a/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.cpp >@@ -52,7 +52,6 @@ void GeneratorFunctionPrototype::finishCreation(VM& vm) > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(0), PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "GeneratorFunction"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.h b/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.h >index 484e785f72062501e80257ae37926e4a4e608aba..753df04386c1c192bd25ee252244d10f92c057df 100644 >--- a/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.h >+++ b/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.h >@@ -34,6 +34,7 @@ namespace JSC { > class GeneratorFunctionPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static GeneratorFunctionPrototype* create(VM& vm, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp b/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp >index dcd292dda82aae6bcc2109793119a9c091a15ea7..13741485ecd505b6c2654a40523f62c0db21995d 100644 >--- a/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp >@@ -49,7 +49,6 @@ void GeneratorPrototype::finishCreation(VM& vm) > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Generator"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/GeneratorPrototype.h b/Source/JavaScriptCore/runtime/GeneratorPrototype.h >index b398c6488fca5ab51750b517c80f6e50fac3beff..0c6f3b115f9069cc3a6164e1062f18673b06727c 100644 >--- a/Source/JavaScriptCore/runtime/GeneratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/GeneratorPrototype.h >@@ -34,7 +34,7 @@ namespace JSC { > class GeneratorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static GeneratorPrototype* create(VM& vm, JSGlobalObject*, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/IntlCollatorPrototype.h b/Source/JavaScriptCore/runtime/IntlCollatorPrototype.h >index f3e974c04b89cdbbd4f421c585e293e7f3d02f66..d0239b7876d38054ad919a5a705410a394169bae 100644 >--- a/Source/JavaScriptCore/runtime/IntlCollatorPrototype.h >+++ b/Source/JavaScriptCore/runtime/IntlCollatorPrototype.h >@@ -34,7 +34,7 @@ namespace JSC { > class IntlCollatorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static IntlCollatorPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.h b/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.h >index cc0e16bcb8cc8773f10a33d7a6bc6faf4c06108a..cc5539423a43148bf3f1342d797017842840191e 100644 >--- a/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.h >+++ b/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.h >@@ -34,7 +34,7 @@ namespace JSC { > class IntlDateTimeFormatPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static IntlDateTimeFormatPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.h b/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.h >index 4e25ed49dbb2a2f03f2659c282ad17d02f43680e..e66ea2e1d47e3ee5babb5245df788179c28a77f6 100644 >--- a/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.h >+++ b/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.h >@@ -34,7 +34,7 @@ namespace JSC { > class IntlNumberFormatPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static IntlNumberFormatPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.h b/Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.h >index f3cba8121a02c41f7e0d323a8a73393332334b96..f5461b1aa903227536a69b0cdc2bca3b905e4388 100644 >--- a/Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.h >+++ b/Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.h >@@ -34,7 +34,7 @@ namespace JSC { > class IntlPluralRulesPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static IntlPluralRulesPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/runtime/IteratorPrototype.cpp b/Source/JavaScriptCore/runtime/IteratorPrototype.cpp >index 678f5356fe426744e0dc6ae55a836f83b7f4b622..716c844c36a1de9555d0c1e6db7b6da9a7bf7f4f 100644 >--- a/Source/JavaScriptCore/runtime/IteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/IteratorPrototype.cpp >@@ -39,7 +39,6 @@ void IteratorPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->iteratorSymbol, iteratorPrototypeSymbolIteratorGetterCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum)); > } >diff --git a/Source/JavaScriptCore/runtime/IteratorPrototype.h b/Source/JavaScriptCore/runtime/IteratorPrototype.h >index 5ccaa31d384e04bfee24cfdd1db94aa924b053ce..f5f76307a964c98dcffa58c89a235b346b1450e0 100644 >--- a/Source/JavaScriptCore/runtime/IteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/IteratorPrototype.h >@@ -32,7 +32,7 @@ namespace JSC { > class IteratorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static IteratorPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h b/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h >index 4550bf87717edaa26620ae530759c54f074e0ebc..82de8f527924d50194b4350bbba77b2e1daf3298 100644 >--- a/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h >+++ b/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class JSArrayBufferPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > protected: > JSArrayBufferPrototype(VM&, Structure*, ArrayBufferSharingMode); >diff --git a/Source/JavaScriptCore/runtime/JSDataViewPrototype.h b/Source/JavaScriptCore/runtime/JSDataViewPrototype.h >index db89eacaf114a292f237f00d107e70279392e2f4..8aafcea023a37b9f952dcab3a18c251ff71859b8 100644 >--- a/Source/JavaScriptCore/runtime/JSDataViewPrototype.h >+++ b/Source/JavaScriptCore/runtime/JSDataViewPrototype.h >@@ -32,7 +32,7 @@ namespace JSC { > class JSDataViewPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > protected: > JSDataViewPrototype(VM&, Structure*); >diff --git a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.h b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.h >index 4e1eb7d8834cbc5de72cd6cc6b1d24b46143c5b6..1e2028e90a3c5ac6518fa0a2d95329628cb884b5 100644 >--- a/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.h >+++ b/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.h >@@ -33,6 +33,7 @@ template<typename ViewClass> > class JSGenericTypedArrayViewPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > protected: > JSGenericTypedArrayViewPrototype(VM&, Structure*); >diff --git a/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.h b/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.h >index 6fee9982b8201b28f7ce205490622c7baa049bf0..a739b7f996a4167f2d68e227db74879ab90bd734 100644 >--- a/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.h >+++ b/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.h >@@ -32,7 +32,7 @@ namespace JSC { > class JSInternalPromisePrototype final : public JSPromisePrototype { > public: > typedef JSPromisePrototype Base; >- static const unsigned StructureFlags = Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static JSInternalPromisePrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/runtime/JSPromisePrototype.h b/Source/JavaScriptCore/runtime/JSPromisePrototype.h >index 9b9fda8c082a0dc132d0afa32ae85c149f4030b7..c8d85cd884c45fb521199f11cfe771c656d22ddb 100644 >--- a/Source/JavaScriptCore/runtime/JSPromisePrototype.h >+++ b/Source/JavaScriptCore/runtime/JSPromisePrototype.h >@@ -32,7 +32,7 @@ namespace JSC { > class JSPromisePrototype : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static JSPromisePrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/runtime/JSTypeInfo.h b/Source/JavaScriptCore/runtime/JSTypeInfo.h >index fc4bb445f616dcfbe5731c78552e53702197bd56..a4c143c1145c829c32abf0e0dd77eef223425299 100644 >--- a/Source/JavaScriptCore/runtime/JSTypeInfo.h >+++ b/Source/JavaScriptCore/runtime/JSTypeInfo.h >@@ -43,7 +43,7 @@ static const unsigned TypeOfShouldCallGetCallData = 1 << 2; // Need this flag if > static const unsigned OverridesGetOwnPropertySlot = 1 << 3; > static const unsigned OverridesToThis = 1 << 4; // If this is false then this returns something other than 'this'. Non-object cells that are visible to JS have this set as do some exotic objects. > static const unsigned HasStaticPropertyTable = 1 << 5; >-static const unsigned TypeInfoMayBePrototype = 1 << 7; // Unlike other inline flags, this will only be set on the cell itself and will not be set on the Structure. >+static const unsigned TypeInfoMayBePrototype = 1 << 7; // Unlike other inline flags, this can only be set on the cell itself. If this flag can be set on the structures if structure is always used for builtin prototype objects. > > // Out of line flags. > >diff --git a/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.h b/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.h >index 4e334314229fe08f99b39ec6f5083ad78f947072..5ccc8e28243341d9a95fecaeca8bf8877f4a646c 100644 >--- a/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.h >+++ b/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class JSTypedArrayViewPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > protected: > JSTypedArrayViewPrototype(VM&, Structure*); >diff --git a/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp >index aa577b7ab56bd729edd1631809f9ad84960fd282..918b5c6c3adbc4c9d739a971f872f088298aa321 100644 >--- a/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp >@@ -37,7 +37,6 @@ void MapIteratorPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION("next", mapIteratorPrototypeNextCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Map Iterator"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >diff --git a/Source/JavaScriptCore/runtime/MapIteratorPrototype.h b/Source/JavaScriptCore/runtime/MapIteratorPrototype.h >index c0a8f2d6cd63efdc408edd01aaff70b9927f0a4a..ed7a8b754f93cbdc9ab192ce5e03f0c8e0f38de4 100644 >--- a/Source/JavaScriptCore/runtime/MapIteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/MapIteratorPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class MapIteratorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static MapIteratorPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/MapPrototype.cpp b/Source/JavaScriptCore/runtime/MapPrototype.cpp >index 53568b7a3aae4b126cce339d32d0470eea76a183..310ba069b268d2fed87cffd0bd3ed63c028432b8 100644 >--- a/Source/JavaScriptCore/runtime/MapPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/MapPrototype.cpp >@@ -60,7 +60,6 @@ void MapPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->clear, mapProtoFuncClear, static_cast<unsigned>(PropertyAttribute::DontEnum), 0); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->deleteKeyword, mapProtoFuncDelete, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); >diff --git a/Source/JavaScriptCore/runtime/MapPrototype.h b/Source/JavaScriptCore/runtime/MapPrototype.h >index 8ac199a15b0fce2de16ba5b6ced1aee2b42d02ff..ec838898bc6c71ced0b3cff38f9181aeb6c3182e 100644 >--- a/Source/JavaScriptCore/runtime/MapPrototype.h >+++ b/Source/JavaScriptCore/runtime/MapPrototype.h >@@ -32,8 +32,7 @@ namespace JSC { > class MapPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- >- static const unsigned StructureFlags = HasStaticPropertyTable | Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static MapPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/NativeErrorPrototype.h b/Source/JavaScriptCore/runtime/NativeErrorPrototype.h >index e6c2b5a57c0eaa8821a7bc9240ceb21b2b31e79a..094027d5372ff86dd50e981150d70871b5a77413 100644 >--- a/Source/JavaScriptCore/runtime/NativeErrorPrototype.h >+++ b/Source/JavaScriptCore/runtime/NativeErrorPrototype.h >@@ -32,6 +32,7 @@ class NativeErrorPrototype final : public ErrorPrototype { > > public: > typedef ErrorPrototype Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static NativeErrorPrototype* create(VM& vm, Structure* structure, const String& name, NativeErrorConstructor* constructor) > { >diff --git a/Source/JavaScriptCore/runtime/NumberPrototype.h b/Source/JavaScriptCore/runtime/NumberPrototype.h >index 27c70e53f3f865d8b0c420b28db050b719f58ec9..2699c72028f9e57bb26c9be812afe4147538660b 100644 >--- a/Source/JavaScriptCore/runtime/NumberPrototype.h >+++ b/Source/JavaScriptCore/runtime/NumberPrototype.h >@@ -27,7 +27,7 @@ namespace JSC { > class NumberPrototype final : public NumberObject { > public: > typedef NumberObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static NumberPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/ObjectPrototype.cpp b/Source/JavaScriptCore/runtime/ObjectPrototype.cpp >index 2a12df5530cff7d9b4fe323ad27b875814de4cb1..0dcd3767655da67bb1c657aaa2e46d3e0d765ed4 100644 >--- a/Source/JavaScriptCore/runtime/ObjectPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ObjectPrototype.cpp >@@ -56,7 +56,6 @@ void ObjectPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->toString, objectProtoFuncToString, static_cast<unsigned>(PropertyAttribute::DontEnum), 0); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->toLocaleString, objectProtoFuncToLocaleString, static_cast<unsigned>(PropertyAttribute::DontEnum), 0); >diff --git a/Source/JavaScriptCore/runtime/ObjectPrototype.h b/Source/JavaScriptCore/runtime/ObjectPrototype.h >index b70a86580540f0cbc1214d044b0eebe17f8a3b95..85a765b0c8a063dbe86982417c2bd7d70fdc8c5e 100644 >--- a/Source/JavaScriptCore/runtime/ObjectPrototype.h >+++ b/Source/JavaScriptCore/runtime/ObjectPrototype.h >@@ -27,7 +27,7 @@ namespace JSC { > class ObjectPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | IsImmutablePrototypeExoticObject; >+ static const unsigned StructureFlags = Base::StructureFlags | IsImmutablePrototypeExoticObject | TypeInfoMayBePrototype; > > static ObjectPrototype* create(VM&, JSGlobalObject*, Structure*); > >diff --git a/Source/JavaScriptCore/runtime/RegExpPrototype.h b/Source/JavaScriptCore/runtime/RegExpPrototype.h >index 5cc84902fb978c2666dbdac691da1a409d6ac99b..aed92e9887adac1f39ada2144866a2cd02855d4f 100644 >--- a/Source/JavaScriptCore/runtime/RegExpPrototype.h >+++ b/Source/JavaScriptCore/runtime/RegExpPrototype.h >@@ -28,7 +28,7 @@ namespace JSC { > class RegExpPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static RegExpPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp >index 9819ee22c24576288fe1caf3e21621b96ee28878..c4ddce37933eab68ed7cf6bdb38962da4aabb308 100644 >--- a/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp >@@ -37,7 +37,6 @@ void SetIteratorPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION("next", setIteratorPrototypeNextCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Set Iterator"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >diff --git a/Source/JavaScriptCore/runtime/SetIteratorPrototype.h b/Source/JavaScriptCore/runtime/SetIteratorPrototype.h >index 58a29bd8536cb79464785a04b522dd57be50873e..b4ab6b54987d492cde329b4ef8282709cfd670eb 100644 >--- a/Source/JavaScriptCore/runtime/SetIteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/SetIteratorPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class SetIteratorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static SetIteratorPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/SetPrototype.cpp b/Source/JavaScriptCore/runtime/SetPrototype.cpp >index 2934396087e68bf38c918731804f6f6e70b07d6c..e38f24d388fd503d7e4270f9c4143c4fd3c20e58 100644 >--- a/Source/JavaScriptCore/runtime/SetPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/SetPrototype.cpp >@@ -59,7 +59,6 @@ void SetPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->add, setProtoFuncAdd, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, JSSetAddIntrinsic); > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->clear, setProtoFuncClear, static_cast<unsigned>(PropertyAttribute::DontEnum), 0); >diff --git a/Source/JavaScriptCore/runtime/SetPrototype.h b/Source/JavaScriptCore/runtime/SetPrototype.h >index 650bfa7cc8cf3aeb1891844167d5cc7c86e8b264..e00d0137d23220deaddc9dd1cb31b5687d1a4265 100644 >--- a/Source/JavaScriptCore/runtime/SetPrototype.h >+++ b/Source/JavaScriptCore/runtime/SetPrototype.h >@@ -32,8 +32,7 @@ namespace JSC { > class SetPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- >- static const unsigned StructureFlags = HasStaticPropertyTable | Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static SetPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp >index 6ac0bef40fc2740b19883c934d8c5e8a6db53874..a8559716d126e5a00c2a090a7990cf070dba9a30 100644 >--- a/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp >@@ -49,7 +49,6 @@ void StringIteratorPrototype::finishCreation(VM& vm, JSGlobalObject*) > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "String Iterator"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >- didBecomePrototype(); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/StringIteratorPrototype.h b/Source/JavaScriptCore/runtime/StringIteratorPrototype.h >index 45abc52df6c29d167d746a6dff7811f8b3afa643..e72adb007145343b33dedbe098b4c04a62dd40c7 100644 >--- a/Source/JavaScriptCore/runtime/StringIteratorPrototype.h >+++ b/Source/JavaScriptCore/runtime/StringIteratorPrototype.h >@@ -33,7 +33,7 @@ namespace JSC { > class StringIteratorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static StringIteratorPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/StringPrototype.h b/Source/JavaScriptCore/runtime/StringPrototype.h >index 7b62db2b0b93b6de1fed3bf5205880fe8564ed8b..e68916a7bd10a72eb0457b6d0072c0cb9b9718f9 100644 >--- a/Source/JavaScriptCore/runtime/StringPrototype.h >+++ b/Source/JavaScriptCore/runtime/StringPrototype.h >@@ -35,7 +35,7 @@ class StringPrototype final : public StringObject { > > public: > typedef StringObject Base; >- static const unsigned StructureFlags = HasStaticPropertyTable | Base::StructureFlags; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static StringPrototype* create(VM&, JSGlobalObject*, Structure*); > >diff --git a/Source/JavaScriptCore/runtime/SymbolPrototype.h b/Source/JavaScriptCore/runtime/SymbolPrototype.h >index 3b8709b77d148213ec14c207b6fccb55bd554111..449876dce916bf7a28902784b6463c2dbc735d3d 100644 >--- a/Source/JavaScriptCore/runtime/SymbolPrototype.h >+++ b/Source/JavaScriptCore/runtime/SymbolPrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class SymbolPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static SymbolPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp b/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp >index 55ca0284dc29da166e4b2c0ff7c4762670856b9e..adfb193c26ba984ea4a6d611b26807a86578c49b 100644 >--- a/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp >@@ -42,7 +42,6 @@ void WeakMapPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->deleteKeyword, protoFuncWeakMapDelete, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->get, protoFuncWeakMapGet, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, JSWeakMapGetIntrinsic); >diff --git a/Source/JavaScriptCore/runtime/WeakMapPrototype.h b/Source/JavaScriptCore/runtime/WeakMapPrototype.h >index ccea537dc0de69b289d1e2b4a1eeac505d3fe62a..21712b293fc1e7e09912e759e9eb791ddebed640 100644 >--- a/Source/JavaScriptCore/runtime/WeakMapPrototype.h >+++ b/Source/JavaScriptCore/runtime/WeakMapPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class WeakMapPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static WeakMapPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp b/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp >index 1413ae6b1ba29336e2b42788f84000b4f5364b61..691bc9eb99aac64409553b5e00f9f704d5f2361f 100644 >--- a/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp >@@ -41,7 +41,6 @@ void WeakSetPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > { > Base::finishCreation(vm); > ASSERT(inherits(vm, info())); >- didBecomePrototype(); > > JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->deleteKeyword, protoFuncWeakSetDelete, static_cast<unsigned>(PropertyAttribute::DontEnum), 1); > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->has, protoFuncWeakSetHas, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, JSWeakSetHasIntrinsic); >diff --git a/Source/JavaScriptCore/runtime/WeakSetPrototype.h b/Source/JavaScriptCore/runtime/WeakSetPrototype.h >index 62bcd245f9ad108c1c0926e20c3500323fb1fdcb..a07f81c88a988c08921c11fc1867021519709b46 100644 >--- a/Source/JavaScriptCore/runtime/WeakSetPrototype.h >+++ b/Source/JavaScriptCore/runtime/WeakSetPrototype.h >@@ -32,6 +32,7 @@ namespace JSC { > class WeakSetPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >+ static const unsigned StructureFlags = Base::StructureFlags | TypeInfoMayBePrototype; > > static WeakSetPrototype* create(VM& vm, JSGlobalObject* globalObject, Structure* structure) > { >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.h >index 92edb8243e545a1ff805c88acd3b835c4419f7c9..db97753d56823d551cc2c7e0b4b282074008583c 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyCompileErrorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyCompileErrorPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.h >index 130cd5e313213c9776ba37b3800e681f501b4311..e77b8c8f654c359fec4a4e9ce849627b2f4f6af3 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyInstancePrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyInstancePrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.h >index 1841c42ca9a911ff7d74f2cc90b0608ee2513efc..e7baab2307c501911b01607e00b6adc1363be1b6 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyLinkErrorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyLinkErrorPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.h >index 96e31fb4a3870087b2e54ed1e3b2f5d2cd09b343..e5d5a36043721433fae3faab4ed6c785956da975 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyMemoryPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyMemoryPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.h >index 233ad751814054a79acb6a9f601f262034a7279f..c6d8d562c6881050330b303ca7a8bcad5751c165 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyModulePrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyModulePrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.h >index 5f7c56a6933faae85bc9ec215f92a0d3842a2898..78a8dc0848c27decc10ac1767afbd0bd4056dadc 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.h >@@ -36,7 +36,7 @@ namespace JSC { > class WebAssemblyPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.h >index 7356ffff91e48e27240b12b83832ac132e7fd9cd..c4d5c44bc42d44e9271d026ac8ddf4bec6d6c4b4 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyRuntimeErrorPrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyRuntimeErrorPrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.h b/Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.h >index 8f22c4fc3e419c4993fd168bbd4a600e0b1d2fe4..118003126715a7e964b022de48249884f911a69b 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.h >@@ -35,7 +35,7 @@ namespace JSC { > class WebAssemblyTablePrototype final : public JSNonFinalObject { > public: > typedef JSNonFinalObject Base; >- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable; >+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | TypeInfoMayBePrototype; > > static WebAssemblyTablePrototype* create(VM&, JSGlobalObject*, Structure*); > static Structure* createStructure(VM&, JSGlobalObject*, JSValue); >diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >index 30a374c2824fa2608242aa38710984202b5d0ec0..f1fe1817ac240667c7d5cfa2844dd93047c19edc 100644 >--- a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >+++ b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >@@ -6922,6 +6922,8 @@ sub GeneratePrototypeDeclaration > my $prototypeClassName = "${className}Prototype"; > > my %structureFlags = (); >+ $structureFlags{"JSC::TypeInfoMayBePrototype"} = 1; >+ > push(@$outputArray, "class ${prototypeClassName} : public JSC::JSNonFinalObject {\n"); > push(@$outputArray, "public:\n"); > push(@$outputArray, " using Base = JSC::JSNonFinalObject;\n");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=339672">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 145763
:
339672
|
339673
|
339681