Always use JSFunction::SetPrototype for prototype initialization
This patch removes JSFunction::SetInstancePrototype() from JSFunction's public API and makes it an implementation detail of SetPrototype(). Also clear out constructor field of JSFunction Map when transitioning from non-instance prototype to instance prototype. Change-Id: If51d37bf6047b51b934d1b370fb52bb5cf5ffed4 Reviewed-on: https://chromium-review.googlesource.com/483961 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44821}
This commit is contained in:
Adam Klein
Commit Bot
parent
56b337f7e6
commit
84dc8ed4c3
@ -2469,7 +2469,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
|
||||
{ // -- J S O N
|
||||
Handle<String> name = factory->InternalizeUtf8String("JSON");
|
||||
Handle<JSFunction> cons = factory->NewFunction(name);
|
||||
JSFunction::SetInstancePrototype(cons, isolate->initial_object_prototype());
|
||||
JSFunction::SetPrototype(cons, isolate->initial_object_prototype());
|
||||
Handle<JSObject> json_object = factory->NewJSObject(cons, TENURED);
|
||||
DCHECK(json_object->IsJSObject());
|
||||
JSObject::AddProperty(global, name, json_object, DONT_ENUM);
|
||||
@ -2485,7 +2485,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
|
||||
{ // -- M a t h
|
||||
Handle<String> name = factory->InternalizeUtf8String("Math");
|
||||
Handle<JSFunction> cons = factory->NewFunction(name);
|
||||
JSFunction::SetInstancePrototype(cons, isolate->initial_object_prototype());
|
||||
JSFunction::SetPrototype(cons, isolate->initial_object_prototype());
|
||||
Handle<JSObject> math = factory->NewJSObject(cons, TENURED);
|
||||
DCHECK(math->IsJSObject());
|
||||
JSObject::AddProperty(global, name, math, DONT_ENUM);
|
||||
@ -2555,7 +2555,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
|
||||
Handle<String> name = factory->InternalizeUtf8String("console");
|
||||
Handle<JSFunction> cons = factory->NewFunction(name);
|
||||
Handle<JSObject> empty = factory->NewJSObject(isolate->object_function());
|
||||
JSFunction::SetInstancePrototype(cons, empty);
|
||||
JSFunction::SetPrototype(cons, empty);
|
||||
Handle<JSObject> console = factory->NewJSObject(cons, TENURED);
|
||||
DCHECK(console->IsJSObject());
|
||||
JSObject::AddProperty(global, name, console, DONT_ENUM);
|
||||
@ -2603,7 +2603,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
|
||||
{ // -- I n t l
|
||||
Handle<String> name = factory->InternalizeUtf8String("Intl");
|
||||
Handle<JSFunction> cons = factory->NewFunction(name);
|
||||
JSFunction::SetInstancePrototype(cons, isolate->initial_object_prototype());
|
||||
JSFunction::SetPrototype(cons, isolate->initial_object_prototype());
|
||||
Handle<JSObject> intl = factory->NewJSObject(cons, TENURED);
|
||||
DCHECK(intl->IsJSObject());
|
||||
JSObject::AddProperty(global, name, intl, DONT_ENUM);
|
||||
@ -3889,7 +3889,7 @@ void Genesis::InitializeGlobal_harmony_sharedarraybuffer() {
|
||||
|
||||
Handle<String> name = factory->InternalizeUtf8String("Atomics");
|
||||
Handle<JSFunction> cons = factory->NewFunction(name);
|
||||
JSFunction::SetInstancePrototype(cons, isolate->initial_object_prototype());
|
||||
JSFunction::SetPrototype(cons, isolate->initial_object_prototype());
|
||||
Handle<JSObject> atomics_object = factory->NewJSObject(cons, TENURED);
|
||||
DCHECK(atomics_object->IsJSObject());
|
||||
JSObject::AddProperty(global, name, atomics_object, DONT_ENUM);
|
||||
|
||||
@ -12627,10 +12627,10 @@ Handle<Object> CacheInitialJSArrayMaps(
|
||||
return initial_map;
|
||||
}
|
||||
|
||||
void JSFunction::SetInstancePrototype(Handle<JSFunction> function,
|
||||
Handle<JSReceiver> value) {
|
||||
Isolate* isolate = function->GetIsolate();
|
||||
namespace {
|
||||
|
||||
void SetInstancePrototype(Isolate* isolate, Handle<JSFunction> function,
|
||||
Handle<JSReceiver> value) {
|
||||
// Now some logic for the maps of the objects that are created by using this
|
||||
// function as a constructor.
|
||||
if (function->has_initial_map()) {
|
||||
@ -12681,11 +12681,13 @@ void JSFunction::SetInstancePrototype(Handle<JSFunction> function,
|
||||
isolate->heap()->ClearInstanceofCache();
|
||||
}
|
||||
|
||||
} // anonymous namespace
|
||||
|
||||
void JSFunction::SetPrototype(Handle<JSFunction> function,
|
||||
Handle<Object> value) {
|
||||
DCHECK(function->IsConstructor() ||
|
||||
IsGeneratorFunction(function->shared()->kind()));
|
||||
Isolate* isolate = function->GetIsolate();
|
||||
Handle<JSReceiver> construct_prototype;
|
||||
|
||||
// If the value is not a JSReceiver, store the value in the map's
|
||||
@ -12701,7 +12703,6 @@ void JSFunction::SetPrototype(Handle<JSFunction> function,
|
||||
JSObject::MigrateToMap(function, new_map);
|
||||
new_map->SetConstructor(*value);
|
||||
new_map->set_non_instance_prototype(true);
|
||||
Isolate* isolate = new_map->GetIsolate();
|
||||
|
||||
FunctionKind kind = function->shared()->kind();
|
||||
Handle<Context> native_context(function->context()->native_context());
|
||||
@ -12715,10 +12716,13 @@ void JSFunction::SetPrototype(Handle<JSFunction> function,
|
||||
isolate);
|
||||
} else {
|
||||
construct_prototype = Handle<JSReceiver>::cast(value);
|
||||
function->map()->set_non_instance_prototype(false);
|
||||
if (function->map()->has_non_instance_prototype()) {
|
||||
function->map()->set_non_instance_prototype(false);
|
||||
function->map()->SetConstructor(isolate->heap()->null_value());
|
||||
}
|
||||
}
|
||||
|
||||
SetInstancePrototype(function, construct_prototype);
|
||||
SetInstancePrototype(isolate, function, construct_prototype);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -6944,8 +6944,6 @@ class JSFunction: public JSObject {
|
||||
inline Object* instance_prototype();
|
||||
static void SetPrototype(Handle<JSFunction> function,
|
||||
Handle<Object> value);
|
||||
static void SetInstancePrototype(Handle<JSFunction> function,
|
||||
Handle<JSReceiver> value);
|
||||
|
||||
// After prototype is removed, it will not be created when accessed, and
|
||||
// [[Construct]] from this function will not be allowed.
|
||||
|
||||
@ -865,7 +865,7 @@ void WasmJs::Install(Isolate* isolate) {
|
||||
// Setup WebAssembly
|
||||
Handle<String> name = v8_str(isolate, "WebAssembly");
|
||||
Handle<JSFunction> cons = factory->NewFunction(name);
|
||||
JSFunction::SetInstancePrototype(cons, isolate->initial_object_prototype());
|
||||
JSFunction::SetPrototype(cons, isolate->initial_object_prototype());
|
||||
cons->shared()->set_instance_class_name(*name);
|
||||
Handle<JSObject> webassembly = factory->NewJSObject(cons, TENURED);
|
||||
PropertyAttributes attributes = static_cast<PropertyAttributes>(DONT_ENUM);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user