Function prototypes can be lazily allocated. This means they go into the
temporary objects set that debug-eval uses to figure out if a write
will be side-effect free.
We were incorrectly classifying writes to function prototypes as
side-effect free because the prototype happened to be lazily allocated
when we first accessed it during debug-eval, but was actually reachable
from the function (not allocated temporarily).
To do this we introduced a way to temporarily turn off the temporary
object tracking, and we use it when lazily allocating function
prototypes.
This could mean that we incorrectly report side-effects when writing to
function prototypes for functions which were themselves created during
debug-eval side-effect free mode. However, it's unclear if this is a
problem, because function declarations set global variables which would
already throw due to side-effects.
Bug: chromium:1154193
Change-Id: I444a673662095f6deabaafdce3cdf3d86b71446d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581968
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71692}
9691c5cf15