[proxies] Make Object.prototype.isPrototypeOf work with proxies.

src/runtime/runtime-debug.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/runtime/runtime-utils.h"
 
 #include "src/arguments.h"
 #include "src/debug/debug.h"
 #include "src/debug/debug-evaluate.h"
 #include "src/debug/debug-frames.h"
@@ skipping 1332 matching lines @@
   }
 
   // Return result as a JS array.
   Handle<JSObject> result =
       isolate->factory()->NewJSObject(isolate->array_function());
   JSArray::SetContent(Handle<JSArray>::cast(result), instances);
   return *result;
 }
 
 
+static bool HasInPrototypeChainIgnoringProxies(Isolate* isolate, Object* object,
+                                               Object* proto) {
+  PrototypeIterator iter(isolate, object, PrototypeIterator::START_AT_RECEIVER);
+  while (true) {
+    iter.AdvanceIgnoringProxies();
+    if (iter.IsAtEnd()) return false;
+    if (iter.IsAtEnd(proto)) return true;
+  }
+}
+
+
 // Scan the heap for objects with direct references to an object
 // args[0]: the object to find references to
 // args[1]: constructor function for instances to exclude (Mirror)
 // args[2]: the the maximum number of objects to return
 RUNTIME_FUNCTION(Runtime_DebugReferencedBy) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 3);
   CONVERT_ARG_HANDLE_CHECKED(JSObject, target, 0);
   CONVERT_ARG_HANDLE_CHECKED(Object, filter, 1);
   RUNTIME_ASSERT(filter->IsUndefined() || filter->IsJSObject());
   CONVERT_NUMBER_CHECKED(int32_t, max_references, Int32, args[2]);
   RUNTIME_ASSERT(max_references >= 0);
 
   List<Handle<JSObject> > instances;
   Heap* heap = isolate->heap();
   {
     HeapIterator iterator(heap, HeapIterator::kFilterUnreachable);
     // Get the constructor function for context extension and arguments array.
     Object* arguments_fun = isolate->sloppy_arguments_map()->GetConstructor();
     HeapObject* heap_obj;
     while ((heap_obj = iterator.next())) {
       if (!heap_obj->IsJSObject()) continue;
       JSObject* obj = JSObject::cast(heap_obj);
       if (obj->IsJSContextExtensionObject()) continue;
       if (obj->map()->GetConstructor() == arguments_fun) continue;
       if (!obj->ReferencesObject(*target)) continue;
       // Check filter if supplied. This is normally used to avoid
       // references from mirror objects.
       if (!filter->IsUndefined() &&
-          obj->HasInPrototypeChain(isolate, *filter)) {
+          HasInPrototypeChainIgnoringProxies(isolate, obj, *filter)) {
         continue;
       }
       if (obj->IsJSGlobalObject()) {
         obj = JSGlobalObject::cast(obj)->global_proxy();
       }
       instances.Add(Handle<JSObject>(obj));
       if (instances.length() == max_references) break;
     }
     // Iterate the rest of the heap to satisfy HeapIterator constraints.
     while (iterator.next()) {
@@ skipping 297 matching lines @@
   return Smi::FromInt(isolate->debug()->is_active());
 }
 
 
 RUNTIME_FUNCTION(Runtime_DebugBreakInOptimizedCode) {
   UNIMPLEMENTED();
   return NULL;
 }
 }  // namespace internal
 }  // namespace v8