[proxies] Make Object.prototype.isPrototypeOf work with proxies.

src/runtime/runtime-debug.cc

Index: src/runtime/runtime-debug.cc
diff --git a/src/runtime/runtime-debug.cc b/src/runtime/runtime-debug.cc
index fd99b6ddc5589788bc1fed996d6a201aa1bb5038..f87ba84d5a46ffdfcdc87903465f8916d85fbdb0 100644
--- a/src/runtime/runtime-debug.cc
+++ b/src/runtime/runtime-debug.cc
@@ -1372,18 +1372,19 @@ RUNTIME_FUNCTION(Runtime_DebugReferencedBy) {
     HeapObject* heap_obj;
     while ((heap_obj = iterator.next())) {
       if (!heap_obj->IsJSObject()) continue;
-      JSObject* obj = JSObject::cast(heap_obj);
+      Handle<JSObject> obj(JSObject::cast(heap_obj));
       if (obj->IsJSContextExtensionObject()) continue;
       if (obj->map()->GetConstructor() == arguments_fun) continue;
       if (!obj->ReferencesObject(*target)) continue;
       // Check filter if supplied. This is normally used to avoid
       // references from mirror objects.
-      if (!filter->IsUndefined() &&
-          obj->HasInPrototypeChain(isolate, *filter)) {
-        continue;
+      if (!filter->IsUndefined()) {
+        Maybe<bool> maybe = Object::HasInPrototypeChain(isolate, obj, filter);

[Toon Verwaest, 2015/12/03 11:29:02]

Debug methods are not supposed to have side-effects.

[Toon Verwaest, 2015/12/03 11:30:32]

Plus we are iterating the heap. Allocating here could be pretty bad.

+        MAYBE_RETURN(maybe, isolate->heap()->exception());
+        if (maybe.FromJust()) continue;
       }
       if (obj->IsJSGlobalObject()) {
-        obj = JSGlobalObject::cast(obj)->global_proxy();
+        obj = handle(JSGlobalObject::cast(*obj)->global_proxy());
       }
       instances.Add(Handle<JSObject>(obj));
       if (instances.length() == max_references) break;