Allow the global object to be frozen through the global template

Allow the global object to be frozen through the global template

This patch fixes two bugs in V8 to allow the global object to have a frozen proto:
- The immutable prototype map check is done on the map of the "real receiver",
  the one that's found after the hidden prototype traversal, rather than
  the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
  the global object, as passed to Context::New, is respected when instantiating
  the global object.

R=adamk
BUG=v8:5149
Committed: https://crrev.com/3a5c693310c4e565c03064302ef01d459f16b5bc
Cr-Commit-Position: refs/heads/master@{#40778}

[Dan Ehrenberg, 2016-11-03 23:30:55]

The CQ bit was checked by littledan@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-03 23:30:59]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-03 23:35:07]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-03 23:35:08]

Dry run: Try jobs failed on following builders:
  v8_presubmit on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_presubmit/builds/27809)

[Dan Ehrenberg, 2016-11-03 23:55:52]

The CQ bit was checked by littledan@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-03 23:55:58]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-04 00:24:56]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-04 00:24:59]

Dry run: This issue passed the CQ dry run.

[Dan Ehrenberg, 2016-11-04 00:50:32]

Description was changed from

==========
Allow the global object to be frozen through the proxy template

This patch fixes two bugs in V8 to allow the global object to be frozen:
- The immutable prototype map check is done on the map of the "real receiver",
  the one that's found after the hidden prototype traversal, rather than
  the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
  the global object, as passed to Context::New, is respected when instantiating
  the global object.

R=adamk
BUG=v8:5149
==========

to

==========
Allow the global object to be frozen through the global template

This patch fixes two bugs in V8 to allow the global object to have a frozen
proto:
- The immutable prototype map check is done on the map of the "real receiver",
  the one that's found after the hidden prototype traversal, rather than
  the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
  the global object, as passed to Context::New, is respected when instantiating
  the global object.

R=adamk
BUG=v8:5149
==========

[adamk, 2016-11-04 17:39:19]

https://codereview.chromium.org/2474843003/diff/20001/src/bootstrapper.cc
File src/bootstrapper.cc (right):

https://codereview.chromium.org/2474843003/diff/20001/src/bootstrapper.cc#new...
src/bootstrapper.cc:951: if (js_global_object_template->immutable_proto())
I think you can do this check inside ApiNatives::CreateApiFunction, which at
least keeps the immutable proto logic mostly in api-natives.cc.

[Dan Ehrenberg, 2016-11-04 17:56:36]

Made suggested changes; PTAL

https://codereview.chromium.org/2474843003/diff/20001/src/bootstrapper.cc
File src/bootstrapper.cc (right):

https://codereview.chromium.org/2474843003/diff/20001/src/bootstrapper.cc#new...
src/bootstrapper.cc:951: if (js_global_object_template->immutable_proto())
On 2016/11/04 at 17:39:19, adamk wrote:
> I think you can do this check inside ApiNatives::CreateApiFunction, which at
least keeps the immutable proto logic mostly in api-natives.cc.

Done

[Dan Ehrenberg, 2016-11-04 17:56:37]

Made suggested changes; PTAL

[Dan Ehrenberg, 2016-11-04 17:56:40]

The CQ bit was checked by littledan@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-04 17:56:42]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[adamk, 2016-11-04 18:06:12]

lgtm once this nit is handled

https://codereview.chromium.org/2474843003/diff/40001/src/api-natives.cc
File src/api-natives.cc (right):

https://codereview.chromium.org/2474843003/diff/40001/src/api-natives.cc#newc...
src/api-natives.cc:656: if (immutable_proto) map->set_immutable_proto(true);
Please put this down below with all the others (after the call to
SetInitialMap).

[Dan Ehrenberg, 2016-11-04 18:13:13]

The CQ bit was checked by littledan@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-04 18:13:25]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Dan Ehrenberg, 2016-11-04 18:13:37]

The CQ bit was unchecked by littledan@chromium.org

[Dan Ehrenberg, 2016-11-04 18:13:39]

The CQ bit was checked by littledan@chromium.org

[Dan Ehrenberg, 2016-11-04 18:13:39]

The patchset sent to the CQ was uploaded after l-g-t-m from adamk@chromium.org
Link to the patchset: https://codereview.chromium.org/2474843003/#ps60001
(title: "Nit cleanup")

[commit-bot: I haz the power, 2016-11-04 18:13:43]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-04 18:37:30]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2016-11-17 22:23:32]

Description was changed from

==========
Allow the global object to be frozen through the global template

This patch fixes two bugs in V8 to allow the global object to have a frozen
proto:
- The immutable prototype map check is done on the map of the "real receiver",
  the one that's found after the hidden prototype traversal, rather than
  the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
  the global object, as passed to Context::New, is respected when instantiating
  the global object.

R=adamk
BUG=v8:5149
==========

to

==========
Allow the global object to be frozen through the global template

This patch fixes two bugs in V8 to allow the global object to have a frozen
proto:
- The immutable prototype map check is done on the map of the "real receiver",
  the one that's found after the hidden prototype traversal, rather than
  the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
  the global object, as passed to Context::New, is respected when instantiating
  the global object.

R=adamk
BUG=v8:5149

Committed: https://crrev.com/3a5c693310c4e565c03064302ef01d459f16b5bc
Cr-Commit-Position: refs/heads/master@{#40778}
==========

[commit-bot: I haz the power, 2016-11-17 22:23:33]

Patchset 4 (id:??) landed as
https://crrev.com/3a5c693310c4e565c03064302ef01d459f16b5bc
Cr-Commit-Position: refs/heads/master@{#40778}