Created attachment 545256 [details] [diff] [review] Patch Right now String/RegExp duplicate creation of their respective *.prototype objects, and of subsequent frobbing to get their empty shapes (which does not depend on its current ordering with respect to prototype or associated constructor creation). Implement a helper method to do that, and to serve as a reasonable point for future work involved in initializing prototype objects (thinking particularly of TI here). This method can't be used by JS_InitClass code path because this changes the parent of the prototype object to be the global object, and sometimes JS_InitClass is called with an object that's not the global object. This parent dependency (which none of the standard classes has -- I know ctypes does, but I think the corresponding tests are just over-asserting out of an abundance of caution) will eventually die as part of bug 638316 (if not sooner), but for right now it's a mostly-unimportant side show.
Comment on attachment 545256 [details] [diff] [review] Patch Review of attachment 545256 [details] [diff] [review]: -----------------------------------------------------------------
I should further note that this method can't be used by JS_InitClass now because it depends on the Array class being initialized with js_ArrayClass, the prototype for it being created with that class, the prototype then converting to js_SlowArrayClass when named properties are added to it, and js_SlowArrayClass then being used for the getEmptyShape call. (I will be changing this facet of oddity at a future time, distinct from the parent-identity concern noted in comment 0.)
...and more differentiation (can you stand it?): if parent_proto (maybe protoProto, memory hazy about the name) is NULL when provided to JS_InitClass, for a non-standard class, then it becomes relevant that createBlankPrototype uses WithProto::Given while the current code uses WithProto::Class. That distinction is even wrinklier to get rid of than parent identity, or Array speciality. But subsequent changing can and does make JS_InitClass's code look somewhat more similar to that in createBlankPrototype, at least.