DFG can call PutByValDirect for generic arrays
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Jan 2015 20:17:54 +0000 (20:17 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Jan 2015 20:17:54 +0000 (20:17 +0000)
commit099a943314f79e0b524b75b44f667583d0993ae3
treedb98ea6333e9419275fcd2554bca6307c0f922a4
parent68d90b019e0287cbceac954c1f701bf824c86da2
DFG can call PutByValDirect for generic arrays
https://bugs.webkit.org/show_bug.cgi?id=140389

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Computed properties in object initializers (ES6) use the put_by_val_direct operation.
However, current DFG asserts that put_by_val_direct is not used for the generic array,
the assertion failure is raised.
This patch allow DFG to use put_by_val_direct to generic arrays.

And fix the DFG put_by_val_direct implementation for string properties.
At first, put_by_val_direct is inteded to be used for spread elements.
So the property keys were limited to numbers (indexes).
But now, it's also used for computed properties in object initializers.

* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

LayoutTests:

* js/dfg-put-by-val-direct-to-generic-array-expected.txt: Added.
* js/dfg-put-by-val-direct-to-generic-array.html: Added.
* js/script-tests/dfg-put-by-val-direct-to-generic-array.js: Added.
(foo1):
(foo2):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@178370 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/js/dfg-put-by-val-direct-to-generic-array-expected.txt [new file with mode: 0644]
LayoutTests/js/dfg-put-by-val-direct-to-generic-array.html [new file with mode: 0644]
LayoutTests/js/script-tests/dfg-put-by-val-direct-to-generic-array.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp