Ignore:
Timestamp:
Jan 13, 2015, 12:17:54 PM (11 years ago)
Author:
Yusuke Suzuki
Message:

DFG can call PutByValDirect for generic arrays
https://bugs.webkit.org/show_bug.cgi?id=140389

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Computed properties in object initializers (ES6) use the put_by_val_direct operation.
However, current DFG asserts that put_by_val_direct is not used for the generic array,
the assertion failure is raised.
This patch allow DFG to use put_by_val_direct to generic arrays.

And fix the DFG put_by_val_direct implementation for string properties.
At first, put_by_val_direct is inteded to be used for spread elements.
So the property keys were limited to numbers (indexes).
But now, it's also used for computed properties in object initializers.

  • dfg/DFGOperations.cpp:

(JSC::DFG::operationPutByValInternal):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

LayoutTests:

  • js/dfg-put-by-val-direct-to-generic-array-expected.txt: Added.
  • js/dfg-put-by-val-direct-to-generic-array.html: Added.
  • js/script-tests/dfg-put-by-val-direct-to-generic-array.js: Added.

(foo1):
(foo2):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r178143 r178370  
    25642564            break;
    25652565        case Array::Generic: {
    2566             DFG_ASSERT(m_jit.graph(), node, node->op() == PutByVal);
     2566            DFG_ASSERT(m_jit.graph(), node, node->op() == PutByVal || node->op() == PutByValDirect);
    25672567           
    25682568            JSValueOperand arg1(this, child1);
Note: See TracChangeset for help on using the changeset viewer.