When inlining NewSymbol in the DFG don't universally call ToString on the input
https://bugs.webkit.org/show_bug.cgi?id=232754
Reviewed by Robin Morisset.
JSTests:
- stress/inline-new-symbol-dfg-undefined-first-arg.js: Added.
(assert):
(foo):
Source/JavaScriptCore:
When inlining Symbol(x) in the DFG, we were always calling ToString on x.
However, this is wrong spec wise. If x is undefined, the symbol should
produce a description value of undefined, but calling ToString on x was causing
us to produce a description with the string "undefined".
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::clobberize):
- dfg/DFGClobbersExitState.cpp:
(JSC::DFG::clobbersExitState):
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGMayExit.cpp:
- dfg/DFGNodeType.h:
- dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewSymbol):
(JSC::FTL::DFG::LowerDFGToB3::compileNewSymbol):
