Skip type-check-hoisting-phase-hoist... with no jit
[WebKit-https.git] / JSTests / ChangeLog
1 2019-01-14  Keith Miller  <keith_miller@apple.com>
2
3         Skip type-check-hoisting-phase-hoist... with no jit
4         https://bugs.webkit.org/show_bug.cgi?id=193421
5
6         Reviewed by Mark Lam.
7
8         It's timing out the 32-bit bots and takes 330 seconds
9         on my machine when run by itself.
10
11         * stress/type-check-hoisting-phase-hoist-check-structure-on-tdz-this-value.js:
12
13 2019-01-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
14
15         [JSC] AI should check the given constant's array type when folding GetByVal into constant
16         https://bugs.webkit.org/show_bug.cgi?id=193413
17         <rdar://problem/46092389>
18
19         Reviewed by Keith Miller.
20
21         This test is super flaky. It causes crash in r238109, but it does not crash with `--useConcurrentJIT=false`.
22         It does not cause any crashes on the latest revision too. Basically, it highly depends on the timing, and
23         without this patch, the root cause is not fixed yet. If GetLocal is turned into JSConstant in AI,
24         but GetByVal does not have appropriate ArrayModes, JSC crashes.
25
26         * stress/ai-should-perform-array-check-on-get-by-val-constant-folding.js: Added.
27         (compareArray):
28
29 2019-01-14  Caio Lima  <ticaiolima@gmail.com>
30
31         [BigInt] Literal parsing is crashing when used inside a Object Literal
32         https://bugs.webkit.org/show_bug.cgi?id=193404
33
34         Reviewed by Yusuke Suzuki.
35
36         * stress/big-int-literal-inside-literal-object.js: Added.
37
38 2019-01-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
39
40         [JSC] Do not use asArrayModes() with Structures because it discards TypedArray information
41         https://bugs.webkit.org/show_bug.cgi?id=193372
42
43         Reviewed by Saam Barati.
44
45         * stress/typed-array-array-modes-profile.js: Added.
46         (foo):
47
48 2019-01-14  Mark Lam  <mark.lam@apple.com>
49
50         Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change).
51         https://bugs.webkit.org/show_bug.cgi?id=193402
52         <rdar://problem/46012309>
53
54         Reviewed by Keith Miller.
55
56         * stress/regexp-compile-oom.js:
57         - Skip this test for !$jitTests because it is tuned for stack usage when the JIT
58           is enabled.  As a result, it will fail on cloop builds though there is no bug.
59
60 2019-01-11  Saam barati  <sbarati@apple.com>
61
62         DFG combined liveness can be wrong for terminal basic blocks
63         https://bugs.webkit.org/show_bug.cgi?id=193304
64         <rdar://problem/45268632>
65
66         Reviewed by Yusuke Suzuki.
67
68         * stress/dfg-combined-liveness-consider-terminal-blocks-bytecode-liveness.js: Added.
69
70 2019-01-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
71
72         [JSC] Global lexical bindings can shadow global variables if it is `configurable = true`
73         https://bugs.webkit.org/show_bug.cgi?id=193308
74         <rdar://problem/45546542>
75
76         Reviewed by Saam Barati.
77
78         * stress/const-lexical-binding-shadow-existing-global-property-ftl.js: Added.
79         (shouldThrow):
80         (shouldBe):
81         (foo):
82         (get shouldThrow):
83         * stress/const-lexical-binding-shadow-existing-global-property-tdz-ftl.js: Added.
84         (shouldThrow):
85         (shouldBe):
86         (foo):
87         (get shouldBe):
88         (get shouldThrow):
89         (get return):
90         * stress/const-lexical-binding-shadow-existing-global-property-tdz.js: Added.
91         (shouldThrow):
92         (shouldBe):
93         (foo):
94         (get shouldBe):
95         (get shouldThrow):
96         * stress/const-lexical-binding-shadow-existing-global-property.js: Added.
97         (shouldThrow):
98         (shouldBe):
99         (foo):
100         * stress/const-lexical-binding-shadowing-global-properties-and-eval-injection.js: Added.
101         (shouldThrow):
102         (shouldBe):
103         (foo):
104         * stress/global-add-function-should-not-be-shadowed-by-lexical-bindings.js: Added.
105         (shouldThrow):
106         * stress/global-static-variables-should-not-be-shadowed-by-lexical-bindings.js: Added.
107         (shouldThrow):
108         * stress/let-lexical-binding-shadow-existing-global-property-ftl.js: Added.
109         (shouldThrow):
110         (shouldBe):
111         (foo):
112         * stress/let-lexical-binding-shadow-existing-global-property-tdz-ftl.js: Added.
113         (shouldThrow):
114         (shouldBe):
115         (foo):
116         (get shouldBe):
117         (get shouldThrow):
118         (get return):
119         * stress/let-lexical-binding-shadow-existing-global-property-tdz.js: Added.
120         (shouldThrow):
121         (shouldBe):
122         (foo):
123         (get shouldBe):
124         (get shouldThrow):
125         * stress/let-lexical-binding-shadow-existing-global-property.js: Added.
126         (shouldThrow):
127         (shouldBe):
128         (foo):
129         * stress/let-lexical-binding-shadowing-global-properties-and-eval-injection.js: Added.
130         (shouldThrow):
131         (shouldBe):
132         (foo):
133
134 2019-01-11  Dominik Infuehr  <dinfuehr@igalia.com>
135
136         Enable DFG on ARM/Linux again
137         https://bugs.webkit.org/show_bug.cgi?id=192496
138
139         Reviewed by Yusuke Suzuki.
140
141         Test wasn't really skipped before moving the line with skip
142         to the top.
143
144         * stress/regress-192717.js:
145
146 2019-01-10  Commit Queue  <commit-queue@webkit.org>
147
148         Unreviewed, rolling out r239825.
149         https://bugs.webkit.org/show_bug.cgi?id=193330
150
151         Broke tests on armv7/linux bots (Requested by guijemont on
152         #webkit).
153
154         Reverted changeset:
155
156         "Enable DFG on ARM/Linux again"
157         https://bugs.webkit.org/show_bug.cgi?id=192496
158         https://trac.webkit.org/changeset/239825
159
160 2019-01-10  Dominik Infuehr  <dinfuehr@igalia.com>
161
162         Enable DFG on ARM/Linux again
163         https://bugs.webkit.org/show_bug.cgi?id=192496
164
165         Reviewed by Yusuke Suzuki.
166
167         Test wasn't really skipped before moving the line with skip
168         to the top.
169
170         * stress/regress-192717.js:
171
172 2019-01-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
173
174         Array.prototype.flat/flatMap have a minor bug in ArraySpeciesCreate
175         https://bugs.webkit.org/show_bug.cgi?id=193127
176
177         Reviewed by Saam Barati.
178
179         * stress/array-species-create-should-handle-masquerader.js: Added.
180         (shouldThrow):
181         * stress/is-undefined-or-null-builtin.js: Added.
182         (shouldBe):
183         (isUndefinedOrNull.vm.createBuiltin):
184
185 2019-01-08  Tadeu Zagallo  <tzagallo@apple.com>
186
187         LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
188         https://bugs.webkit.org/show_bug.cgi?id=193221
189
190         Reviewed by Mark Lam.
191
192         * stress/put-by-id-flags.js: Added.
193         (f):
194         (g):
195         (numberOfDFGCompiles):
196
197 2019-01-04  Tadeu Zagallo  <tzagallo@apple.com>
198
199         Baseline version of get_by_id may corrupt metadata
200         https://bugs.webkit.org/show_bug.cgi?id=193085
201         <rdar://problem/23453006>
202
203         Reviewed by Saam Barati.
204
205         * stress/get-by-id-change-mode.js: Added.
206         (forEach):
207
208 2019-01-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
209
210         [JSC] Optimize Object.prototype.toString
211         https://bugs.webkit.org/show_bug.cgi?id=193031
212
213         Reviewed by Saam Barati.
214
215         * stress/object-tostring-changed-proto.js: Added.
216         (shouldBe):
217         (test):
218         * stress/object-tostring-changed.js: Added.
219         (shouldBe):
220         (test):
221         * stress/object-tostring-misc.js: Added.
222         (shouldBe):
223         (test):
224         (i.switch):
225         * stress/object-tostring-other.js: Added.
226         (shouldBe):
227         (test):
228         * stress/object-tostring-untyped.js: Added.
229         (shouldBe):
230         (test):
231         (i.switch):
232
233 2019-01-03  Ross Kirsling  <ross.kirsling@sony.com>
234
235         test262-runner misbehaves when test file YAML has a trailing space
236         https://bugs.webkit.org/show_bug.cgi?id=193053
237
238         Reviewed by Yusuke Suzuki.
239
240         * test262/expectations.yaml:
241         Mark two dozen tests as passing (and correct the output of another).
242
243 2018-12-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
244
245         Unreviewed, JSTests gardening with memoryLimited
246
247         * stress/string-overflow-createError.js:
248
249 2018-12-30  Ross Kirsling  <ross.kirsling@sony.com>
250
251         [JSC] Identifier validity should be based on ID_Start / ID_Continue properties
252         https://bugs.webkit.org/show_bug.cgi?id=193050
253
254         Reviewed by Yusuke Suzuki.
255
256         * test262.yaml:
257         * test262/expectations.yaml:
258         Mark 16 tests as passing.
259
260 2018-12-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
261
262         [BigInt] Support BigInt in JSON.stringify
263         https://bugs.webkit.org/show_bug.cgi?id=192624
264
265         Reviewed by Saam Barati.
266
267         * stress/big-int-json-stringify-to-json.js: Added.
268         (shouldBe):
269         (shouldThrow):
270         (BigInt.prototype.toJSON):
271         (shouldBe.JSON.stringify):
272         * stress/big-int-json-stringify.js: Added.
273         (shouldBe):
274         (shouldThrow):
275
276 2018-12-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
277
278         [JSC] Implement "well-formed JSON.stringify" proposal
279         https://bugs.webkit.org/show_bug.cgi?id=191677
280
281         Reviewed by Darin Adler.
282
283         * stress/json-surrogate-pair.js: Added.
284         (shouldBe):
285         * test262/expectations.yaml:
286
287 2018-12-20  Keith Miller  <keith_miller@apple.com>
288
289         Add support for globalThis
290         https://bugs.webkit.org/show_bug.cgi?id=165171
291
292         Reviewed by Mark Lam.
293
294         * test262/config.yaml:
295
296 2018-12-19  Keith Miller  <keith_miller@apple.com>
297
298         Update test262 configuration to not run tests dependent on ICU version.
299         https://bugs.webkit.org/show_bug.cgi?id=192920
300
301         Reviewed by Saam Barati.
302
303         * test262/expectations.yaml:
304
305 2018-12-20  Mark Lam  <mark.lam@apple.com>
306
307         Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
308         https://bugs.webkit.org/show_bug.cgi?id=192939
309         <rdar://problem/46869516>
310
311         Reviewed by Keith Miller.
312
313         * stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js: Added.
314
315 2018-12-20  Tadeu Zagallo  <tzagallo@apple.com>
316
317         WTF::String and StringImpl overflow MaxLength
318         https://bugs.webkit.org/show_bug.cgi?id=192853
319         <rdar://problem/45726906>
320
321         Reviewed by Mark Lam.
322
323         * stress/string-16bit-repeat-overflow.js: Added.
324         (catch):
325
326 2018-12-19  Ross Kirsling  <ross.kirsling@sony.com>
327
328         Unreviewed follow-up to r192914.
329
330         * test262/expectations.yaml:
331         Add the last 20 missing expectations.
332
333 2018-12-19  Keith Miller  <keith_miller@apple.com>
334
335         Fix test262 expectations
336         https://bugs.webkit.org/show_bug.cgi?id=192914
337
338         Unreviewed, when I imported the latest round of test262 tests I must have failed to update the test expectations.
339
340         * test262/expectations.yaml:
341
342 2018-12-19  Keith Miller  <keith_miller@apple.com>
343
344         Update test262 tests.
345         https://bugs.webkit.org/show_bug.cgi?id=192907
346
347         Rubber stamped by Mark Lam.
348
349         * test262/*: Omitted because prepare-changelog crashes.
350
351 2018-12-19  Mark Lam  <mark.lam@apple.com>
352
353         JSPropertyNameEnumerator should cache the iterated object's structure only after getting its property names.
354         https://bugs.webkit.org/show_bug.cgi?id=192464
355         <rdar://problem/46519455>
356
357         Reviewed by Saam Barati.
358
359         This patch is about a 10% speed up on the new for-in-on-object-with-lazily-materialized-properties.js
360         microbenchmark.
361
362         * microbenchmarks/for-in-on-object-with-lazily-materialized-properties.js: Added.
363         * stress/property-name-enumerator-should-cache-structure-after-getting-property-names.js: Added.
364
365 2018-12-19  Tadeu Zagallo  <tzagallo@apple.com>
366
367         String overflow in JSC::createError results in ASSERT in WTF::makeString
368         https://bugs.webkit.org/show_bug.cgi?id=192833
369         <rdar://problem/45706868>
370
371         Reviewed by Mark Lam.
372
373         * stress/string-overflow-createError.js: Added.
374
375 2018-12-18  Ross Kirsling  <ross.kirsling@sony.com>
376
377         Error message for `-x ** y` contains a typo.
378         https://bugs.webkit.org/show_bug.cgi?id=192832
379
380         Reviewed by Saam Barati.
381
382         * ChakraCore/test/UnitTestFramework/UnitTestFramework.js:
383         (assert.assert.return.throws):
384         * stress/pow-expects-update-expression-on-lhs.js:
385         (throw.new.Error):
386         Update test expectations which match against the exact error message.
387
388 2018-12-18  Mark Lam  <mark.lam@apple.com>
389
390         Gardening: test options fix.
391         https://bugs.webkit.org/show_bug.cgi?id=192822
392
393         Unreviewed.
394
395         * stress/json-stringify-string-builder-overflow.js:
396
397 2018-12-18  Mark Lam  <mark.lam@apple.com>
398
399         JSON.stringify() should throw OOM on StringBuilder overflows.
400         https://bugs.webkit.org/show_bug.cgi?id=192822
401         <rdar://problem/46670577>
402
403         Reviewed by Saam Barati.
404
405         * stress/json-stringify-string-builder-overflow.js: Added.
406
407 2018-12-18  Ross Kirsling  <ross.kirsling@sony.com>
408
409         Redeclaration of var over let/const/class should be a syntax error.
410         https://bugs.webkit.org/show_bug.cgi?id=192298
411
412         Reviewed by Keith Miller.
413
414         * test262.yaml:
415         * test262/expectations.yaml:
416         Mark 46 tests as passing.
417
418         * stress/block-scope-redeclarations.js:
419         Add some new tests.
420
421         * stress/for-in-invalidate-context-weird-assignments.js:
422         * stress/for-in-tests.js:
423         Replace tests for outdated behavior with tests for SyntaxError.
424
425         * ChakraCore/test/LetConst/defer3.baseline-jsc:
426         * ChakraCore/test/LetConst/letvar.baseline-jsc:
427         Update expectations.
428
429 2018-12-18  Mark Lam  <mark.lam@apple.com>
430
431         Skip the stress/elidable-new-object-roflcopter-then-exit.js test on 32-bit.
432         https://bugs.webkit.org/show_bug.cgi?id=191374
433         <rdar://problem/46525447>
434
435         Reviewed by Yusuke Suzuki.
436
437         This test runs too slow on 32-bit, and is not relevant for non-JIT builds.
438
439         * stress/elidable-new-object-roflcopter-then-exit.js:
440
441 2018-12-17  Mark Lam  <mark.lam@apple.com>
442
443         Skip the stress/materialized-regexp-has-correct-last-index-set-by-match.js test on 32-bit.
444         https://bugs.webkit.org/show_bug.cgi?id=192019
445         <rdar://problem/46525456>
446
447         Reviewed by Yusuke Suzuki.
448
449         The test runs too slow on 32-bit.
450
451         * stress/materialized-regexp-has-correct-last-index-set-by-match.js:
452
453 2018-12-17  Mark Lam  <mark.lam@apple.com>
454
455         Skip the stress/materialize-regexp-cyclic-regexp.js test on 32-bit.
456         https://bugs.webkit.org/show_bug.cgi?id=191373
457         <rdar://problem/46525458>
458
459         Reviewed by Yusuke Suzuki.
460
461         The test is already slow running with a JIT on 64-bit.  It will always timeout
462         on 32-bit without a JIT.
463
464         * stress/materialize-regexp-cyclic-regexp.js:
465
466 2018-12-17  Mark Lam  <mark.lam@apple.com>
467
468         Array unshift/shift should not race against the AI in the compiler thread.
469         https://bugs.webkit.org/show_bug.cgi?id=192795
470         <rdar://problem/46724263>
471
472         Reviewed by Saam Barati.
473
474         * stress/array-unshift-should-not-race-against-compiler-thread.js: Added.
475
476 2018-12-16  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
477
478         [JSC] Optimize Object.keys by caching own keys results in StructureRareData
479         https://bugs.webkit.org/show_bug.cgi?id=190047
480
481         Reviewed by Saam Barati.
482
483         * stress/object-keys-cached-zero.js: Added.
484         (shouldBe):
485         (test):
486         * stress/object-keys-changed-attribute.js: Added.
487         (shouldBe):
488         (test):
489         * stress/object-keys-changed-index.js: Added.
490         (shouldBe):
491         (test):
492         * stress/object-keys-changed.js: Added.
493         (shouldBe):
494         (test):
495         * stress/object-keys-indexed-non-cache.js: Added.
496         (shouldBe):
497         (test):
498         * stress/object-keys-overrides-get-property-names.js: Added.
499         (shouldBe):
500         (test):
501         (noInline):
502
503 2018-12-17  Mark Lam  <mark.lam@apple.com>
504
505         SamplingProfiler's isValidFramePointer() should reject address at stack origin.
506         https://bugs.webkit.org/show_bug.cgi?id=192779
507         <rdar://problem/46775869>
508
509         Reviewed by Saam Barati.
510
511         * stress/sampling-profiler-should-not-sample-beyond-stack-bounds.js: Added.
512
513 2018-12-17  Ryan Haddad  <ryanhaddad@apple.com>
514
515         Unreviewed test gardening, address a syntax error in a new test.
516
517         * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js:
518
519 2018-12-17  Mark Lam  <mark.lam@apple.com>
520
521         Suppress ASAN on valid stack accesses in Probe-based OSRExit::executeOSRExit().
522         https://bugs.webkit.org/show_bug.cgi?id=192776
523         <rdar://problem/46772368>
524
525         Reviewed by Keith Miller.
526
527         * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js: Added.
528
529 2018-12-17  Mark Lam  <mark.lam@apple.com>
530
531         Fix stale assertion in attemptToForceStringArrayModeByToStringConversion().
532         https://bugs.webkit.org/show_bug.cgi?id=192770
533         <rdar://problem/46449037>
534
535         Reviewed by Keith Miller.
536
537         * stress/force-string-arrayMode-on-originalNonArray-array-class.js: Added.
538
539 2018-12-14  Mark Lam  <mark.lam@apple.com>
540
541         CallFrame::convertToStackOverflowFrame() needs to keep the top CodeBlock alive.
542         https://bugs.webkit.org/show_bug.cgi?id=192717
543         <rdar://problem/46660677>
544
545         Reviewed by Saam Barati.
546
547         * stress/regress-192717.js: Added.
548
549 2018-12-14  Commit Queue  <commit-queue@webkit.org>
550
551         Unreviewed, rolling out r239153, r239154, and r239155.
552         https://bugs.webkit.org/show_bug.cgi?id=192715
553
554         Caused flaky GC-related crashes seen with layout tests
555         (Requested by ryanhaddad on #webkit).
556
557         Reverted changesets:
558
559         "[JSC] Optimize Object.keys by caching own keys results in
560         StructureRareData"
561         https://bugs.webkit.org/show_bug.cgi?id=190047
562         https://trac.webkit.org/changeset/239153
563
564         "Unreviewed, build fix after r239153"
565         https://bugs.webkit.org/show_bug.cgi?id=190047
566         https://trac.webkit.org/changeset/239154
567
568         "Unreviewed, build fix after r239153, part 2"
569         https://bugs.webkit.org/show_bug.cgi?id=190047
570         https://trac.webkit.org/changeset/239155
571
572 2018-12-14  Keith Miller  <keith_miller@apple.com>
573
574         Callers of JSString::getIndex should check for OOM exceptions
575         https://bugs.webkit.org/show_bug.cgi?id=192709
576
577         Reviewed by Mark Lam.
578
579         * stress/StringObject-define-length-getter-rope-string-oom.js: Added.
580
581 2018-12-13  Mark Lam  <mark.lam@apple.com>
582
583         Add a missing exception check.
584         https://bugs.webkit.org/show_bug.cgi?id=192626
585         <rdar://problem/46662163>
586
587         Reviewed by Keith Miller.
588
589         * stress/regress-192626.js: Added.
590
591 2018-12-13  Caio Lima  <ticaiolima@gmail.com>
592
593         [BigInt] Add ValueDiv into DFG
594         https://bugs.webkit.org/show_bug.cgi?id=186178
595
596         Reviewed by Yusuke Suzuki.
597
598         * stress/big-int-div-jit-osr.js: Added.
599         * stress/big-int-div-jit-untyped.js: Added.
600         * stress/value-div-fixup-int32-big-int.js: Added.
601
602 2018-12-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
603
604         [JSC] Optimize Object.keys by caching own keys results in StructureRareData
605         https://bugs.webkit.org/show_bug.cgi?id=190047
606
607         Reviewed by Keith Miller.
608
609         * stress/object-keys-cached-zero.js: Added.
610         (shouldBe):
611         (test):
612         * stress/object-keys-changed-attribute.js: Added.
613         (shouldBe):
614         (test):
615         * stress/object-keys-changed-index.js: Added.
616         (shouldBe):
617         (test):
618         * stress/object-keys-changed.js: Added.
619         (shouldBe):
620         (test):
621         * stress/object-keys-indexed-non-cache.js: Added.
622         (shouldBe):
623         (test):
624         * stress/object-keys-overrides-get-property-names.js: Added.
625         (shouldBe):
626         (test):
627         (noInline):
628
629 2018-12-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
630
631         [DFG][FTL] Add NewSymbol
632         https://bugs.webkit.org/show_bug.cgi?id=192620
633
634         Reviewed by Saam Barati.
635
636         * microbenchmarks/symbol-creation.js: Added.
637         (test):
638         * stress/symbol-description-identity.js: Added.
639         (shouldBe):
640         (test):
641         * stress/symbol-identity.js: Added.
642         (shouldBe):
643         (test):
644         * stress/symbol-with-description-throw-error.js: Added.
645         (shouldBe):
646         (shouldThrow):
647         (test):
648         (object.toString):
649
650 2018-12-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
651
652         [BigInt] Implement DFG/FTL typeof for BigInt
653         https://bugs.webkit.org/show_bug.cgi?id=192619
654
655         Reviewed by Keith Miller.
656
657         * stress/big-int-boolean-proven-type.js: Added.
658         (assert):
659         (bool):
660         * stress/big-int-type-of-proven-type-non-constant-including-symbol.js: Added.
661         (assert):
662         (typeOf):
663         (i.switch):
664         * stress/big-int-type-of-proven-type-non-constant.js: Added.
665         (assert):
666         (typeOf):
667         * stress/big-int-type-of.js:
668         (typeOf):
669         (func):
670
671 2018-12-10  Mark Lam  <mark.lam@apple.com>
672
673         PropertyAttribute needs a CustomValue bit.
674         https://bugs.webkit.org/show_bug.cgi?id=191993
675         <rdar://problem/46264467>
676
677         Reviewed by Saam Barati.
678
679         * stress/regress-191993.js: Added.
680
681 2018-12-10  Caio Lima  <ticaiolima@gmail.com>
682
683         [BigInt] Add ValueMul into DFG
684         https://bugs.webkit.org/show_bug.cgi?id=186175
685
686         Reviewed by Yusuke Suzuki.
687
688         * stress/big-int-mul-jit-osr.js: Added.
689         * stress/big-int-mul-jit-untyped.js: Added.
690         * stress/value-mul-fixup-int32-big-int.js: Added.
691
692 2018-12-06  Keith Miller  <keith_miller@apple.com>
693
694         stress/big-wasm-memory tests failing on 32-bit JSC bot
695         https://bugs.webkit.org/show_bug.cgi?id=192020
696
697         Reviewed by Saam Barati.
698
699         Not every platform has WebAssembly, e.g. 32-bit, so we should exit
700         the wasm stress tests if the WebAssembly object does not exist.
701
702         * stress/big-wasm-memory-grow-no-max.js:
703         (test.foo):
704         (test):
705         (foo): Deleted.
706         (catch): Deleted.
707         * stress/big-wasm-memory-grow.js:
708         (test.foo):
709         (test):
710         (foo): Deleted.
711         (catch): Deleted.
712         * stress/big-wasm-memory.js:
713         (test.foo):
714         (test):
715         (foo): Deleted.
716         (catch): Deleted.
717
718 2018-12-05  Mark Lam  <mark.lam@apple.com>
719
720         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
721         https://bugs.webkit.org/show_bug.cgi?id=192441
722         <rdar://problem/46480355>
723
724         Reviewed by Saam Barati.
725
726         * stress/regress-192441.js: Added.
727
728 2018-12-04  Mark Lam  <mark.lam@apple.com>
729
730         DFG's StrengthReduction phase should not reduce Construct into DirectContruct when the executable does not have constructAbility.
731         https://bugs.webkit.org/show_bug.cgi?id=192386
732         <rdar://problem/46445516>
733
734         Reviewed by Saam Barati.
735
736         * stress/regress-192386.js: Added.
737
738 2018-12-04  Caio Lima  <ticaiolima@gmail.com>
739
740         [ESNext][BigInt] Support logic operations
741         https://bugs.webkit.org/show_bug.cgi?id=179903
742
743         Reviewed by Yusuke Suzuki.
744
745         * stress/big-int-branch-usage.js: Added.
746         * stress/big-int-logical-and.js: Added.
747         * stress/big-int-logical-not.js: Added.
748         * stress/big-int-logical-or.js: Added.
749
750 2018-12-03  Ryan Haddad  <ryanhaddad@apple.com>
751
752         Unreviewed, rolling out r238833.
753
754         Breaks macOS and iOS debug builds.
755
756         Reverted changeset:
757
758         "[ESNext][BigInt] Support logic operations"
759         https://bugs.webkit.org/show_bug.cgi?id=179903
760         https://trac.webkit.org/changeset/238833
761
762 2018-12-03  Caio Lima  <ticaiolima@gmail.com>
763
764         [ESNext][BigInt] Support logic operations
765         https://bugs.webkit.org/show_bug.cgi?id=179903
766
767         Reviewed by Yusuke Suzuki.
768
769         * stress/big-int-branch-usage.js: Added.
770         * stress/big-int-logical-and.js: Added.
771         * stress/big-int-logical-not.js: Added.
772         * stress/big-int-logical-or.js: Added.
773
774 2018-12-02  Caio Lima  <ticaiolima@gmail.com>
775
776         [ESNext][BigInt] Implement support for "<<" and ">>"
777         https://bugs.webkit.org/show_bug.cgi?id=186233
778
779         Reviewed by Yusuke Suzuki.
780
781         * stress/big-int-left-shift-general.js: Added.
782         * stress/big-int-left-shift-range-error.js: Added.
783         * stress/big-int-left-shift-type-error.js: Added.
784         * stress/big-int-left-shift-wrapped-value.js: Added.
785         * stress/big-int-right-shift-general.js: Added.
786         * stress/big-int-right-shift-type-error.js: Added.
787         * stress/big-int-right-shift-wrapped-value.js: Added.
788         * stress/left-shift-to-primitive-precedence.js: Added.
789         * stress/right-shift-to-primitive-precedence.js: Added.
790
791 2018-11-30  Dean Jackson  <dino@apple.com>
792
793         Add first-class support for .mjs files in jsc binary
794         https://bugs.webkit.org/show_bug.cgi?id=192190
795         <rdar://problem/46375715>
796
797         Reviewed by Keith Miller.
798
799         * stress/simple-module.mjs: Added.
800         * stress/simple-script.js: Added.
801
802 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
803
804         [BigInt] Implement ValueBitXor into DFG
805         https://bugs.webkit.org/show_bug.cgi?id=190264
806
807         Reviewed by Yusuke Suzuki.
808
809         * stress/big-int-bitwise-xor-jit.js: Added.
810         * stress/big-int-bitwise-xor-memory-stress.js: Added.
811         * stress/big-int-bitwise-xor-untyped.js: Added.
812
813 2018-11-27  Saam barati  <sbarati@apple.com>
814
815         r238510 broke scopes of size zero
816         https://bugs.webkit.org/show_bug.cgi?id=192033
817         <rdar://problem/46281734>
818
819         Reviewed by Keith Miller.
820
821         * stress/r238510-bad-loop.js: Added.
822         (foo):
823
824 2018-11-27  Mark Lam  <mark.lam@apple.com>
825
826         [Re-landing] NaNs read from Wasm code needs to be be purified.
827         https://bugs.webkit.org/show_bug.cgi?id=191056
828         <rdar://problem/45660341>
829
830         Reviewed by Filip Pizlo.
831
832         * wasm/regress/regress-191056.js: Added.
833
834 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
835
836         Unreviewed, rolling out r238509.
837
838         Causes JSC tests to fail on iOS.
839
840         Reverted changeset:
841
842         "NaNs read from Wasm code needs to be be purified."
843         https://bugs.webkit.org/show_bug.cgi?id=191056
844         https://trac.webkit.org/changeset/238509
845
846 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
847
848         Re-introduce op_bitnot
849         https://bugs.webkit.org/show_bug.cgi?id=190923
850
851         Reviewed by Yusuke Suzuki.
852
853         * stress/bit-not-must-generate.js: Added.
854         * stress/bitwise-not-no-int32.js: Added.
855
856 2018-11-26  Saam barati  <sbarati@apple.com>
857
858         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
859         https://bugs.webkit.org/show_bug.cgi?id=191956
860         <rdar://problem/45665806>
861
862         Reviewed by Yusuke Suzuki.
863
864         * stress/end-basic-block-set-local-should-filter-type.js: Added.
865         (bar):
866         (foo):
867
868 2018-11-26  Saam barati  <sbarati@apple.com>
869
870         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
871         https://bugs.webkit.org/show_bug.cgi?id=191958
872         <rdar://problem/46221877>
873
874         Reviewed by Yusuke Suzuki.
875
876         * stress/object-allocation-sinking-phase-needs-to-write-to-each-scope-offset.js: Added.
877         (x):
878         (foo):
879
880 2018-11-26  Mark Lam  <mark.lam@apple.com>
881
882         NaNs read from Wasm code needs to be be purified.
883         https://bugs.webkit.org/show_bug.cgi?id=191056
884         <rdar://problem/45660341>
885
886         Reviewed by Filip Pizlo.
887
888         * wasm/regress/regress-191056.js: Added.
889
890 2018-11-26  Michael Saboff  <msaboff@apple.com>
891
892         32-bit JSC test failure: stress/regexp-compile-oom.js
893         https://bugs.webkit.org/show_bug.cgi?id=191375
894
895         Reviewed by Mark Lam.
896
897         Disabled the test for 32 bit platforms.
898
899         * stress/regexp-compile-oom.js:
900
901 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
902
903         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
904         https://bugs.webkit.org/show_bug.cgi?id=191716
905         <rdar://problem/45723878>
906
907         Reviewed by Saam Barati.
908
909         * stress/regress-187373.js: Added.
910         (async.fn):
911
912 2018-11-21  Saam barati  <sbarati@apple.com>
913
914         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
915         https://bugs.webkit.org/show_bug.cgi?id=191897
916         <rdar://problem/45871998>
917
918         Reviewed by Mark Lam.
919
920         * stress/exitok-is-not-the-same-as-mayExit.js: Added.
921         (bar):
922         (foo):
923
924 2018-11-21  Saam barati  <sbarati@apple.com>
925
926         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
927         https://bugs.webkit.org/show_bug.cgi?id=191895
928         <rdar://problem/46167406>
929
930         Reviewed by Mark Lam.
931
932         * stress/known-cell-use-needs-type-check-assertion.js: Added.
933         (foo):
934         (bar):
935
936 2018-11-21  Mark Lam  <mark.lam@apple.com>
937
938         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
939         https://bugs.webkit.org/show_bug.cgi?id=191776
940         <rdar://problem/46152851>
941
942         Reviewed by Saam Barati.
943
944         * stress/big-wasm-memory-grow-no-max.js:
945         * stress/big-wasm-memory-grow.js:
946         * stress/big-wasm-memory.js:
947         - updated these to expect an OutOfMemoryError.
948
949         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE-2.js: Added.
950         (Binary.prototype.emit_u8):
951         (Binary.prototype.emit_u32v):
952         (Binary.prototype.emit_header):
953         (Binary.prototype.emit_section):
954         (Binary):
955         (WasmModuleBuilder):
956         (WasmModuleBuilder.prototype.addMemory):
957         (WasmModuleBuilder.prototype.toArray):
958         (WasmModuleBuilder.prototype.toBuffer):
959         (WasmModuleBuilder.prototype.instantiate):
960         (catch):
961         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE.js: Added.
962         (catch):
963
964 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
965
966         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
967         https://bugs.webkit.org/show_bug.cgi?id=190836
968
969         Reviewed by Saam Barati and Yusuke Suzuki.
970
971         * stress/big-int-out-of-memory-tests.js: Added.
972
973 2018-11-20  Mark Lam  <mark.lam@apple.com>
974
975         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
976         https://bugs.webkit.org/show_bug.cgi?id=191856
977         <rdar://problem/46089992>
978
979         Reviewed by Yusuke Suzuki.
980
981         * stress/regress-191856.js: Added.
982         - this test is skipped for now until we have a fix for webkit.org/b/191855.
983
984 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
985
986         Enable JIT on ARM/Linux
987         https://bugs.webkit.org/show_bug.cgi?id=191548
988
989         Reviewed by Yusuke Suzuki.
990
991         Disable test on system with limited memory. Program was killed by
992         the OS before the exception was thrown.
993
994         * slowMicrobenchmarks/function-constructor-with-huge-strings.js:
995
996 2018-11-20  Saam barati  <sbarati@apple.com>
997
998         Merging an IC variant may lead to the IC status containing overlapping structure sets
999         https://bugs.webkit.org/show_bug.cgi?id=191869
1000         <rdar://problem/45403453>
1001
1002         Reviewed by Mark Lam.
1003
1004         * stress/merging-ic-variants-should-bail-if-structures-overlap.js: Added.
1005
1006 2018-11-19  Mark Lam  <mark.lam@apple.com>
1007
1008         globalFuncImportModule() should return a promise when it clears exceptions.
1009         https://bugs.webkit.org/show_bug.cgi?id=191792
1010         <rdar://problem/46090763>
1011
1012         Reviewed by Michael Saboff.
1013
1014         * stress/global-import-function-should-return-a-promise-when-clearing-exceptions.js: Added.
1015
1016 2018-11-19  Guillaume Emont  <guijemont@igalia.com>
1017
1018         Skip new memory-hungry tests on memory limited devices
1019
1020         Unreviewed gardening.
1021
1022         * stress/big-wasm-memory-grow-no-max.js:
1023         * stress/big-wasm-memory-grow.js:
1024         * stress/big-wasm-memory.js:
1025
1026 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1027
1028         Unreviewed, rolling in the rest of r237254
1029         https://bugs.webkit.org/show_bug.cgi?id=190340
1030
1031         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1032         * stress/function-cache-with-parameters-end-position.js: Added.
1033         (shouldBe):
1034         (shouldThrow):
1035         (i.anonymous):
1036         * stress/function-constructor-name.js: Added.
1037         (shouldBe):
1038         (GeneratorFunction):
1039         (AsyncFunction.async):
1040         (AsyncGeneratorFunction.async):
1041         (anonymous):
1042         (async.anonymous):
1043         * test262/expectations.yaml:
1044
1045 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1046
1047         All users of ArrayBuffer should agree on the same max size
1048         https://bugs.webkit.org/show_bug.cgi?id=191771
1049
1050         Reviewed by Mark Lam.
1051
1052         * stress/big-wasm-memory-grow-no-max.js: Added.
1053         (foo):
1054         (catch):
1055         * stress/big-wasm-memory-grow.js: Added.
1056         (foo):
1057         (catch):
1058         * stress/big-wasm-memory.js: Added.
1059         (foo):
1060         (catch):
1061
1062 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1063
1064         Unreviewed, make some more tests not crash my computer by only running on instance of it. These tests do not need to
1065         run for each JSC config since they're regression tests for runtime bugs.
1066
1067         * stress/json-stringified-overflow-2.js:
1068         * stress/json-stringified-overflow.js:
1069
1070 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1071
1072         Unreviewed, make some tests not crash my computer by only running on instance of it. These tests do not need to run for each JSC
1073         config since they're regression tests for runtime bugs.
1074
1075         * stress/large-unshift-splice.js:
1076         * stress/regress-185888.js:
1077
1078 2018-11-16  Saam Barati  <sbarati@apple.com>
1079
1080         KnownCellUse should also have SpecCellCheck as its type filter
1081         https://bugs.webkit.org/show_bug.cgi?id=191729
1082         <rdar://problem/45872852>
1083
1084         Reviewed by Filip Pizlo.
1085
1086         * stress/known-cell-type-check-should-allow-empty-value-to-flow-through.js: Added.
1087         (C):
1088
1089 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
1090
1091         Fix assertion failure on BytecodeGenerator::recordOpcode
1092         https://bugs.webkit.org/show_bug.cgi?id=191724
1093         <rdar://problem/45724395>
1094
1095         Reviewed by Saam Barati.
1096
1097         * stress/regress-187373-2.js: Added.
1098         (foo):
1099
1100 2018-11-15  Mark Lam  <mark.lam@apple.com>
1101
1102         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
1103         https://bugs.webkit.org/show_bug.cgi?id=191730
1104         <rdar://problem/46048517>
1105
1106         Reviewed by Saam Barati.
1107
1108         * stress/regress-187006.js: Removed.
1109           - this test is invalid because its sole purpose is to test for the non-spec
1110             compliant behavior that we just fixed.
1111
1112         * stress/regress-191730.js: Added.
1113
1114 2018-11-15  Mark Lam  <mark.lam@apple.com>
1115
1116         RegExp operations should not take fast patch if lastIndex is not numeric.
1117         https://bugs.webkit.org/show_bug.cgi?id=191731
1118         <rdar://problem/46017305>
1119
1120         Reviewed by Saam Barati.
1121
1122         * stress/regress-191731.js: Added.
1123
1124 2018-11-13  Saam Barati  <sbarati@apple.com>
1125
1126         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
1127         https://bugs.webkit.org/show_bug.cgi?id=191600
1128
1129         Reviewed by Mark Lam.
1130
1131         * stress/type-profiler-log-should-defer-pending-exceptions.js: Added.
1132         (foo):
1133         (test):
1134         (bar):
1135
1136 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
1137
1138         Unreviewed, rolling out r238132.
1139
1140         The test added with this change is timing out on Debug JSC
1141         bots.
1142
1143         Reverted changeset:
1144
1145         "[BigInt] JSBigInt::createWithLength should throw when length
1146         is greater than JSBigInt::maxLength"
1147         https://bugs.webkit.org/show_bug.cgi?id=190836
1148         https://trac.webkit.org/changeset/238132
1149
1150 2018-11-13  Mark Lam  <mark.lam@apple.com>
1151
1152         Add OOM detection to StringPrototype's substituteBackreferences().
1153         https://bugs.webkit.org/show_bug.cgi?id=191563
1154         <rdar://problem/45720428>
1155
1156         Reviewed by Saam Barati.
1157
1158         * stress/regress-191563.js: Added.
1159
1160 2018-11-13  Mark Lam  <mark.lam@apple.com>
1161
1162         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
1163         https://bugs.webkit.org/show_bug.cgi?id=191579
1164         <rdar://problem/45942472>
1165
1166         Reviewed by Saam Barati.
1167
1168         * stress/regress-191579.js: Added.
1169
1170 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
1171
1172         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
1173         https://bugs.webkit.org/show_bug.cgi?id=190836
1174
1175         Reviewed by Saam Barati.
1176
1177         * stress/big-int-out-of-memory-tests.js: Added.
1178
1179 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
1180
1181         U+180E is no longer a whitespace character
1182         https://bugs.webkit.org/show_bug.cgi?id=191415
1183
1184         Reviewed by Saam Barati.
1185
1186         * ChakraCore/test/es5/regexSpace.baseline:
1187         * ChakraCore/test/es6/unicode_whitespace.js:
1188         Update tests to latest version.
1189         (See https://github.com/Microsoft/ChakraCore/commit/7c097b698de1e400286f9b957597b2a81fc6f80b.)
1190
1191         * test262.yaml:
1192         * test262/config.yaml:
1193         * test262/expectations.yaml:
1194         Update expectations.
1195
1196 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
1197
1198         [BigInt] Add support to BigInt into ValueAdd
1199         https://bugs.webkit.org/show_bug.cgi?id=186177
1200
1201         Reviewed by Keith Miller.
1202
1203         * stress/big-int-negate-jit.js:
1204         * stress/value-add-big-int-and-string.js: Added.
1205         * stress/value-add-big-int-prediction-propagation.js: Added.
1206         * stress/value-add-big-int-untyped.js: Added.
1207
1208 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
1209
1210         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
1211         https://bugs.webkit.org/show_bug.cgi?id=191184
1212
1213         Reviewed by Saam Barati.
1214
1215         Most tests were failing due to timeouts, since they are too slow to
1216         run on CLoop. The exceptions are:
1217
1218         proxy-get-set-correct-receiver.js: Had to reduce the recursion depth not to overflow on CLoop
1219         dont-crash-on-stack-overflow-when-parsing-builtin.js and
1220         dont-crash-on-stack-overflow-when-parsing-default-constructor.js: had
1221         to change the stack size since CLoop requires it to be page aligned.
1222
1223         * microbenchmarks/array-push-1.js:
1224         * microbenchmarks/array-push-2.js:
1225         * microbenchmarks/elidable-new-object-dag.js:
1226         * microbenchmarks/elidable-new-object-roflcopter.js:
1227         * microbenchmarks/elidable-new-object-tree.js:
1228         * microbenchmarks/getter-richards.js:
1229         * microbenchmarks/sinkable-new-object-dag.js:
1230         * microbenchmarks/string-concat-long-convert.js:
1231         * microbenchmarks/typed-array-get-set-by-val-profiling.js:
1232         * slowMicrobenchmarks/array-push-3.js:
1233         * slowMicrobenchmarks/large-map-iteration-with-additions.js:
1234         * slowMicrobenchmarks/spread-small-array.js:
1235         * slowMicrobenchmarks/undefined-property-access.js:
1236         * stress/activation-sink-default-value-tdz-error.js:
1237         * stress/activation-sink-default-value.js:
1238         * stress/activation-sink-osrexit-default-value-tdz-error.js:
1239         * stress/activation-sink-osrexit-default-value.js:
1240         * stress/activation-sink-osrexit.js:
1241         * stress/activation-sink.js:
1242         * stress/allow-math-ic-b3-code-duplication.js:
1243         * stress/array-push-multiple-int32.js:
1244         * stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js:
1245         * stress/arrowfunction-lexical-this-activation-sink-osrexit.js:
1246         * stress/arrowfunction-lexical-this-activation-sink.js:
1247         * stress/dont-crash-on-stack-overflow-when-parsing-builtin.js:
1248         * stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js:
1249         * stress/elide-new-object-dag-then-exit.js:
1250         * stress/materialize-regexp-cyclic.js:
1251         * stress/new-regex-inline.js:
1252         * stress/op_add.js:
1253         * stress/op_bitand.js:
1254         * stress/op_bitor.js:
1255         * stress/op_bitxor.js:
1256         * stress/op_div-ConstVar.js:
1257         * stress/op_div-VarConst.js:
1258         * stress/op_div-VarVar.js:
1259         * stress/op_lshift-ConstVar.js:
1260         * stress/op_lshift-VarConst.js:
1261         * stress/op_lshift-VarVar.js:
1262         * stress/op_mod-ConstVar.js:
1263         * stress/op_mod-VarConst.js:
1264         * stress/op_mod-VarVar.js:
1265         * stress/op_mul-ConstVar.js:
1266         * stress/op_mul-VarConst.js:
1267         * stress/op_mul-VarVar.js:
1268         * stress/op_rshift-ConstVar.js:
1269         * stress/op_rshift-VarConst.js:
1270         * stress/op_rshift-VarVar.js:
1271         * stress/op_sub-ConstVar.js:
1272         * stress/op_sub-VarConst.js:
1273         * stress/op_sub-VarVar.js:
1274         * stress/op_urshift-ConstVar.js:
1275         * stress/op_urshift-VarConst.js:
1276         * stress/op_urshift-VarVar.js:
1277         * stress/proxy-get-set-correct-receiver.js:
1278         * stress/regress-179562.js:
1279         * stress/rest-parameter-many-arguments.js:
1280         * stress/sampling-profiler-richards.js:
1281         * stress/splay-flash-access-1ms.js:
1282         * stress/tailCallForwardArguments.js:
1283         * stress/typed-array-get-by-val-profiling.js:
1284         * typeProfiler/getter-richards.js:
1285
1286 2018-11-06  Michael Saboff  <msaboff@apple.com>
1287
1288         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
1289         https://bugs.webkit.org/show_bug.cgi?id=191271
1290
1291         Reviewed by Saam Barati.
1292
1293         Added more test cases and made all test cases run with the same deeply recursive stack
1294         instead of finding that same point for each test case.
1295
1296         * stress/regexp-compile-oom.js:
1297         (prototype.runTest):
1298         (recurseAndTest):
1299         (testList.push.new.TestAndExpectedException):
1300
1301 2018-11-05  Michael Saboff  <msaboff@apple.com>
1302
1303         Unreviewed build fix for linux.
1304
1305         * stress/regexp-compile-oom.js: Disabled for non-darwin OSes.
1306
1307 2018-11-02  Michael Saboff  <msaboff@apple.com>
1308
1309         Rolling in r237753 with unreviewed build fix.
1310
1311         Fixed issues with DECLARE_THROW_SCOPE placement.
1312
1313 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
1314
1315         Unreviewed, rolling out r237753.
1316
1317         Introduced JSC test failures
1318
1319         Reverted changeset:
1320
1321         "Running out of stack space not properly handled in
1322         RegExp::compile() and its callers"
1323         https://bugs.webkit.org/show_bug.cgi?id=191206
1324         https://trac.webkit.org/changeset/237753
1325
1326 2018-11-02  Michael Saboff  <msaboff@apple.com>
1327
1328         Running out of stack space not properly handled in RegExp::compile() and its callers
1329         https://bugs.webkit.org/show_bug.cgi?id=191206
1330
1331         Reviewed by Filip Pizlo.
1332
1333         New regression test.
1334
1335         * stress/regexp-compile-oom.js: Added.
1336         (recurseAndTest):
1337
1338 2018-11-01  Guillaume Emont  <guijemont@igalia.com>
1339
1340         Skip tests on arm/mips that time out now we're running on CLoop
1341
1342         Unreviewed gardening.
1343
1344         Since the JIT is temporarily disabled on 32-bit platforms, these tests
1345         time out on the bots and need to be disabled. There's more tests
1346         disabled on arm because the timeout is longer on the mips bot (as the
1347         device is slower to start with), so many of the tests don't time out
1348         there.
1349
1350         * microbenchmarks/getter-richards.js: disable on arm and mips.
1351         * stress/op_add.js: disable on arm.
1352         * stress/op_bitand.js: disable on arm.
1353         * stress/op_bitor.js: disable on arm.
1354         * stress/op_bitxor.js: disable on arm.
1355         * stress/op_lshift-ConstVar.js: disable on arm.
1356         * stress/op_lshift-VarConst.js: disable on arm.
1357         * stress/op_lshift-VarVar.js: disable on arm.
1358         * stress/op_mod-ConstVar.js: disable on arm.
1359         * stress/op_mod-VarConst.js: disable on arm.
1360         * stress/op_mod-VarVar.js: disable on arm.
1361         * stress/op_mul-ConstVar.js: disable on arm.
1362         * stress/op_mul-VarConst.js: disable on arm.
1363         * stress/op_mul-VarVar.js: disable on arm.
1364         * stress/op_rshift-ConstVar.js: disable on arm.
1365         * stress/op_rshift-VarConst.js: disable on arm.
1366         * stress/op_rshift-VarVar.js: disable on arm.
1367         * stress/op_sub-ConstVar.js: disable on arm.
1368         * stress/op_sub-VarConst.js: disable on arm.
1369         * stress/op_sub-VarVar.js: disable on arm.
1370         * stress/op_urshift-ConstVar.js: disable on arm.
1371         * stress/op_urshift-VarConst.js: disable on arm.
1372         * stress/op_urshift-VarVar.js: disable on arm.
1373         * stress/spread-forward-call-varargs-stack-overflow.js: disable on arm.
1374         * stress/value-to-boolean.js: disable on arm and mips.
1375
1376 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1377
1378         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1379         https://bugs.webkit.org/show_bug.cgi?id=191108
1380         <rdar://problem/45690700>
1381
1382         Reviewed by Saam Barati.
1383
1384         * stress/wide-op_catch.js: Added.
1385         (catch):
1386
1387 2018-10-29  Mark Lam  <mark.lam@apple.com>
1388
1389         Correctly detect string overflow when using the 'Function' constructor.
1390         https://bugs.webkit.org/show_bug.cgi?id=184883
1391         <rdar://problem/36320331>
1392
1393         Reviewed by Saam Barati.
1394
1395         I've verified that this passes on 32-bit as well.
1396
1397         * slowMicrobenchmarks/function-constructor-with-huge-strings.js: Added.
1398
1399 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1400
1401         Add support for GetStack FlushedDouble
1402         https://bugs.webkit.org/show_bug.cgi?id=191012
1403         <rdar://problem/45265141>
1404
1405         Reviewed by Saam Barati.
1406
1407         * stress/get-stack-double.js: Added.
1408         (bar):
1409         (noInline):
1410
1411 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1412
1413         New bytecode format for JSC
1414         https://bugs.webkit.org/show_bug.cgi?id=187373
1415         <rdar://problem/44186758>
1416
1417         Reviewed by Filip Pizlo.
1418
1419         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
1420
1421         * stress/maximum-inline-capacity.js: Added.
1422         (test1):
1423         (test3.Foo):
1424         (test3):
1425
1426 2018-10-26  Commit Queue  <commit-queue@webkit.org>
1427
1428         Unreviewed, rolling out r237479 and r237484.
1429         https://bugs.webkit.org/show_bug.cgi?id=190978
1430
1431         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
1432
1433         Reverted changesets:
1434
1435         "New bytecode format for JSC"
1436         https://bugs.webkit.org/show_bug.cgi?id=187373
1437         https://trac.webkit.org/changeset/237479
1438
1439         "Gardening: Build fix after r237479."
1440         https://bugs.webkit.org/show_bug.cgi?id=187373
1441         https://trac.webkit.org/changeset/237484
1442
1443 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
1444
1445         New bytecode format for JSC
1446         https://bugs.webkit.org/show_bug.cgi?id=187373
1447         <rdar://problem/44186758>
1448
1449         Reviewed by Filip Pizlo.
1450
1451         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
1452
1453         * stress/maximum-inline-capacity.js: Added.
1454         (test1):
1455         (test3.Foo):
1456         (test3):
1457
1458 2018-10-26  Mark Lam  <mark.lam@apple.com>
1459
1460         Fix missing edge cases with JSGlobalObjects having a bad time.
1461         https://bugs.webkit.org/show_bug.cgi?id=189028
1462         <rdar://problem/45204939>
1463
1464         Reviewed by Saam Barati.
1465
1466         * stress/regress-189028.js: Added.
1467
1468 2018-10-22  Mark Lam  <mark.lam@apple.com>
1469
1470         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
1471         https://bugs.webkit.org/show_bug.cgi?id=190515
1472         <rdar://problem/45222379>
1473
1474         Rubber-stamped by Saam Barati.
1475
1476         Adding another test.
1477
1478         * stress/regress-190515-2.js: Added.
1479
1480 2018-10-22  Mark Lam  <mark.lam@apple.com>
1481
1482         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
1483         https://bugs.webkit.org/show_bug.cgi?id=190515
1484         <rdar://problem/45222379>
1485
1486         Reviewed by Saam Barati.
1487
1488         * stress/regress-190515.js: Added.
1489
1490 2018-10-19  Commit Queue  <commit-queue@webkit.org>
1491
1492         Unreviewed, rolling out r237254.
1493         https://bugs.webkit.org/show_bug.cgi?id=190760
1494
1495         "It regresses JetStream 2 by 5% on some iOS devices"
1496         (Requested by saamyjoon on #webkit).
1497
1498         Reverted changeset:
1499
1500         "[JSC] JSC should have "parseFunction" to optimize Function
1501         constructor"
1502         https://bugs.webkit.org/show_bug.cgi?id=190340
1503         https://trac.webkit.org/changeset/237254
1504
1505 2018-10-19  Saam Barati  <sbarati@apple.com>
1506
1507         vmCall should check if we exit before emitting an OSR exit due to exceptions
1508         https://bugs.webkit.org/show_bug.cgi?id=190740
1509         <rdar://problem/45220139>
1510
1511         Reviewed by Mark Lam.
1512
1513         * stress/dont-emit-osr-exits-for-every-call-ftl.js: Added.
1514         (foo):
1515
1516 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
1517
1518         [ESNext][BigInt] Implement support for "^"
1519         https://bugs.webkit.org/show_bug.cgi?id=186235
1520
1521         Reviewed by Yusuke Suzuki.
1522
1523         * stress/big-int-bitwise-xor-general.js: Added.
1524         * stress/big-int-bitwise-xor-to-primitive-precedence.js: Added.
1525         * stress/big-int-bitwise-xor-type-error.js: Added.
1526         * stress/big-int-bitwise-xor-wrapped-value.js: Added.
1527
1528 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
1529
1530         [BigInt] Add ValueSub into DFG
1531         https://bugs.webkit.org/show_bug.cgi?id=186176
1532
1533         Reviewed by Yusuke Suzuki.
1534
1535         * stress/big-int-subtraction-jit.js:
1536         * stress/value-sub-big-int-prediction-propagation.js: Added.
1537         * stress/value-sub-big-int-untyped.js: Added.
1538         * stress/value-sub-spec-none-case.js: Added.
1539
1540 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1541
1542         [JSC] JSC should have "parseFunction" to optimize Function constructor
1543         https://bugs.webkit.org/show_bug.cgi?id=190340
1544
1545         Reviewed by Mark Lam.
1546
1547         This patch fixes the line number of syntax errors raised by the Function constructor,
1548         since we now parse the final code only once. And we no longer use block statement
1549         for Function constructor's parsing.
1550
1551         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1552         * stress/function-cache-with-parameters-end-position.js: Added.
1553         (shouldBe):
1554         (shouldThrow):
1555         (i.anonymous):
1556         * stress/function-constructor-name.js: Added.
1557         (shouldBe):
1558         (GeneratorFunction):
1559         (AsyncFunction.async):
1560         (AsyncGeneratorFunction.async):
1561         (anonymous):
1562         (async.anonymous):
1563         * test262/expectations.yaml:
1564
1565 2018-10-18  Commit Queue  <commit-queue@webkit.org>
1566
1567         Unreviewed, rolling out r237242.
1568         https://bugs.webkit.org/show_bug.cgi?id=190701
1569
1570         it breaks "stress/sampling-profiler-basic.js" (Requested by
1571         caiolima on #webkit).
1572
1573         Reverted changeset:
1574
1575         "[BigInt] Add ValueSub into DFG"
1576         https://bugs.webkit.org/show_bug.cgi?id=186176
1577         https://trac.webkit.org/changeset/237242
1578
1579 2018-10-17  Keith Miller  <keith_miller@apple.com>
1580
1581         AI does not clear Phantom allocation nodes.
1582         https://bugs.webkit.org/show_bug.cgi?id=190694
1583
1584         Reviewed by Saam Barati.
1585
1586         * stress/ftl-ai-filter-phantoms-should-clear-clear-value.js: Added.
1587         (Day):
1588         (DaysInYear):
1589         (TimeInYear):
1590         (TimeFromYear):
1591         (DayFromYear):
1592         (InLeapYear):
1593         (YearFromTime):
1594         (WeekDay):
1595         (DaylightSavingTA):
1596         (GetSecondSundayInMarch):
1597         (TimeInMonth):
1598
1599 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
1600
1601         [BigInt] Add ValueSub into DFG
1602         https://bugs.webkit.org/show_bug.cgi?id=186176
1603
1604         Reviewed by Yusuke Suzuki.
1605
1606         * stress/big-int-subtraction-jit.js:
1607         * stress/value-sub-big-int-prediction-propagation.js: Added.
1608         * stress/value-sub-big-int-untyped.js: Added.
1609
1610 2018-10-16  Dominik Infuehr  <dinfuehr@igalia.com>
1611
1612         [JSC] stress/array-prototype-concat-of-long-spliced-arrays2.js times out on arm and mips
1613         https://bugs.webkit.org/show_bug.cgi?id=190611
1614
1615         Reviewed by Saam Barati.
1616
1617         Reduce array length just like in array-prototype-concat-of-long-spliced-arrays.js
1618         to improve test runtime. On ARM/MIPS this test even timed out when running all
1619         tests.
1620
1621         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
1622         (test):
1623
1624 2018-10-15  Guillaume Emont  <guijemont@igalia.com>
1625
1626         Skip stress/array-prototype-concat-of-long-spliced-arrays2.js on arm and mips/linux
1627
1628         Unreviewed gardening.
1629
1630         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
1631
1632 2018-10-15  Saam barati  <sbarati@apple.com>
1633
1634         Emit fjcvtzs on ARM64E on Darwin
1635         https://bugs.webkit.org/show_bug.cgi?id=184023
1636
1637         Reviewed by Yusuke Suzuki and Filip Pizlo.
1638
1639         * stress/double-to-int32-NaN.js: Added.
1640         (assert):
1641         (foo):
1642
1643 2018-10-15  Saam Barati  <sbarati@apple.com>
1644
1645         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
1646         https://bugs.webkit.org/show_bug.cgi?id=190262
1647         <rdar://problem/44986241>
1648
1649         Reviewed by Mark Lam.
1650
1651         * stress/array-prototype-concat-of-long-spliced-arrays.js:
1652         (test):
1653         * stress/slice-array-storage-with-holes.js: Added.
1654         (main):
1655
1656 2018-10-15  Commit Queue  <commit-queue@webkit.org>
1657
1658         Unreviewed, rolling out r237054.
1659         https://bugs.webkit.org/show_bug.cgi?id=190593
1660
1661         "this regressed JetStream 2 by 6% on iOS" (Requested by
1662         saamyjoon on #webkit).
1663
1664         Reverted changeset:
1665
1666         "[JSC] JSC should have "parseFunction" to optimize Function
1667         constructor"
1668         https://bugs.webkit.org/show_bug.cgi?id=190340
1669         https://trac.webkit.org/changeset/237054
1670
1671 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1672
1673         [JSC] JSON.stringify can accept call-with-no-arguments
1674         https://bugs.webkit.org/show_bug.cgi?id=190343
1675
1676         Reviewed by Mark Lam.
1677
1678         * stress/json-stringify-no-arguments.js: Added.
1679         (shouldBe):
1680
1681 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1682
1683         [JSC] JSC should have "parseFunction" to optimize Function constructor
1684         https://bugs.webkit.org/show_bug.cgi?id=190340
1685
1686         Reviewed by Mark Lam.
1687
1688         This patch fixes the line number of syntax errors raised by the Function constructor,
1689         since we now parse the final code only once. And we no longer use block statement
1690         for Function constructor's parsing.
1691
1692         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1693         * stress/function-cache-with-parameters-end-position.js: Added.
1694         (shouldBe):
1695         (shouldThrow):
1696         (i.anonymous):
1697         * stress/function-constructor-name.js: Added.
1698         (shouldBe):
1699         (GeneratorFunction):
1700         (AsyncFunction.async):
1701         (AsyncGeneratorFunction.async):
1702         (anonymous):
1703         (async.anonymous):
1704         * test262/expectations.yaml:
1705
1706 2018-10-10  Guillaume Emont  <guijemont@igalia.com>
1707
1708         Skip JSC test stress/sampling-profiler-richards.js on armv7/linux
1709         https://bugs.webkit.org/show_bug.cgi?id=190426
1710
1711         Unreviewed gardening.
1712
1713         * stress/sampling-profiler-richards.js:
1714
1715 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
1716
1717         [ESNext][BigInt] Implement support for "|"
1718         https://bugs.webkit.org/show_bug.cgi?id=186229
1719
1720         Reviewed by Yusuke Suzuki.
1721
1722         * stress/big-int-bitwise-and-jit.js:
1723         * stress/big-int-bitwise-or-general.js: Added.
1724         * stress/big-int-bitwise-or-jit-untyped.js: Added.
1725         * stress/big-int-bitwise-or-jit.js: Added.
1726         * stress/big-int-bitwise-or-memory-stress.js: Added.
1727         * stress/big-int-bitwise-or-to-primitive-precedence.js: Added.
1728         * stress/big-int-bitwise-or-type-error.js: Added.
1729         * stress/big-int-bitwise-or-wrapped-value.js: Added.
1730
1731 2018-10-05  Dominik Infuehr  <dominik.infuehr@gmail.com>
1732
1733         Skip test on systems with limited memory
1734         https://bugs.webkit.org/show_bug.cgi?id=190310
1735
1736         Invoking runDefault adds test to runlist, skipping the test in the next
1737         line does not prevent the test from executing. Change order of lines such
1738         that runDefault is only executed if test is not executed.
1739
1740         Reviewed by Mark Lam.
1741
1742         * stress/regress-190187.js:
1743
1744 2018-10-03  Saam barati  <sbarati@apple.com>
1745
1746         lowXYZ in FTLLower should always filter the type of the incoming edge
1747         https://bugs.webkit.org/show_bug.cgi?id=189939
1748         <rdar://problem/44407030>
1749
1750         Reviewed by Michael Saboff.
1751
1752         * stress/ftl-should-always-filter-for-low-type-check-functions.js: Added.
1753         (foo):
1754         (test):
1755
1756 2018-10-03  Mark Lam  <mark.lam@apple.com>
1757
1758         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1759         https://bugs.webkit.org/show_bug.cgi?id=190187
1760         <rdar://problem/42512909>
1761
1762         Reviewed by Michael Saboff.
1763
1764         * stress/regress-190187.js: Added.
1765
1766 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1767
1768         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1769         https://bugs.webkit.org/show_bug.cgi?id=190033
1770
1771         Reviewed by Yusuke Suzuki.
1772
1773         * stress/big-int-to-string.js:
1774
1775 2018-10-01  Mark Lam  <mark.lam@apple.com>
1776
1777         Function.toString() should also copy the source code Functions that are class definitions.
1778         https://bugs.webkit.org/show_bug.cgi?id=190186
1779         <rdar://problem/44733360>
1780
1781         Reviewed by Saam Barati.
1782
1783         * stress/regress-190186.js: Added.
1784
1785 2018-10-01  Dominik Infuehr  <dinfuehr@igalia.com>
1786
1787         Split NaN-check into separate test
1788         https://bugs.webkit.org/show_bug.cgi?id=190010
1789
1790         Reviewed by Saam Barati.
1791
1792         DataView exposes NaN-representation, which is not necessarily the same on each
1793         architecture. Therefore move the check of the NaN-representation into its own
1794         file such that we can disable this test on MIPS where NaN-representation can be
1795         different on older CPUs.
1796
1797         * stress/dataview-jit-set-nan.js: Added.
1798         (assert):
1799         (test.storeLittleEndian):
1800         (test.storeBigEndian):
1801         (test.store):
1802         (test):
1803         * stress/dataview-jit-set.js:
1804         (test5):
1805
1806 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1807
1808         Unreviewed, rolling out r236647.
1809         https://bugs.webkit.org/show_bug.cgi?id=190124
1810
1811         Breaking test stress/big-int-to-string.js (Requested by
1812         caiolima_ on #webkit).
1813
1814         Reverted changeset:
1815
1816         "[BigInt] BigInt.proptotype.toString is broken when radix is
1817         power of 2"
1818         https://bugs.webkit.org/show_bug.cgi?id=190033
1819         https://trac.webkit.org/changeset/236647
1820
1821 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1822
1823         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1824         https://bugs.webkit.org/show_bug.cgi?id=190033
1825
1826         Reviewed by Yusuke Suzuki.
1827
1828         * stress/big-int-to-string.js:
1829
1830 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1831
1832         [ESNext][BigInt] Implement support for "&"
1833         https://bugs.webkit.org/show_bug.cgi?id=186228
1834
1835         Reviewed by Yusuke Suzuki.
1836
1837         * stress/big-int-bitwise-and-general.js: Added.
1838         (assert):
1839         (assert.sameValue):
1840         * stress/big-int-bitwise-and-jit.js: Added.
1841         (let.assert.sameValue):
1842         (bigIntBitAnd):
1843         * stress/big-int-bitwise-and-memory-stress.js: Added.
1844         (assert):
1845         * stress/big-int-bitwise-and-to-primitive-precedence.js: Added.
1846         (assert.sameValue):
1847         (let.o.Symbol.toPrimitive):
1848         (catch):
1849         * stress/big-int-bitwise-and-type-error.js: Added.
1850         (assert):
1851         (assertThrowTypeError):
1852         (let.o.valueOf):
1853         (o.valueOf):
1854         (o.toString):
1855         (o.Symbol.toPrimitive):
1856         * stress/big-int-bitwise-and-wrapped-value.js: Added.
1857         (assert.sameValue):
1858         (testBitAnd):
1859         (let.o.Symbol.toPrimitive):
1860         (o.valueOf):
1861         (o.toString):
1862
1863 2018-09-28  Ross Kirsling  <ross.kirsling@sony.com>
1864
1865         JSC test stress/jsc-read.js doesn't support CRLF
1866         https://bugs.webkit.org/show_bug.cgi?id=190063
1867
1868         Reviewed by Yusuke Suzuki.
1869
1870         In order to run this test via Windows command prompt, we can't assume that the final newline will be LF.
1871
1872         * stress/jsc-read.js:
1873         (test):
1874
1875 2018-09-27  Saam barati  <sbarati@apple.com>
1876
1877         Verify the contents of AssemblerBuffer on arm64e
1878         https://bugs.webkit.org/show_bug.cgi?id=190057
1879         <rdar://problem/38916630>
1880
1881         Reviewed by Mark Lam.
1882
1883         * stress/regress-189132.js:
1884
1885 2018-09-27  Dominik Infuehr  <dinfuehr@igalia.com>
1886
1887         Disable test without LLInt on ARMv7
1888         https://bugs.webkit.org/show_bug.cgi?id=190037
1889
1890         Reviewed by Mark Lam.
1891
1892         Test runs out of executable memory on ARMv7, do not run
1893         this test without LLInt enabled.
1894
1895         * stress/regress-169445.js:
1896
1897 2018-09-26  Keith Miller  <keith_miller@apple.com>
1898
1899         We should zero unused property storage when rebalancing array storage.
1900         https://bugs.webkit.org/show_bug.cgi?id=188151
1901
1902         Reviewed by Michael Saboff.
1903
1904         * stress/splice-should-zero-property-storage-when-rebalancing.js: Added.
1905
1906 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1907
1908         [JSC] Optimize Array#lastIndexOf
1909         https://bugs.webkit.org/show_bug.cgi?id=189780
1910
1911         Reviewed by Saam Barati.
1912
1913         * stress/array-lastindexof-array-prototype-trap.js: Added.
1914         (shouldBe):
1915         (AncestorArray.prototype.get 2):
1916         (AncestorArray):
1917         * stress/array-lastindexof-have-a-bad-time-c-runtime.js: Added.
1918         (shouldBe):
1919         * stress/array-lastindexof-hole-nan.js: Added.
1920         (shouldBe):
1921         (throw.new.Error):
1922         * stress/array-lastindexof-infinity.js: Added.
1923         (shouldBe):
1924         (throw.new.Error):
1925         * stress/array-lastindexof-negative-zero.js: Added.
1926         (shouldBe):
1927         (throw.new.Error):
1928         * stress/array-lastindexof-own-getter.js: Added.
1929         (shouldBe):
1930         (throw.new.Error.get array):
1931         (get array):
1932         * stress/array-lastindexof-prototype-trap.js: Added.
1933         (shouldBe):
1934         (DerivedArray.prototype.get 2):
1935         (DerivedArray):
1936
1937 2018-09-25  Saam Barati  <sbarati@apple.com>
1938
1939         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1940         https://bugs.webkit.org/show_bug.cgi?id=189940
1941         <rdar://problem/43640987>
1942
1943         Reviewed by Mark Lam.
1944
1945         * stress/use-baseline-codeblock-materialize-osr-exit.js: Added.
1946
1947 2018-09-24  Saam Barati  <sbarati@apple.com>
1948
1949         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1950         https://bugs.webkit.org/show_bug.cgi?id=189922
1951         <rdar://problem/44651275>
1952
1953         Reviewed by Mark Lam.
1954
1955         * stress/array-indexof-fast-path-effects.js: Added.
1956         * stress/array-indexof-cached-length.js: Added.
1957
1958 2018-09-24  Saam barati  <sbarati@apple.com>
1959
1960         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1961         https://bugs.webkit.org/show_bug.cgi?id=189682
1962         <rdar://problem/43557315>
1963
1964         Reviewed by Mark Lam.
1965
1966         * stress/arguments-elimination-will-generate-edge-without-result.js: Added.
1967         (foo):
1968
1969 2018-09-22  Saam barati  <sbarati@apple.com>
1970
1971         The sampling should not use Strong<CodeBlock> in its machineLocation field
1972         https://bugs.webkit.org/show_bug.cgi?id=189319
1973
1974         Reviewed by Filip Pizlo.
1975
1976         * stress/sampling-profiler-richards.js: Added.
1977
1978 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1979
1980         [JSC] Optimize Array#indexOf in C++ runtime
1981         https://bugs.webkit.org/show_bug.cgi?id=189507
1982
1983         Reviewed by Saam Barati.
1984
1985         * stress/array-indexof-array-prototype-trap.js: Added.
1986         (shouldBe):
1987         (AncestorArray.prototype.get 2):
1988         (AncestorArray):
1989         * stress/array-indexof-have-a-bad-time-c-runtime.js: Added.
1990         (shouldBe):
1991         * stress/array-indexof-hole-nan.js: Added.
1992         (shouldBe):
1993         (throw.new.Error):
1994         * stress/array-indexof-infinity.js: Added.
1995         (shouldBe):
1996         (throw.new.Error):
1997         * stress/array-indexof-negative-zero.js: Added.
1998         (shouldBe):
1999         (throw.new.Error):
2000         * stress/array-indexof-own-getter.js: Added.
2001         (shouldBe):
2002         (throw.new.Error.get array):
2003         (get array):
2004         * stress/array-indexof-prototype-trap.js: Added.
2005         (shouldBe):
2006         (DerivedArray.prototype.get 2):
2007         (DerivedArray):
2008
2009 2018-09-19  Saam barati  <sbarati@apple.com>
2010
2011         AI rule for MultiPutByOffset executes its effects in the wrong order
2012         https://bugs.webkit.org/show_bug.cgi?id=189757
2013         <rdar://problem/43535257>
2014
2015         Reviewed by Michael Saboff.
2016
2017         * stress/multi-put-by-offset-must-filter-value-before-filtering-base.js: Added.
2018         (foo):
2019         (Foo):
2020         (g):
2021
2022 2018-09-17  Mark Lam  <mark.lam@apple.com>
2023
2024         Ensure that ForInContexts are invalidated if their loop local is over-written.
2025         https://bugs.webkit.org/show_bug.cgi?id=189571
2026         <rdar://problem/44402277>
2027
2028         Reviewed by Saam Barati.
2029
2030         * stress/regress-189571.js: Added.
2031
2032 2018-09-17  Saam barati  <sbarati@apple.com>
2033
2034         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
2035         https://bugs.webkit.org/show_bug.cgi?id=189676
2036         <rdar://problem/39682897>
2037
2038         Reviewed by Michael Saboff.
2039
2040         * typeProfiler/check-structure-or-empty-in-fixup.js: Added.
2041         (A):
2042         (K):
2043         (i.catch):
2044
2045 2018-09-14  Saam barati  <sbarati@apple.com>
2046
2047         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
2048         https://bugs.webkit.org/show_bug.cgi?id=189628
2049         <rdar://problem/39481690>
2050
2051         Reviewed by Mark Lam.
2052
2053         * stress/verbose-failure-dont-graph-dump-availability-already-freed.js: Added.
2054         (foo):
2055
2056 2018-09-11  Mark Lam  <mark.lam@apple.com>
2057
2058         Test for array initialization in arrayProtoFuncSplice.
2059         https://bugs.webkit.org/show_bug.cgi?id=170253
2060         <rdar://problem/31328773>
2061
2062         Rubber-stamped by Saam Barati.
2063
2064         * stress/regress-170253.js: Added.
2065
2066 2018-09-11  Mark Lam  <mark.lam@apple.com>
2067
2068         Test for IntlObject initialization.
2069         https://bugs.webkit.org/show_bug.cgi?id=170251
2070         <rdar://problem/31328419>
2071
2072         Rubber-stamped by Saam Barati.
2073
2074         * stress/regress-170251.js: Added.
2075
2076 2018-09-11  Mark Lam  <mark.lam@apple.com>
2077
2078         Test for array memcpy'ing when JSGlobalObject::haveABadTime.
2079         https://bugs.webkit.org/show_bug.cgi?id=169889
2080         <rdar://problem/31155607>
2081
2082         Reviewed by Saam Barati.
2083
2084         * stress/regress-169889-array-concat.js: Added.
2085         * stress/regress-169889-array-concat1.js: Added.
2086         * stress/regress-169889-array-slice.js: Added.
2087
2088 2018-09-11  Mark Lam  <mark.lam@apple.com>
2089
2090         Test for incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope.
2091         https://bugs.webkit.org/show_bug.cgi?id=169445
2092         <rdar://problem/30957435>
2093
2094         Reviewed by Saam Barati.
2095
2096         * stress/regress-169445.js: Added.
2097         (let.gun.eval.A):
2098         (let.gun.eval.B.C):
2099         (let.gun.eval.B.C.prototype.trigger):
2100         (let.gun.eval.B.C.prototype.triggerWithRestParameters):
2101         (let.gun.eval.B):
2102         (let.gun.eval):
2103
2104 == Rolled over to ChangeLog-2018-09-11 ==