Release assert with <img usemap> in shadow tree
[WebKit-https.git] / JSTests / ChangeLog
1 2019-01-11  Saam barati  <sbarati@apple.com>
2
3         DFG combined liveness can be wrong for terminal basic blocks
4         https://bugs.webkit.org/show_bug.cgi?id=193304
5         <rdar://problem/45268632>
6
7         Reviewed by Yusuke Suzuki.
8
9         * stress/dfg-combined-liveness-consider-terminal-blocks-bytecode-liveness.js: Added.
10
11 2019-01-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
12
13         [JSC] Global lexical bindings can shadow global variables if it is `configurable = true`
14         https://bugs.webkit.org/show_bug.cgi?id=193308
15         <rdar://problem/45546542>
16
17         Reviewed by Saam Barati.
18
19         * stress/const-lexical-binding-shadow-existing-global-property-ftl.js: Added.
20         (shouldThrow):
21         (shouldBe):
22         (foo):
23         (get shouldThrow):
24         * stress/const-lexical-binding-shadow-existing-global-property-tdz-ftl.js: Added.
25         (shouldThrow):
26         (shouldBe):
27         (foo):
28         (get shouldBe):
29         (get shouldThrow):
30         (get return):
31         * stress/const-lexical-binding-shadow-existing-global-property-tdz.js: Added.
32         (shouldThrow):
33         (shouldBe):
34         (foo):
35         (get shouldBe):
36         (get shouldThrow):
37         * stress/const-lexical-binding-shadow-existing-global-property.js: Added.
38         (shouldThrow):
39         (shouldBe):
40         (foo):
41         * stress/const-lexical-binding-shadowing-global-properties-and-eval-injection.js: Added.
42         (shouldThrow):
43         (shouldBe):
44         (foo):
45         * stress/global-add-function-should-not-be-shadowed-by-lexical-bindings.js: Added.
46         (shouldThrow):
47         * stress/global-static-variables-should-not-be-shadowed-by-lexical-bindings.js: Added.
48         (shouldThrow):
49         * stress/let-lexical-binding-shadow-existing-global-property-ftl.js: Added.
50         (shouldThrow):
51         (shouldBe):
52         (foo):
53         * stress/let-lexical-binding-shadow-existing-global-property-tdz-ftl.js: Added.
54         (shouldThrow):
55         (shouldBe):
56         (foo):
57         (get shouldBe):
58         (get shouldThrow):
59         (get return):
60         * stress/let-lexical-binding-shadow-existing-global-property-tdz.js: Added.
61         (shouldThrow):
62         (shouldBe):
63         (foo):
64         (get shouldBe):
65         (get shouldThrow):
66         * stress/let-lexical-binding-shadow-existing-global-property.js: Added.
67         (shouldThrow):
68         (shouldBe):
69         (foo):
70         * stress/let-lexical-binding-shadowing-global-properties-and-eval-injection.js: Added.
71         (shouldThrow):
72         (shouldBe):
73         (foo):
74
75 2019-01-11  Dominik Infuehr  <dinfuehr@igalia.com>
76
77         Enable DFG on ARM/Linux again
78         https://bugs.webkit.org/show_bug.cgi?id=192496
79
80         Reviewed by Yusuke Suzuki.
81
82         Test wasn't really skipped before moving the line with skip
83         to the top.
84
85         * stress/regress-192717.js:
86
87 2019-01-10  Commit Queue  <commit-queue@webkit.org>
88
89         Unreviewed, rolling out r239825.
90         https://bugs.webkit.org/show_bug.cgi?id=193330
91
92         Broke tests on armv7/linux bots (Requested by guijemont on
93         #webkit).
94
95         Reverted changeset:
96
97         "Enable DFG on ARM/Linux again"
98         https://bugs.webkit.org/show_bug.cgi?id=192496
99         https://trac.webkit.org/changeset/239825
100
101 2019-01-10  Dominik Infuehr  <dinfuehr@igalia.com>
102
103         Enable DFG on ARM/Linux again
104         https://bugs.webkit.org/show_bug.cgi?id=192496
105
106         Reviewed by Yusuke Suzuki.
107
108         Test wasn't really skipped before moving the line with skip
109         to the top.
110
111         * stress/regress-192717.js:
112
113 2019-01-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
114
115         Array.prototype.flat/flatMap have a minor bug in ArraySpeciesCreate
116         https://bugs.webkit.org/show_bug.cgi?id=193127
117
118         Reviewed by Saam Barati.
119
120         * stress/array-species-create-should-handle-masquerader.js: Added.
121         (shouldThrow):
122         * stress/is-undefined-or-null-builtin.js: Added.
123         (shouldBe):
124         (isUndefinedOrNull.vm.createBuiltin):
125
126 2019-01-08  Tadeu Zagallo  <tzagallo@apple.com>
127
128         LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
129         https://bugs.webkit.org/show_bug.cgi?id=193221
130
131         Reviewed by Mark Lam.
132
133         * stress/put-by-id-flags.js: Added.
134         (f):
135         (g):
136         (numberOfDFGCompiles):
137
138 2019-01-04  Tadeu Zagallo  <tzagallo@apple.com>
139
140         Baseline version of get_by_id may corrupt metadata
141         https://bugs.webkit.org/show_bug.cgi?id=193085
142         <rdar://problem/23453006>
143
144         Reviewed by Saam Barati.
145
146         * stress/get-by-id-change-mode.js: Added.
147         (forEach):
148
149 2019-01-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
150
151         [JSC] Optimize Object.prototype.toString
152         https://bugs.webkit.org/show_bug.cgi?id=193031
153
154         Reviewed by Saam Barati.
155
156         * stress/object-tostring-changed-proto.js: Added.
157         (shouldBe):
158         (test):
159         * stress/object-tostring-changed.js: Added.
160         (shouldBe):
161         (test):
162         * stress/object-tostring-misc.js: Added.
163         (shouldBe):
164         (test):
165         (i.switch):
166         * stress/object-tostring-other.js: Added.
167         (shouldBe):
168         (test):
169         * stress/object-tostring-untyped.js: Added.
170         (shouldBe):
171         (test):
172         (i.switch):
173
174 2019-01-03  Ross Kirsling  <ross.kirsling@sony.com>
175
176         test262-runner misbehaves when test file YAML has a trailing space
177         https://bugs.webkit.org/show_bug.cgi?id=193053
178
179         Reviewed by Yusuke Suzuki.
180
181         * test262/expectations.yaml:
182         Mark two dozen tests as passing (and correct the output of another).
183
184 2018-12-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
185
186         Unreviewed, JSTests gardening with memoryLimited
187
188         * stress/string-overflow-createError.js:
189
190 2018-12-30  Ross Kirsling  <ross.kirsling@sony.com>
191
192         [JSC] Identifier validity should be based on ID_Start / ID_Continue properties
193         https://bugs.webkit.org/show_bug.cgi?id=193050
194
195         Reviewed by Yusuke Suzuki.
196
197         * test262.yaml:
198         * test262/expectations.yaml:
199         Mark 16 tests as passing.
200
201 2018-12-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
202
203         [BigInt] Support BigInt in JSON.stringify
204         https://bugs.webkit.org/show_bug.cgi?id=192624
205
206         Reviewed by Saam Barati.
207
208         * stress/big-int-json-stringify-to-json.js: Added.
209         (shouldBe):
210         (shouldThrow):
211         (BigInt.prototype.toJSON):
212         (shouldBe.JSON.stringify):
213         * stress/big-int-json-stringify.js: Added.
214         (shouldBe):
215         (shouldThrow):
216
217 2018-12-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
218
219         [JSC] Implement "well-formed JSON.stringify" proposal
220         https://bugs.webkit.org/show_bug.cgi?id=191677
221
222         Reviewed by Darin Adler.
223
224         * stress/json-surrogate-pair.js: Added.
225         (shouldBe):
226         * test262/expectations.yaml:
227
228 2018-12-20  Keith Miller  <keith_miller@apple.com>
229
230         Add support for globalThis
231         https://bugs.webkit.org/show_bug.cgi?id=165171
232
233         Reviewed by Mark Lam.
234
235         * test262/config.yaml:
236
237 2018-12-19  Keith Miller  <keith_miller@apple.com>
238
239         Update test262 configuration to not run tests dependent on ICU version.
240         https://bugs.webkit.org/show_bug.cgi?id=192920
241
242         Reviewed by Saam Barati.
243
244         * test262/expectations.yaml:
245
246 2018-12-20  Mark Lam  <mark.lam@apple.com>
247
248         Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
249         https://bugs.webkit.org/show_bug.cgi?id=192939
250         <rdar://problem/46869516>
251
252         Reviewed by Keith Miller.
253
254         * stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js: Added.
255
256 2018-12-20  Tadeu Zagallo  <tzagallo@apple.com>
257
258         WTF::String and StringImpl overflow MaxLength
259         https://bugs.webkit.org/show_bug.cgi?id=192853
260         <rdar://problem/45726906>
261
262         Reviewed by Mark Lam.
263
264         * stress/string-16bit-repeat-overflow.js: Added.
265         (catch):
266
267 2018-12-19  Ross Kirsling  <ross.kirsling@sony.com>
268
269         Unreviewed follow-up to r192914.
270
271         * test262/expectations.yaml:
272         Add the last 20 missing expectations.
273
274 2018-12-19  Keith Miller  <keith_miller@apple.com>
275
276         Fix test262 expectations
277         https://bugs.webkit.org/show_bug.cgi?id=192914
278
279         Unreviewed, when I imported the latest round of test262 tests I must have failed to update the test expectations.
280
281         * test262/expectations.yaml:
282
283 2018-12-19  Keith Miller  <keith_miller@apple.com>
284
285         Update test262 tests.
286         https://bugs.webkit.org/show_bug.cgi?id=192907
287
288         Rubber stamped by Mark Lam.
289
290         * test262/*: Omitted because prepare-changelog crashes.
291
292 2018-12-19  Mark Lam  <mark.lam@apple.com>
293
294         JSPropertyNameEnumerator should cache the iterated object's structure only after getting its property names.
295         https://bugs.webkit.org/show_bug.cgi?id=192464
296         <rdar://problem/46519455>
297
298         Reviewed by Saam Barati.
299
300         This patch is about a 10% speed up on the new for-in-on-object-with-lazily-materialized-properties.js
301         microbenchmark.
302
303         * microbenchmarks/for-in-on-object-with-lazily-materialized-properties.js: Added.
304         * stress/property-name-enumerator-should-cache-structure-after-getting-property-names.js: Added.
305
306 2018-12-19  Tadeu Zagallo  <tzagallo@apple.com>
307
308         String overflow in JSC::createError results in ASSERT in WTF::makeString
309         https://bugs.webkit.org/show_bug.cgi?id=192833
310         <rdar://problem/45706868>
311
312         Reviewed by Mark Lam.
313
314         * stress/string-overflow-createError.js: Added.
315
316 2018-12-18  Ross Kirsling  <ross.kirsling@sony.com>
317
318         Error message for `-x ** y` contains a typo.
319         https://bugs.webkit.org/show_bug.cgi?id=192832
320
321         Reviewed by Saam Barati.
322
323         * ChakraCore/test/UnitTestFramework/UnitTestFramework.js:
324         (assert.assert.return.throws):
325         * stress/pow-expects-update-expression-on-lhs.js:
326         (throw.new.Error):
327         Update test expectations which match against the exact error message.
328
329 2018-12-18  Mark Lam  <mark.lam@apple.com>
330
331         Gardening: test options fix.
332         https://bugs.webkit.org/show_bug.cgi?id=192822
333
334         Unreviewed.
335
336         * stress/json-stringify-string-builder-overflow.js:
337
338 2018-12-18  Mark Lam  <mark.lam@apple.com>
339
340         JSON.stringify() should throw OOM on StringBuilder overflows.
341         https://bugs.webkit.org/show_bug.cgi?id=192822
342         <rdar://problem/46670577>
343
344         Reviewed by Saam Barati.
345
346         * stress/json-stringify-string-builder-overflow.js: Added.
347
348 2018-12-18  Ross Kirsling  <ross.kirsling@sony.com>
349
350         Redeclaration of var over let/const/class should be a syntax error.
351         https://bugs.webkit.org/show_bug.cgi?id=192298
352
353         Reviewed by Keith Miller.
354
355         * test262.yaml:
356         * test262/expectations.yaml:
357         Mark 46 tests as passing.
358
359         * stress/block-scope-redeclarations.js:
360         Add some new tests.
361
362         * stress/for-in-invalidate-context-weird-assignments.js:
363         * stress/for-in-tests.js:
364         Replace tests for outdated behavior with tests for SyntaxError.
365
366         * ChakraCore/test/LetConst/defer3.baseline-jsc:
367         * ChakraCore/test/LetConst/letvar.baseline-jsc:
368         Update expectations.
369
370 2018-12-18  Mark Lam  <mark.lam@apple.com>
371
372         Skip the stress/elidable-new-object-roflcopter-then-exit.js test on 32-bit.
373         https://bugs.webkit.org/show_bug.cgi?id=191374
374         <rdar://problem/46525447>
375
376         Reviewed by Yusuke Suzuki.
377
378         This test runs too slow on 32-bit, and is not relevant for non-JIT builds.
379
380         * stress/elidable-new-object-roflcopter-then-exit.js:
381
382 2018-12-17  Mark Lam  <mark.lam@apple.com>
383
384         Skip the stress/materialized-regexp-has-correct-last-index-set-by-match.js test on 32-bit.
385         https://bugs.webkit.org/show_bug.cgi?id=192019
386         <rdar://problem/46525456>
387
388         Reviewed by Yusuke Suzuki.
389
390         The test runs too slow on 32-bit.
391
392         * stress/materialized-regexp-has-correct-last-index-set-by-match.js:
393
394 2018-12-17  Mark Lam  <mark.lam@apple.com>
395
396         Skip the stress/materialize-regexp-cyclic-regexp.js test on 32-bit.
397         https://bugs.webkit.org/show_bug.cgi?id=191373
398         <rdar://problem/46525458>
399
400         Reviewed by Yusuke Suzuki.
401
402         The test is already slow running with a JIT on 64-bit.  It will always timeout
403         on 32-bit without a JIT.
404
405         * stress/materialize-regexp-cyclic-regexp.js:
406
407 2018-12-17  Mark Lam  <mark.lam@apple.com>
408
409         Array unshift/shift should not race against the AI in the compiler thread.
410         https://bugs.webkit.org/show_bug.cgi?id=192795
411         <rdar://problem/46724263>
412
413         Reviewed by Saam Barati.
414
415         * stress/array-unshift-should-not-race-against-compiler-thread.js: Added.
416
417 2018-12-16  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
418
419         [JSC] Optimize Object.keys by caching own keys results in StructureRareData
420         https://bugs.webkit.org/show_bug.cgi?id=190047
421
422         Reviewed by Saam Barati.
423
424         * stress/object-keys-cached-zero.js: Added.
425         (shouldBe):
426         (test):
427         * stress/object-keys-changed-attribute.js: Added.
428         (shouldBe):
429         (test):
430         * stress/object-keys-changed-index.js: Added.
431         (shouldBe):
432         (test):
433         * stress/object-keys-changed.js: Added.
434         (shouldBe):
435         (test):
436         * stress/object-keys-indexed-non-cache.js: Added.
437         (shouldBe):
438         (test):
439         * stress/object-keys-overrides-get-property-names.js: Added.
440         (shouldBe):
441         (test):
442         (noInline):
443
444 2018-12-17  Mark Lam  <mark.lam@apple.com>
445
446         SamplingProfiler's isValidFramePointer() should reject address at stack origin.
447         https://bugs.webkit.org/show_bug.cgi?id=192779
448         <rdar://problem/46775869>
449
450         Reviewed by Saam Barati.
451
452         * stress/sampling-profiler-should-not-sample-beyond-stack-bounds.js: Added.
453
454 2018-12-17  Ryan Haddad  <ryanhaddad@apple.com>
455
456         Unreviewed test gardening, address a syntax error in a new test.
457
458         * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js:
459
460 2018-12-17  Mark Lam  <mark.lam@apple.com>
461
462         Suppress ASAN on valid stack accesses in Probe-based OSRExit::executeOSRExit().
463         https://bugs.webkit.org/show_bug.cgi?id=192776
464         <rdar://problem/46772368>
465
466         Reviewed by Keith Miller.
467
468         * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js: Added.
469
470 2018-12-17  Mark Lam  <mark.lam@apple.com>
471
472         Fix stale assertion in attemptToForceStringArrayModeByToStringConversion().
473         https://bugs.webkit.org/show_bug.cgi?id=192770
474         <rdar://problem/46449037>
475
476         Reviewed by Keith Miller.
477
478         * stress/force-string-arrayMode-on-originalNonArray-array-class.js: Added.
479
480 2018-12-14  Mark Lam  <mark.lam@apple.com>
481
482         CallFrame::convertToStackOverflowFrame() needs to keep the top CodeBlock alive.
483         https://bugs.webkit.org/show_bug.cgi?id=192717
484         <rdar://problem/46660677>
485
486         Reviewed by Saam Barati.
487
488         * stress/regress-192717.js: Added.
489
490 2018-12-14  Commit Queue  <commit-queue@webkit.org>
491
492         Unreviewed, rolling out r239153, r239154, and r239155.
493         https://bugs.webkit.org/show_bug.cgi?id=192715
494
495         Caused flaky GC-related crashes seen with layout tests
496         (Requested by ryanhaddad on #webkit).
497
498         Reverted changesets:
499
500         "[JSC] Optimize Object.keys by caching own keys results in
501         StructureRareData"
502         https://bugs.webkit.org/show_bug.cgi?id=190047
503         https://trac.webkit.org/changeset/239153
504
505         "Unreviewed, build fix after r239153"
506         https://bugs.webkit.org/show_bug.cgi?id=190047
507         https://trac.webkit.org/changeset/239154
508
509         "Unreviewed, build fix after r239153, part 2"
510         https://bugs.webkit.org/show_bug.cgi?id=190047
511         https://trac.webkit.org/changeset/239155
512
513 2018-12-14  Keith Miller  <keith_miller@apple.com>
514
515         Callers of JSString::getIndex should check for OOM exceptions
516         https://bugs.webkit.org/show_bug.cgi?id=192709
517
518         Reviewed by Mark Lam.
519
520         * stress/StringObject-define-length-getter-rope-string-oom.js: Added.
521
522 2018-12-13  Mark Lam  <mark.lam@apple.com>
523
524         Add a missing exception check.
525         https://bugs.webkit.org/show_bug.cgi?id=192626
526         <rdar://problem/46662163>
527
528         Reviewed by Keith Miller.
529
530         * stress/regress-192626.js: Added.
531
532 2018-12-13  Caio Lima  <ticaiolima@gmail.com>
533
534         [BigInt] Add ValueDiv into DFG
535         https://bugs.webkit.org/show_bug.cgi?id=186178
536
537         Reviewed by Yusuke Suzuki.
538
539         * stress/big-int-div-jit-osr.js: Added.
540         * stress/big-int-div-jit-untyped.js: Added.
541         * stress/value-div-fixup-int32-big-int.js: Added.
542
543 2018-12-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
544
545         [JSC] Optimize Object.keys by caching own keys results in StructureRareData
546         https://bugs.webkit.org/show_bug.cgi?id=190047
547
548         Reviewed by Keith Miller.
549
550         * stress/object-keys-cached-zero.js: Added.
551         (shouldBe):
552         (test):
553         * stress/object-keys-changed-attribute.js: Added.
554         (shouldBe):
555         (test):
556         * stress/object-keys-changed-index.js: Added.
557         (shouldBe):
558         (test):
559         * stress/object-keys-changed.js: Added.
560         (shouldBe):
561         (test):
562         * stress/object-keys-indexed-non-cache.js: Added.
563         (shouldBe):
564         (test):
565         * stress/object-keys-overrides-get-property-names.js: Added.
566         (shouldBe):
567         (test):
568         (noInline):
569
570 2018-12-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
571
572         [DFG][FTL] Add NewSymbol
573         https://bugs.webkit.org/show_bug.cgi?id=192620
574
575         Reviewed by Saam Barati.
576
577         * microbenchmarks/symbol-creation.js: Added.
578         (test):
579         * stress/symbol-description-identity.js: Added.
580         (shouldBe):
581         (test):
582         * stress/symbol-identity.js: Added.
583         (shouldBe):
584         (test):
585         * stress/symbol-with-description-throw-error.js: Added.
586         (shouldBe):
587         (shouldThrow):
588         (test):
589         (object.toString):
590
591 2018-12-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
592
593         [BigInt] Implement DFG/FTL typeof for BigInt
594         https://bugs.webkit.org/show_bug.cgi?id=192619
595
596         Reviewed by Keith Miller.
597
598         * stress/big-int-boolean-proven-type.js: Added.
599         (assert):
600         (bool):
601         * stress/big-int-type-of-proven-type-non-constant-including-symbol.js: Added.
602         (assert):
603         (typeOf):
604         (i.switch):
605         * stress/big-int-type-of-proven-type-non-constant.js: Added.
606         (assert):
607         (typeOf):
608         * stress/big-int-type-of.js:
609         (typeOf):
610         (func):
611
612 2018-12-10  Mark Lam  <mark.lam@apple.com>
613
614         PropertyAttribute needs a CustomValue bit.
615         https://bugs.webkit.org/show_bug.cgi?id=191993
616         <rdar://problem/46264467>
617
618         Reviewed by Saam Barati.
619
620         * stress/regress-191993.js: Added.
621
622 2018-12-10  Caio Lima  <ticaiolima@gmail.com>
623
624         [BigInt] Add ValueMul into DFG
625         https://bugs.webkit.org/show_bug.cgi?id=186175
626
627         Reviewed by Yusuke Suzuki.
628
629         * stress/big-int-mul-jit-osr.js: Added.
630         * stress/big-int-mul-jit-untyped.js: Added.
631         * stress/value-mul-fixup-int32-big-int.js: Added.
632
633 2018-12-06  Keith Miller  <keith_miller@apple.com>
634
635         stress/big-wasm-memory tests failing on 32-bit JSC bot
636         https://bugs.webkit.org/show_bug.cgi?id=192020
637
638         Reviewed by Saam Barati.
639
640         Not every platform has WebAssembly, e.g. 32-bit, so we should exit
641         the wasm stress tests if the WebAssembly object does not exist.
642
643         * stress/big-wasm-memory-grow-no-max.js:
644         (test.foo):
645         (test):
646         (foo): Deleted.
647         (catch): Deleted.
648         * stress/big-wasm-memory-grow.js:
649         (test.foo):
650         (test):
651         (foo): Deleted.
652         (catch): Deleted.
653         * stress/big-wasm-memory.js:
654         (test.foo):
655         (test):
656         (foo): Deleted.
657         (catch): Deleted.
658
659 2018-12-05  Mark Lam  <mark.lam@apple.com>
660
661         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
662         https://bugs.webkit.org/show_bug.cgi?id=192441
663         <rdar://problem/46480355>
664
665         Reviewed by Saam Barati.
666
667         * stress/regress-192441.js: Added.
668
669 2018-12-04  Mark Lam  <mark.lam@apple.com>
670
671         DFG's StrengthReduction phase should not reduce Construct into DirectContruct when the executable does not have constructAbility.
672         https://bugs.webkit.org/show_bug.cgi?id=192386
673         <rdar://problem/46445516>
674
675         Reviewed by Saam Barati.
676
677         * stress/regress-192386.js: Added.
678
679 2018-12-04  Caio Lima  <ticaiolima@gmail.com>
680
681         [ESNext][BigInt] Support logic operations
682         https://bugs.webkit.org/show_bug.cgi?id=179903
683
684         Reviewed by Yusuke Suzuki.
685
686         * stress/big-int-branch-usage.js: Added.
687         * stress/big-int-logical-and.js: Added.
688         * stress/big-int-logical-not.js: Added.
689         * stress/big-int-logical-or.js: Added.
690
691 2018-12-03  Ryan Haddad  <ryanhaddad@apple.com>
692
693         Unreviewed, rolling out r238833.
694
695         Breaks macOS and iOS debug builds.
696
697         Reverted changeset:
698
699         "[ESNext][BigInt] Support logic operations"
700         https://bugs.webkit.org/show_bug.cgi?id=179903
701         https://trac.webkit.org/changeset/238833
702
703 2018-12-03  Caio Lima  <ticaiolima@gmail.com>
704
705         [ESNext][BigInt] Support logic operations
706         https://bugs.webkit.org/show_bug.cgi?id=179903
707
708         Reviewed by Yusuke Suzuki.
709
710         * stress/big-int-branch-usage.js: Added.
711         * stress/big-int-logical-and.js: Added.
712         * stress/big-int-logical-not.js: Added.
713         * stress/big-int-logical-or.js: Added.
714
715 2018-12-02  Caio Lima  <ticaiolima@gmail.com>
716
717         [ESNext][BigInt] Implement support for "<<" and ">>"
718         https://bugs.webkit.org/show_bug.cgi?id=186233
719
720         Reviewed by Yusuke Suzuki.
721
722         * stress/big-int-left-shift-general.js: Added.
723         * stress/big-int-left-shift-range-error.js: Added.
724         * stress/big-int-left-shift-type-error.js: Added.
725         * stress/big-int-left-shift-wrapped-value.js: Added.
726         * stress/big-int-right-shift-general.js: Added.
727         * stress/big-int-right-shift-type-error.js: Added.
728         * stress/big-int-right-shift-wrapped-value.js: Added.
729         * stress/left-shift-to-primitive-precedence.js: Added.
730         * stress/right-shift-to-primitive-precedence.js: Added.
731
732 2018-11-30  Dean Jackson  <dino@apple.com>
733
734         Add first-class support for .mjs files in jsc binary
735         https://bugs.webkit.org/show_bug.cgi?id=192190
736         <rdar://problem/46375715>
737
738         Reviewed by Keith Miller.
739
740         * stress/simple-module.mjs: Added.
741         * stress/simple-script.js: Added.
742
743 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
744
745         [BigInt] Implement ValueBitXor into DFG
746         https://bugs.webkit.org/show_bug.cgi?id=190264
747
748         Reviewed by Yusuke Suzuki.
749
750         * stress/big-int-bitwise-xor-jit.js: Added.
751         * stress/big-int-bitwise-xor-memory-stress.js: Added.
752         * stress/big-int-bitwise-xor-untyped.js: Added.
753
754 2018-11-27  Saam barati  <sbarati@apple.com>
755
756         r238510 broke scopes of size zero
757         https://bugs.webkit.org/show_bug.cgi?id=192033
758         <rdar://problem/46281734>
759
760         Reviewed by Keith Miller.
761
762         * stress/r238510-bad-loop.js: Added.
763         (foo):
764
765 2018-11-27  Mark Lam  <mark.lam@apple.com>
766
767         [Re-landing] NaNs read from Wasm code needs to be be purified.
768         https://bugs.webkit.org/show_bug.cgi?id=191056
769         <rdar://problem/45660341>
770
771         Reviewed by Filip Pizlo.
772
773         * wasm/regress/regress-191056.js: Added.
774
775 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
776
777         Unreviewed, rolling out r238509.
778
779         Causes JSC tests to fail on iOS.
780
781         Reverted changeset:
782
783         "NaNs read from Wasm code needs to be be purified."
784         https://bugs.webkit.org/show_bug.cgi?id=191056
785         https://trac.webkit.org/changeset/238509
786
787 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
788
789         Re-introduce op_bitnot
790         https://bugs.webkit.org/show_bug.cgi?id=190923
791
792         Reviewed by Yusuke Suzuki.
793
794         * stress/bit-not-must-generate.js: Added.
795         * stress/bitwise-not-no-int32.js: Added.
796
797 2018-11-26  Saam barati  <sbarati@apple.com>
798
799         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
800         https://bugs.webkit.org/show_bug.cgi?id=191956
801         <rdar://problem/45665806>
802
803         Reviewed by Yusuke Suzuki.
804
805         * stress/end-basic-block-set-local-should-filter-type.js: Added.
806         (bar):
807         (foo):
808
809 2018-11-26  Saam barati  <sbarati@apple.com>
810
811         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
812         https://bugs.webkit.org/show_bug.cgi?id=191958
813         <rdar://problem/46221877>
814
815         Reviewed by Yusuke Suzuki.
816
817         * stress/object-allocation-sinking-phase-needs-to-write-to-each-scope-offset.js: Added.
818         (x):
819         (foo):
820
821 2018-11-26  Mark Lam  <mark.lam@apple.com>
822
823         NaNs read from Wasm code needs to be be purified.
824         https://bugs.webkit.org/show_bug.cgi?id=191056
825         <rdar://problem/45660341>
826
827         Reviewed by Filip Pizlo.
828
829         * wasm/regress/regress-191056.js: Added.
830
831 2018-11-26  Michael Saboff  <msaboff@apple.com>
832
833         32-bit JSC test failure: stress/regexp-compile-oom.js
834         https://bugs.webkit.org/show_bug.cgi?id=191375
835
836         Reviewed by Mark Lam.
837
838         Disabled the test for 32 bit platforms.
839
840         * stress/regexp-compile-oom.js:
841
842 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
843
844         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
845         https://bugs.webkit.org/show_bug.cgi?id=191716
846         <rdar://problem/45723878>
847
848         Reviewed by Saam Barati.
849
850         * stress/regress-187373.js: Added.
851         (async.fn):
852
853 2018-11-21  Saam barati  <sbarati@apple.com>
854
855         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
856         https://bugs.webkit.org/show_bug.cgi?id=191897
857         <rdar://problem/45871998>
858
859         Reviewed by Mark Lam.
860
861         * stress/exitok-is-not-the-same-as-mayExit.js: Added.
862         (bar):
863         (foo):
864
865 2018-11-21  Saam barati  <sbarati@apple.com>
866
867         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
868         https://bugs.webkit.org/show_bug.cgi?id=191895
869         <rdar://problem/46167406>
870
871         Reviewed by Mark Lam.
872
873         * stress/known-cell-use-needs-type-check-assertion.js: Added.
874         (foo):
875         (bar):
876
877 2018-11-21  Mark Lam  <mark.lam@apple.com>
878
879         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
880         https://bugs.webkit.org/show_bug.cgi?id=191776
881         <rdar://problem/46152851>
882
883         Reviewed by Saam Barati.
884
885         * stress/big-wasm-memory-grow-no-max.js:
886         * stress/big-wasm-memory-grow.js:
887         * stress/big-wasm-memory.js:
888         - updated these to expect an OutOfMemoryError.
889
890         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE-2.js: Added.
891         (Binary.prototype.emit_u8):
892         (Binary.prototype.emit_u32v):
893         (Binary.prototype.emit_header):
894         (Binary.prototype.emit_section):
895         (Binary):
896         (WasmModuleBuilder):
897         (WasmModuleBuilder.prototype.addMemory):
898         (WasmModuleBuilder.prototype.toArray):
899         (WasmModuleBuilder.prototype.toBuffer):
900         (WasmModuleBuilder.prototype.instantiate):
901         (catch):
902         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE.js: Added.
903         (catch):
904
905 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
906
907         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
908         https://bugs.webkit.org/show_bug.cgi?id=190836
909
910         Reviewed by Saam Barati and Yusuke Suzuki.
911
912         * stress/big-int-out-of-memory-tests.js: Added.
913
914 2018-11-20  Mark Lam  <mark.lam@apple.com>
915
916         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
917         https://bugs.webkit.org/show_bug.cgi?id=191856
918         <rdar://problem/46089992>
919
920         Reviewed by Yusuke Suzuki.
921
922         * stress/regress-191856.js: Added.
923         - this test is skipped for now until we have a fix for webkit.org/b/191855.
924
925 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
926
927         Enable JIT on ARM/Linux
928         https://bugs.webkit.org/show_bug.cgi?id=191548
929
930         Reviewed by Yusuke Suzuki.
931
932         Disable test on system with limited memory. Program was killed by
933         the OS before the exception was thrown.
934
935         * slowMicrobenchmarks/function-constructor-with-huge-strings.js:
936
937 2018-11-20  Saam barati  <sbarati@apple.com>
938
939         Merging an IC variant may lead to the IC status containing overlapping structure sets
940         https://bugs.webkit.org/show_bug.cgi?id=191869
941         <rdar://problem/45403453>
942
943         Reviewed by Mark Lam.
944
945         * stress/merging-ic-variants-should-bail-if-structures-overlap.js: Added.
946
947 2018-11-19  Mark Lam  <mark.lam@apple.com>
948
949         globalFuncImportModule() should return a promise when it clears exceptions.
950         https://bugs.webkit.org/show_bug.cgi?id=191792
951         <rdar://problem/46090763>
952
953         Reviewed by Michael Saboff.
954
955         * stress/global-import-function-should-return-a-promise-when-clearing-exceptions.js: Added.
956
957 2018-11-19  Guillaume Emont  <guijemont@igalia.com>
958
959         Skip new memory-hungry tests on memory limited devices
960
961         Unreviewed gardening.
962
963         * stress/big-wasm-memory-grow-no-max.js:
964         * stress/big-wasm-memory-grow.js:
965         * stress/big-wasm-memory.js:
966
967 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
968
969         Unreviewed, rolling in the rest of r237254
970         https://bugs.webkit.org/show_bug.cgi?id=190340
971
972         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
973         * stress/function-cache-with-parameters-end-position.js: Added.
974         (shouldBe):
975         (shouldThrow):
976         (i.anonymous):
977         * stress/function-constructor-name.js: Added.
978         (shouldBe):
979         (GeneratorFunction):
980         (AsyncFunction.async):
981         (AsyncGeneratorFunction.async):
982         (anonymous):
983         (async.anonymous):
984         * test262/expectations.yaml:
985
986 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
987
988         All users of ArrayBuffer should agree on the same max size
989         https://bugs.webkit.org/show_bug.cgi?id=191771
990
991         Reviewed by Mark Lam.
992
993         * stress/big-wasm-memory-grow-no-max.js: Added.
994         (foo):
995         (catch):
996         * stress/big-wasm-memory-grow.js: Added.
997         (foo):
998         (catch):
999         * stress/big-wasm-memory.js: Added.
1000         (foo):
1001         (catch):
1002
1003 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1004
1005         Unreviewed, make some more tests not crash my computer by only running on instance of it. These tests do not need to
1006         run for each JSC config since they're regression tests for runtime bugs.
1007
1008         * stress/json-stringified-overflow-2.js:
1009         * stress/json-stringified-overflow.js:
1010
1011 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1012
1013         Unreviewed, make some tests not crash my computer by only running on instance of it. These tests do not need to run for each JSC
1014         config since they're regression tests for runtime bugs.
1015
1016         * stress/large-unshift-splice.js:
1017         * stress/regress-185888.js:
1018
1019 2018-11-16  Saam Barati  <sbarati@apple.com>
1020
1021         KnownCellUse should also have SpecCellCheck as its type filter
1022         https://bugs.webkit.org/show_bug.cgi?id=191729
1023         <rdar://problem/45872852>
1024
1025         Reviewed by Filip Pizlo.
1026
1027         * stress/known-cell-type-check-should-allow-empty-value-to-flow-through.js: Added.
1028         (C):
1029
1030 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
1031
1032         Fix assertion failure on BytecodeGenerator::recordOpcode
1033         https://bugs.webkit.org/show_bug.cgi?id=191724
1034         <rdar://problem/45724395>
1035
1036         Reviewed by Saam Barati.
1037
1038         * stress/regress-187373-2.js: Added.
1039         (foo):
1040
1041 2018-11-15  Mark Lam  <mark.lam@apple.com>
1042
1043         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
1044         https://bugs.webkit.org/show_bug.cgi?id=191730
1045         <rdar://problem/46048517>
1046
1047         Reviewed by Saam Barati.
1048
1049         * stress/regress-187006.js: Removed.
1050           - this test is invalid because its sole purpose is to test for the non-spec
1051             compliant behavior that we just fixed.
1052
1053         * stress/regress-191730.js: Added.
1054
1055 2018-11-15  Mark Lam  <mark.lam@apple.com>
1056
1057         RegExp operations should not take fast patch if lastIndex is not numeric.
1058         https://bugs.webkit.org/show_bug.cgi?id=191731
1059         <rdar://problem/46017305>
1060
1061         Reviewed by Saam Barati.
1062
1063         * stress/regress-191731.js: Added.
1064
1065 2018-11-13  Saam Barati  <sbarati@apple.com>
1066
1067         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
1068         https://bugs.webkit.org/show_bug.cgi?id=191600
1069
1070         Reviewed by Mark Lam.
1071
1072         * stress/type-profiler-log-should-defer-pending-exceptions.js: Added.
1073         (foo):
1074         (test):
1075         (bar):
1076
1077 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
1078
1079         Unreviewed, rolling out r238132.
1080
1081         The test added with this change is timing out on Debug JSC
1082         bots.
1083
1084         Reverted changeset:
1085
1086         "[BigInt] JSBigInt::createWithLength should throw when length
1087         is greater than JSBigInt::maxLength"
1088         https://bugs.webkit.org/show_bug.cgi?id=190836
1089         https://trac.webkit.org/changeset/238132
1090
1091 2018-11-13  Mark Lam  <mark.lam@apple.com>
1092
1093         Add OOM detection to StringPrototype's substituteBackreferences().
1094         https://bugs.webkit.org/show_bug.cgi?id=191563
1095         <rdar://problem/45720428>
1096
1097         Reviewed by Saam Barati.
1098
1099         * stress/regress-191563.js: Added.
1100
1101 2018-11-13  Mark Lam  <mark.lam@apple.com>
1102
1103         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
1104         https://bugs.webkit.org/show_bug.cgi?id=191579
1105         <rdar://problem/45942472>
1106
1107         Reviewed by Saam Barati.
1108
1109         * stress/regress-191579.js: Added.
1110
1111 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
1112
1113         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
1114         https://bugs.webkit.org/show_bug.cgi?id=190836
1115
1116         Reviewed by Saam Barati.
1117
1118         * stress/big-int-out-of-memory-tests.js: Added.
1119
1120 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
1121
1122         U+180E is no longer a whitespace character
1123         https://bugs.webkit.org/show_bug.cgi?id=191415
1124
1125         Reviewed by Saam Barati.
1126
1127         * ChakraCore/test/es5/regexSpace.baseline:
1128         * ChakraCore/test/es6/unicode_whitespace.js:
1129         Update tests to latest version.
1130         (See https://github.com/Microsoft/ChakraCore/commit/7c097b698de1e400286f9b957597b2a81fc6f80b.)
1131
1132         * test262.yaml:
1133         * test262/config.yaml:
1134         * test262/expectations.yaml:
1135         Update expectations.
1136
1137 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
1138
1139         [BigInt] Add support to BigInt into ValueAdd
1140         https://bugs.webkit.org/show_bug.cgi?id=186177
1141
1142         Reviewed by Keith Miller.
1143
1144         * stress/big-int-negate-jit.js:
1145         * stress/value-add-big-int-and-string.js: Added.
1146         * stress/value-add-big-int-prediction-propagation.js: Added.
1147         * stress/value-add-big-int-untyped.js: Added.
1148
1149 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
1150
1151         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
1152         https://bugs.webkit.org/show_bug.cgi?id=191184
1153
1154         Reviewed by Saam Barati.
1155
1156         Most tests were failing due to timeouts, since they are too slow to
1157         run on CLoop. The exceptions are:
1158
1159         proxy-get-set-correct-receiver.js: Had to reduce the recursion depth not to overflow on CLoop
1160         dont-crash-on-stack-overflow-when-parsing-builtin.js and
1161         dont-crash-on-stack-overflow-when-parsing-default-constructor.js: had
1162         to change the stack size since CLoop requires it to be page aligned.
1163
1164         * microbenchmarks/array-push-1.js:
1165         * microbenchmarks/array-push-2.js:
1166         * microbenchmarks/elidable-new-object-dag.js:
1167         * microbenchmarks/elidable-new-object-roflcopter.js:
1168         * microbenchmarks/elidable-new-object-tree.js:
1169         * microbenchmarks/getter-richards.js:
1170         * microbenchmarks/sinkable-new-object-dag.js:
1171         * microbenchmarks/string-concat-long-convert.js:
1172         * microbenchmarks/typed-array-get-set-by-val-profiling.js:
1173         * slowMicrobenchmarks/array-push-3.js:
1174         * slowMicrobenchmarks/large-map-iteration-with-additions.js:
1175         * slowMicrobenchmarks/spread-small-array.js:
1176         * slowMicrobenchmarks/undefined-property-access.js:
1177         * stress/activation-sink-default-value-tdz-error.js:
1178         * stress/activation-sink-default-value.js:
1179         * stress/activation-sink-osrexit-default-value-tdz-error.js:
1180         * stress/activation-sink-osrexit-default-value.js:
1181         * stress/activation-sink-osrexit.js:
1182         * stress/activation-sink.js:
1183         * stress/allow-math-ic-b3-code-duplication.js:
1184         * stress/array-push-multiple-int32.js:
1185         * stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js:
1186         * stress/arrowfunction-lexical-this-activation-sink-osrexit.js:
1187         * stress/arrowfunction-lexical-this-activation-sink.js:
1188         * stress/dont-crash-on-stack-overflow-when-parsing-builtin.js:
1189         * stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js:
1190         * stress/elide-new-object-dag-then-exit.js:
1191         * stress/materialize-regexp-cyclic.js:
1192         * stress/new-regex-inline.js:
1193         * stress/op_add.js:
1194         * stress/op_bitand.js:
1195         * stress/op_bitor.js:
1196         * stress/op_bitxor.js:
1197         * stress/op_div-ConstVar.js:
1198         * stress/op_div-VarConst.js:
1199         * stress/op_div-VarVar.js:
1200         * stress/op_lshift-ConstVar.js:
1201         * stress/op_lshift-VarConst.js:
1202         * stress/op_lshift-VarVar.js:
1203         * stress/op_mod-ConstVar.js:
1204         * stress/op_mod-VarConst.js:
1205         * stress/op_mod-VarVar.js:
1206         * stress/op_mul-ConstVar.js:
1207         * stress/op_mul-VarConst.js:
1208         * stress/op_mul-VarVar.js:
1209         * stress/op_rshift-ConstVar.js:
1210         * stress/op_rshift-VarConst.js:
1211         * stress/op_rshift-VarVar.js:
1212         * stress/op_sub-ConstVar.js:
1213         * stress/op_sub-VarConst.js:
1214         * stress/op_sub-VarVar.js:
1215         * stress/op_urshift-ConstVar.js:
1216         * stress/op_urshift-VarConst.js:
1217         * stress/op_urshift-VarVar.js:
1218         * stress/proxy-get-set-correct-receiver.js:
1219         * stress/regress-179562.js:
1220         * stress/rest-parameter-many-arguments.js:
1221         * stress/sampling-profiler-richards.js:
1222         * stress/splay-flash-access-1ms.js:
1223         * stress/tailCallForwardArguments.js:
1224         * stress/typed-array-get-by-val-profiling.js:
1225         * typeProfiler/getter-richards.js:
1226
1227 2018-11-06  Michael Saboff  <msaboff@apple.com>
1228
1229         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
1230         https://bugs.webkit.org/show_bug.cgi?id=191271
1231
1232         Reviewed by Saam Barati.
1233
1234         Added more test cases and made all test cases run with the same deeply recursive stack
1235         instead of finding that same point for each test case.
1236
1237         * stress/regexp-compile-oom.js:
1238         (prototype.runTest):
1239         (recurseAndTest):
1240         (testList.push.new.TestAndExpectedException):
1241
1242 2018-11-05  Michael Saboff  <msaboff@apple.com>
1243
1244         Unreviewed build fix for linux.
1245
1246         * stress/regexp-compile-oom.js: Disabled for non-darwin OSes.
1247
1248 2018-11-02  Michael Saboff  <msaboff@apple.com>
1249
1250         Rolling in r237753 with unreviewed build fix.
1251
1252         Fixed issues with DECLARE_THROW_SCOPE placement.
1253
1254 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
1255
1256         Unreviewed, rolling out r237753.
1257
1258         Introduced JSC test failures
1259
1260         Reverted changeset:
1261
1262         "Running out of stack space not properly handled in
1263         RegExp::compile() and its callers"
1264         https://bugs.webkit.org/show_bug.cgi?id=191206
1265         https://trac.webkit.org/changeset/237753
1266
1267 2018-11-02  Michael Saboff  <msaboff@apple.com>
1268
1269         Running out of stack space not properly handled in RegExp::compile() and its callers
1270         https://bugs.webkit.org/show_bug.cgi?id=191206
1271
1272         Reviewed by Filip Pizlo.
1273
1274         New regression test.
1275
1276         * stress/regexp-compile-oom.js: Added.
1277         (recurseAndTest):
1278
1279 2018-11-01  Guillaume Emont  <guijemont@igalia.com>
1280
1281         Skip tests on arm/mips that time out now we're running on CLoop
1282
1283         Unreviewed gardening.
1284
1285         Since the JIT is temporarily disabled on 32-bit platforms, these tests
1286         time out on the bots and need to be disabled. There's more tests
1287         disabled on arm because the timeout is longer on the mips bot (as the
1288         device is slower to start with), so many of the tests don't time out
1289         there.
1290
1291         * microbenchmarks/getter-richards.js: disable on arm and mips.
1292         * stress/op_add.js: disable on arm.
1293         * stress/op_bitand.js: disable on arm.
1294         * stress/op_bitor.js: disable on arm.
1295         * stress/op_bitxor.js: disable on arm.
1296         * stress/op_lshift-ConstVar.js: disable on arm.
1297         * stress/op_lshift-VarConst.js: disable on arm.
1298         * stress/op_lshift-VarVar.js: disable on arm.
1299         * stress/op_mod-ConstVar.js: disable on arm.
1300         * stress/op_mod-VarConst.js: disable on arm.
1301         * stress/op_mod-VarVar.js: disable on arm.
1302         * stress/op_mul-ConstVar.js: disable on arm.
1303         * stress/op_mul-VarConst.js: disable on arm.
1304         * stress/op_mul-VarVar.js: disable on arm.
1305         * stress/op_rshift-ConstVar.js: disable on arm.
1306         * stress/op_rshift-VarConst.js: disable on arm.
1307         * stress/op_rshift-VarVar.js: disable on arm.
1308         * stress/op_sub-ConstVar.js: disable on arm.
1309         * stress/op_sub-VarConst.js: disable on arm.
1310         * stress/op_sub-VarVar.js: disable on arm.
1311         * stress/op_urshift-ConstVar.js: disable on arm.
1312         * stress/op_urshift-VarConst.js: disable on arm.
1313         * stress/op_urshift-VarVar.js: disable on arm.
1314         * stress/spread-forward-call-varargs-stack-overflow.js: disable on arm.
1315         * stress/value-to-boolean.js: disable on arm and mips.
1316
1317 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1318
1319         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1320         https://bugs.webkit.org/show_bug.cgi?id=191108
1321         <rdar://problem/45690700>
1322
1323         Reviewed by Saam Barati.
1324
1325         * stress/wide-op_catch.js: Added.
1326         (catch):
1327
1328 2018-10-29  Mark Lam  <mark.lam@apple.com>
1329
1330         Correctly detect string overflow when using the 'Function' constructor.
1331         https://bugs.webkit.org/show_bug.cgi?id=184883
1332         <rdar://problem/36320331>
1333
1334         Reviewed by Saam Barati.
1335
1336         I've verified that this passes on 32-bit as well.
1337
1338         * slowMicrobenchmarks/function-constructor-with-huge-strings.js: Added.
1339
1340 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1341
1342         Add support for GetStack FlushedDouble
1343         https://bugs.webkit.org/show_bug.cgi?id=191012
1344         <rdar://problem/45265141>
1345
1346         Reviewed by Saam Barati.
1347
1348         * stress/get-stack-double.js: Added.
1349         (bar):
1350         (noInline):
1351
1352 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1353
1354         New bytecode format for JSC
1355         https://bugs.webkit.org/show_bug.cgi?id=187373
1356         <rdar://problem/44186758>
1357
1358         Reviewed by Filip Pizlo.
1359
1360         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
1361
1362         * stress/maximum-inline-capacity.js: Added.
1363         (test1):
1364         (test3.Foo):
1365         (test3):
1366
1367 2018-10-26  Commit Queue  <commit-queue@webkit.org>
1368
1369         Unreviewed, rolling out r237479 and r237484.
1370         https://bugs.webkit.org/show_bug.cgi?id=190978
1371
1372         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
1373
1374         Reverted changesets:
1375
1376         "New bytecode format for JSC"
1377         https://bugs.webkit.org/show_bug.cgi?id=187373
1378         https://trac.webkit.org/changeset/237479
1379
1380         "Gardening: Build fix after r237479."
1381         https://bugs.webkit.org/show_bug.cgi?id=187373
1382         https://trac.webkit.org/changeset/237484
1383
1384 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
1385
1386         New bytecode format for JSC
1387         https://bugs.webkit.org/show_bug.cgi?id=187373
1388         <rdar://problem/44186758>
1389
1390         Reviewed by Filip Pizlo.
1391
1392         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
1393
1394         * stress/maximum-inline-capacity.js: Added.
1395         (test1):
1396         (test3.Foo):
1397         (test3):
1398
1399 2018-10-26  Mark Lam  <mark.lam@apple.com>
1400
1401         Fix missing edge cases with JSGlobalObjects having a bad time.
1402         https://bugs.webkit.org/show_bug.cgi?id=189028
1403         <rdar://problem/45204939>
1404
1405         Reviewed by Saam Barati.
1406
1407         * stress/regress-189028.js: Added.
1408
1409 2018-10-22  Mark Lam  <mark.lam@apple.com>
1410
1411         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
1412         https://bugs.webkit.org/show_bug.cgi?id=190515
1413         <rdar://problem/45222379>
1414
1415         Rubber-stamped by Saam Barati.
1416
1417         Adding another test.
1418
1419         * stress/regress-190515-2.js: Added.
1420
1421 2018-10-22  Mark Lam  <mark.lam@apple.com>
1422
1423         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
1424         https://bugs.webkit.org/show_bug.cgi?id=190515
1425         <rdar://problem/45222379>
1426
1427         Reviewed by Saam Barati.
1428
1429         * stress/regress-190515.js: Added.
1430
1431 2018-10-19  Commit Queue  <commit-queue@webkit.org>
1432
1433         Unreviewed, rolling out r237254.
1434         https://bugs.webkit.org/show_bug.cgi?id=190760
1435
1436         "It regresses JetStream 2 by 5% on some iOS devices"
1437         (Requested by saamyjoon on #webkit).
1438
1439         Reverted changeset:
1440
1441         "[JSC] JSC should have "parseFunction" to optimize Function
1442         constructor"
1443         https://bugs.webkit.org/show_bug.cgi?id=190340
1444         https://trac.webkit.org/changeset/237254
1445
1446 2018-10-19  Saam Barati  <sbarati@apple.com>
1447
1448         vmCall should check if we exit before emitting an OSR exit due to exceptions
1449         https://bugs.webkit.org/show_bug.cgi?id=190740
1450         <rdar://problem/45220139>
1451
1452         Reviewed by Mark Lam.
1453
1454         * stress/dont-emit-osr-exits-for-every-call-ftl.js: Added.
1455         (foo):
1456
1457 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
1458
1459         [ESNext][BigInt] Implement support for "^"
1460         https://bugs.webkit.org/show_bug.cgi?id=186235
1461
1462         Reviewed by Yusuke Suzuki.
1463
1464         * stress/big-int-bitwise-xor-general.js: Added.
1465         * stress/big-int-bitwise-xor-to-primitive-precedence.js: Added.
1466         * stress/big-int-bitwise-xor-type-error.js: Added.
1467         * stress/big-int-bitwise-xor-wrapped-value.js: Added.
1468
1469 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
1470
1471         [BigInt] Add ValueSub into DFG
1472         https://bugs.webkit.org/show_bug.cgi?id=186176
1473
1474         Reviewed by Yusuke Suzuki.
1475
1476         * stress/big-int-subtraction-jit.js:
1477         * stress/value-sub-big-int-prediction-propagation.js: Added.
1478         * stress/value-sub-big-int-untyped.js: Added.
1479         * stress/value-sub-spec-none-case.js: Added.
1480
1481 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1482
1483         [JSC] JSC should have "parseFunction" to optimize Function constructor
1484         https://bugs.webkit.org/show_bug.cgi?id=190340
1485
1486         Reviewed by Mark Lam.
1487
1488         This patch fixes the line number of syntax errors raised by the Function constructor,
1489         since we now parse the final code only once. And we no longer use block statement
1490         for Function constructor's parsing.
1491
1492         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1493         * stress/function-cache-with-parameters-end-position.js: Added.
1494         (shouldBe):
1495         (shouldThrow):
1496         (i.anonymous):
1497         * stress/function-constructor-name.js: Added.
1498         (shouldBe):
1499         (GeneratorFunction):
1500         (AsyncFunction.async):
1501         (AsyncGeneratorFunction.async):
1502         (anonymous):
1503         (async.anonymous):
1504         * test262/expectations.yaml:
1505
1506 2018-10-18  Commit Queue  <commit-queue@webkit.org>
1507
1508         Unreviewed, rolling out r237242.
1509         https://bugs.webkit.org/show_bug.cgi?id=190701
1510
1511         it breaks "stress/sampling-profiler-basic.js" (Requested by
1512         caiolima on #webkit).
1513
1514         Reverted changeset:
1515
1516         "[BigInt] Add ValueSub into DFG"
1517         https://bugs.webkit.org/show_bug.cgi?id=186176
1518         https://trac.webkit.org/changeset/237242
1519
1520 2018-10-17  Keith Miller  <keith_miller@apple.com>
1521
1522         AI does not clear Phantom allocation nodes.
1523         https://bugs.webkit.org/show_bug.cgi?id=190694
1524
1525         Reviewed by Saam Barati.
1526
1527         * stress/ftl-ai-filter-phantoms-should-clear-clear-value.js: Added.
1528         (Day):
1529         (DaysInYear):
1530         (TimeInYear):
1531         (TimeFromYear):
1532         (DayFromYear):
1533         (InLeapYear):
1534         (YearFromTime):
1535         (WeekDay):
1536         (DaylightSavingTA):
1537         (GetSecondSundayInMarch):
1538         (TimeInMonth):
1539
1540 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
1541
1542         [BigInt] Add ValueSub into DFG
1543         https://bugs.webkit.org/show_bug.cgi?id=186176
1544
1545         Reviewed by Yusuke Suzuki.
1546
1547         * stress/big-int-subtraction-jit.js:
1548         * stress/value-sub-big-int-prediction-propagation.js: Added.
1549         * stress/value-sub-big-int-untyped.js: Added.
1550
1551 2018-10-16  Dominik Infuehr  <dinfuehr@igalia.com>
1552
1553         [JSC] stress/array-prototype-concat-of-long-spliced-arrays2.js times out on arm and mips
1554         https://bugs.webkit.org/show_bug.cgi?id=190611
1555
1556         Reviewed by Saam Barati.
1557
1558         Reduce array length just like in array-prototype-concat-of-long-spliced-arrays.js
1559         to improve test runtime. On ARM/MIPS this test even timed out when running all
1560         tests.
1561
1562         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
1563         (test):
1564
1565 2018-10-15  Guillaume Emont  <guijemont@igalia.com>
1566
1567         Skip stress/array-prototype-concat-of-long-spliced-arrays2.js on arm and mips/linux
1568
1569         Unreviewed gardening.
1570
1571         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
1572
1573 2018-10-15  Saam barati  <sbarati@apple.com>
1574
1575         Emit fjcvtzs on ARM64E on Darwin
1576         https://bugs.webkit.org/show_bug.cgi?id=184023
1577
1578         Reviewed by Yusuke Suzuki and Filip Pizlo.
1579
1580         * stress/double-to-int32-NaN.js: Added.
1581         (assert):
1582         (foo):
1583
1584 2018-10-15  Saam Barati  <sbarati@apple.com>
1585
1586         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
1587         https://bugs.webkit.org/show_bug.cgi?id=190262
1588         <rdar://problem/44986241>
1589
1590         Reviewed by Mark Lam.
1591
1592         * stress/array-prototype-concat-of-long-spliced-arrays.js:
1593         (test):
1594         * stress/slice-array-storage-with-holes.js: Added.
1595         (main):
1596
1597 2018-10-15  Commit Queue  <commit-queue@webkit.org>
1598
1599         Unreviewed, rolling out r237054.
1600         https://bugs.webkit.org/show_bug.cgi?id=190593
1601
1602         "this regressed JetStream 2 by 6% on iOS" (Requested by
1603         saamyjoon on #webkit).
1604
1605         Reverted changeset:
1606
1607         "[JSC] JSC should have "parseFunction" to optimize Function
1608         constructor"
1609         https://bugs.webkit.org/show_bug.cgi?id=190340
1610         https://trac.webkit.org/changeset/237054
1611
1612 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1613
1614         [JSC] JSON.stringify can accept call-with-no-arguments
1615         https://bugs.webkit.org/show_bug.cgi?id=190343
1616
1617         Reviewed by Mark Lam.
1618
1619         * stress/json-stringify-no-arguments.js: Added.
1620         (shouldBe):
1621
1622 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1623
1624         [JSC] JSC should have "parseFunction" to optimize Function constructor
1625         https://bugs.webkit.org/show_bug.cgi?id=190340
1626
1627         Reviewed by Mark Lam.
1628
1629         This patch fixes the line number of syntax errors raised by the Function constructor,
1630         since we now parse the final code only once. And we no longer use block statement
1631         for Function constructor's parsing.
1632
1633         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1634         * stress/function-cache-with-parameters-end-position.js: Added.
1635         (shouldBe):
1636         (shouldThrow):
1637         (i.anonymous):
1638         * stress/function-constructor-name.js: Added.
1639         (shouldBe):
1640         (GeneratorFunction):
1641         (AsyncFunction.async):
1642         (AsyncGeneratorFunction.async):
1643         (anonymous):
1644         (async.anonymous):
1645         * test262/expectations.yaml:
1646
1647 2018-10-10  Guillaume Emont  <guijemont@igalia.com>
1648
1649         Skip JSC test stress/sampling-profiler-richards.js on armv7/linux
1650         https://bugs.webkit.org/show_bug.cgi?id=190426
1651
1652         Unreviewed gardening.
1653
1654         * stress/sampling-profiler-richards.js:
1655
1656 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
1657
1658         [ESNext][BigInt] Implement support for "|"
1659         https://bugs.webkit.org/show_bug.cgi?id=186229
1660
1661         Reviewed by Yusuke Suzuki.
1662
1663         * stress/big-int-bitwise-and-jit.js:
1664         * stress/big-int-bitwise-or-general.js: Added.
1665         * stress/big-int-bitwise-or-jit-untyped.js: Added.
1666         * stress/big-int-bitwise-or-jit.js: Added.
1667         * stress/big-int-bitwise-or-memory-stress.js: Added.
1668         * stress/big-int-bitwise-or-to-primitive-precedence.js: Added.
1669         * stress/big-int-bitwise-or-type-error.js: Added.
1670         * stress/big-int-bitwise-or-wrapped-value.js: Added.
1671
1672 2018-10-05  Dominik Infuehr  <dominik.infuehr@gmail.com>
1673
1674         Skip test on systems with limited memory
1675         https://bugs.webkit.org/show_bug.cgi?id=190310
1676
1677         Invoking runDefault adds test to runlist, skipping the test in the next
1678         line does not prevent the test from executing. Change order of lines such
1679         that runDefault is only executed if test is not executed.
1680
1681         Reviewed by Mark Lam.
1682
1683         * stress/regress-190187.js:
1684
1685 2018-10-03  Saam barati  <sbarati@apple.com>
1686
1687         lowXYZ in FTLLower should always filter the type of the incoming edge
1688         https://bugs.webkit.org/show_bug.cgi?id=189939
1689         <rdar://problem/44407030>
1690
1691         Reviewed by Michael Saboff.
1692
1693         * stress/ftl-should-always-filter-for-low-type-check-functions.js: Added.
1694         (foo):
1695         (test):
1696
1697 2018-10-03  Mark Lam  <mark.lam@apple.com>
1698
1699         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1700         https://bugs.webkit.org/show_bug.cgi?id=190187
1701         <rdar://problem/42512909>
1702
1703         Reviewed by Michael Saboff.
1704
1705         * stress/regress-190187.js: Added.
1706
1707 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1708
1709         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1710         https://bugs.webkit.org/show_bug.cgi?id=190033
1711
1712         Reviewed by Yusuke Suzuki.
1713
1714         * stress/big-int-to-string.js:
1715
1716 2018-10-01  Mark Lam  <mark.lam@apple.com>
1717
1718         Function.toString() should also copy the source code Functions that are class definitions.
1719         https://bugs.webkit.org/show_bug.cgi?id=190186
1720         <rdar://problem/44733360>
1721
1722         Reviewed by Saam Barati.
1723
1724         * stress/regress-190186.js: Added.
1725
1726 2018-10-01  Dominik Infuehr  <dinfuehr@igalia.com>
1727
1728         Split NaN-check into separate test
1729         https://bugs.webkit.org/show_bug.cgi?id=190010
1730
1731         Reviewed by Saam Barati.
1732
1733         DataView exposes NaN-representation, which is not necessarily the same on each
1734         architecture. Therefore move the check of the NaN-representation into its own
1735         file such that we can disable this test on MIPS where NaN-representation can be
1736         different on older CPUs.
1737
1738         * stress/dataview-jit-set-nan.js: Added.
1739         (assert):
1740         (test.storeLittleEndian):
1741         (test.storeBigEndian):
1742         (test.store):
1743         (test):
1744         * stress/dataview-jit-set.js:
1745         (test5):
1746
1747 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1748
1749         Unreviewed, rolling out r236647.
1750         https://bugs.webkit.org/show_bug.cgi?id=190124
1751
1752         Breaking test stress/big-int-to-string.js (Requested by
1753         caiolima_ on #webkit).
1754
1755         Reverted changeset:
1756
1757         "[BigInt] BigInt.proptotype.toString is broken when radix is
1758         power of 2"
1759         https://bugs.webkit.org/show_bug.cgi?id=190033
1760         https://trac.webkit.org/changeset/236647
1761
1762 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1763
1764         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1765         https://bugs.webkit.org/show_bug.cgi?id=190033
1766
1767         Reviewed by Yusuke Suzuki.
1768
1769         * stress/big-int-to-string.js:
1770
1771 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1772
1773         [ESNext][BigInt] Implement support for "&"
1774         https://bugs.webkit.org/show_bug.cgi?id=186228
1775
1776         Reviewed by Yusuke Suzuki.
1777
1778         * stress/big-int-bitwise-and-general.js: Added.
1779         (assert):
1780         (assert.sameValue):
1781         * stress/big-int-bitwise-and-jit.js: Added.
1782         (let.assert.sameValue):
1783         (bigIntBitAnd):
1784         * stress/big-int-bitwise-and-memory-stress.js: Added.
1785         (assert):
1786         * stress/big-int-bitwise-and-to-primitive-precedence.js: Added.
1787         (assert.sameValue):
1788         (let.o.Symbol.toPrimitive):
1789         (catch):
1790         * stress/big-int-bitwise-and-type-error.js: Added.
1791         (assert):
1792         (assertThrowTypeError):
1793         (let.o.valueOf):
1794         (o.valueOf):
1795         (o.toString):
1796         (o.Symbol.toPrimitive):
1797         * stress/big-int-bitwise-and-wrapped-value.js: Added.
1798         (assert.sameValue):
1799         (testBitAnd):
1800         (let.o.Symbol.toPrimitive):
1801         (o.valueOf):
1802         (o.toString):
1803
1804 2018-09-28  Ross Kirsling  <ross.kirsling@sony.com>
1805
1806         JSC test stress/jsc-read.js doesn't support CRLF
1807         https://bugs.webkit.org/show_bug.cgi?id=190063
1808
1809         Reviewed by Yusuke Suzuki.
1810
1811         In order to run this test via Windows command prompt, we can't assume that the final newline will be LF.
1812
1813         * stress/jsc-read.js:
1814         (test):
1815
1816 2018-09-27  Saam barati  <sbarati@apple.com>
1817
1818         Verify the contents of AssemblerBuffer on arm64e
1819         https://bugs.webkit.org/show_bug.cgi?id=190057
1820         <rdar://problem/38916630>
1821
1822         Reviewed by Mark Lam.
1823
1824         * stress/regress-189132.js:
1825
1826 2018-09-27  Dominik Infuehr  <dinfuehr@igalia.com>
1827
1828         Disable test without LLInt on ARMv7
1829         https://bugs.webkit.org/show_bug.cgi?id=190037
1830
1831         Reviewed by Mark Lam.
1832
1833         Test runs out of executable memory on ARMv7, do not run
1834         this test without LLInt enabled.
1835
1836         * stress/regress-169445.js:
1837
1838 2018-09-26  Keith Miller  <keith_miller@apple.com>
1839
1840         We should zero unused property storage when rebalancing array storage.
1841         https://bugs.webkit.org/show_bug.cgi?id=188151
1842
1843         Reviewed by Michael Saboff.
1844
1845         * stress/splice-should-zero-property-storage-when-rebalancing.js: Added.
1846
1847 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1848
1849         [JSC] Optimize Array#lastIndexOf
1850         https://bugs.webkit.org/show_bug.cgi?id=189780
1851
1852         Reviewed by Saam Barati.
1853
1854         * stress/array-lastindexof-array-prototype-trap.js: Added.
1855         (shouldBe):
1856         (AncestorArray.prototype.get 2):
1857         (AncestorArray):
1858         * stress/array-lastindexof-have-a-bad-time-c-runtime.js: Added.
1859         (shouldBe):
1860         * stress/array-lastindexof-hole-nan.js: Added.
1861         (shouldBe):
1862         (throw.new.Error):
1863         * stress/array-lastindexof-infinity.js: Added.
1864         (shouldBe):
1865         (throw.new.Error):
1866         * stress/array-lastindexof-negative-zero.js: Added.
1867         (shouldBe):
1868         (throw.new.Error):
1869         * stress/array-lastindexof-own-getter.js: Added.
1870         (shouldBe):
1871         (throw.new.Error.get array):
1872         (get array):
1873         * stress/array-lastindexof-prototype-trap.js: Added.
1874         (shouldBe):
1875         (DerivedArray.prototype.get 2):
1876         (DerivedArray):
1877
1878 2018-09-25  Saam Barati  <sbarati@apple.com>
1879
1880         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1881         https://bugs.webkit.org/show_bug.cgi?id=189940
1882         <rdar://problem/43640987>
1883
1884         Reviewed by Mark Lam.
1885
1886         * stress/use-baseline-codeblock-materialize-osr-exit.js: Added.
1887
1888 2018-09-24  Saam Barati  <sbarati@apple.com>
1889
1890         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1891         https://bugs.webkit.org/show_bug.cgi?id=189922
1892         <rdar://problem/44651275>
1893
1894         Reviewed by Mark Lam.
1895
1896         * stress/array-indexof-fast-path-effects.js: Added.
1897         * stress/array-indexof-cached-length.js: Added.
1898
1899 2018-09-24  Saam barati  <sbarati@apple.com>
1900
1901         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1902         https://bugs.webkit.org/show_bug.cgi?id=189682
1903         <rdar://problem/43557315>
1904
1905         Reviewed by Mark Lam.
1906
1907         * stress/arguments-elimination-will-generate-edge-without-result.js: Added.
1908         (foo):
1909
1910 2018-09-22  Saam barati  <sbarati@apple.com>
1911
1912         The sampling should not use Strong<CodeBlock> in its machineLocation field
1913         https://bugs.webkit.org/show_bug.cgi?id=189319
1914
1915         Reviewed by Filip Pizlo.
1916
1917         * stress/sampling-profiler-richards.js: Added.
1918
1919 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1920
1921         [JSC] Optimize Array#indexOf in C++ runtime
1922         https://bugs.webkit.org/show_bug.cgi?id=189507
1923
1924         Reviewed by Saam Barati.
1925
1926         * stress/array-indexof-array-prototype-trap.js: Added.
1927         (shouldBe):
1928         (AncestorArray.prototype.get 2):
1929         (AncestorArray):
1930         * stress/array-indexof-have-a-bad-time-c-runtime.js: Added.
1931         (shouldBe):
1932         * stress/array-indexof-hole-nan.js: Added.
1933         (shouldBe):
1934         (throw.new.Error):
1935         * stress/array-indexof-infinity.js: Added.
1936         (shouldBe):
1937         (throw.new.Error):
1938         * stress/array-indexof-negative-zero.js: Added.
1939         (shouldBe):
1940         (throw.new.Error):
1941         * stress/array-indexof-own-getter.js: Added.
1942         (shouldBe):
1943         (throw.new.Error.get array):
1944         (get array):
1945         * stress/array-indexof-prototype-trap.js: Added.
1946         (shouldBe):
1947         (DerivedArray.prototype.get 2):
1948         (DerivedArray):
1949
1950 2018-09-19  Saam barati  <sbarati@apple.com>
1951
1952         AI rule for MultiPutByOffset executes its effects in the wrong order
1953         https://bugs.webkit.org/show_bug.cgi?id=189757
1954         <rdar://problem/43535257>
1955
1956         Reviewed by Michael Saboff.
1957
1958         * stress/multi-put-by-offset-must-filter-value-before-filtering-base.js: Added.
1959         (foo):
1960         (Foo):
1961         (g):
1962
1963 2018-09-17  Mark Lam  <mark.lam@apple.com>
1964
1965         Ensure that ForInContexts are invalidated if their loop local is over-written.
1966         https://bugs.webkit.org/show_bug.cgi?id=189571
1967         <rdar://problem/44402277>
1968
1969         Reviewed by Saam Barati.
1970
1971         * stress/regress-189571.js: Added.
1972
1973 2018-09-17  Saam barati  <sbarati@apple.com>
1974
1975         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
1976         https://bugs.webkit.org/show_bug.cgi?id=189676
1977         <rdar://problem/39682897>
1978
1979         Reviewed by Michael Saboff.
1980
1981         * typeProfiler/check-structure-or-empty-in-fixup.js: Added.
1982         (A):
1983         (K):
1984         (i.catch):
1985
1986 2018-09-14  Saam barati  <sbarati@apple.com>
1987
1988         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1989         https://bugs.webkit.org/show_bug.cgi?id=189628
1990         <rdar://problem/39481690>
1991
1992         Reviewed by Mark Lam.
1993
1994         * stress/verbose-failure-dont-graph-dump-availability-already-freed.js: Added.
1995         (foo):
1996
1997 2018-09-11  Mark Lam  <mark.lam@apple.com>
1998
1999         Test for array initialization in arrayProtoFuncSplice.
2000         https://bugs.webkit.org/show_bug.cgi?id=170253
2001         <rdar://problem/31328773>
2002
2003         Rubber-stamped by Saam Barati.
2004
2005         * stress/regress-170253.js: Added.
2006
2007 2018-09-11  Mark Lam  <mark.lam@apple.com>
2008
2009         Test for IntlObject initialization.
2010         https://bugs.webkit.org/show_bug.cgi?id=170251
2011         <rdar://problem/31328419>
2012
2013         Rubber-stamped by Saam Barati.
2014
2015         * stress/regress-170251.js: Added.
2016
2017 2018-09-11  Mark Lam  <mark.lam@apple.com>
2018
2019         Test for array memcpy'ing when JSGlobalObject::haveABadTime.
2020         https://bugs.webkit.org/show_bug.cgi?id=169889
2021         <rdar://problem/31155607>
2022
2023         Reviewed by Saam Barati.
2024
2025         * stress/regress-169889-array-concat.js: Added.
2026         * stress/regress-169889-array-concat1.js: Added.
2027         * stress/regress-169889-array-slice.js: Added.
2028
2029 2018-09-11  Mark Lam  <mark.lam@apple.com>
2030
2031         Test for incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope.
2032         https://bugs.webkit.org/show_bug.cgi?id=169445
2033         <rdar://problem/30957435>
2034
2035         Reviewed by Saam Barati.
2036
2037         * stress/regress-169445.js: Added.
2038         (let.gun.eval.A):
2039         (let.gun.eval.B.C):
2040         (let.gun.eval.B.C.prototype.trigger):
2041         (let.gun.eval.B.C.prototype.triggerWithRestParameters):
2042         (let.gun.eval.B):
2043         (let.gun.eval):
2044
2045 == Rolled over to ChangeLog-2018-09-11 ==