1 2017-11-30 Yusuke Suzuki <utatane.tea@gmail.com>
3 [DFG][FTL] operationHasIndexedProperty does not consider negative int32_t
4 https://bugs.webkit.org/show_bug.cgi?id=180190
8 * stress/operation-in-may-have-negative-int32-array-storage.js: Added.
11 * stress/operation-in-may-have-negative-int32-contiguous-array.js: Added.
14 * stress/operation-in-may-have-negative-int32-double-array.js: Added.
17 * stress/operation-in-may-have-negative-int32-generic-array.js: Added.
20 * stress/operation-in-may-have-negative-int32-int32-array.js: Added.
23 * stress/operation-in-may-have-negative-int32.js: Added.
26 * stress/operation-in-negative-int32-cast.js: Added.
30 2017-11-28 JF Bastien <jfbastien@apple.com>
32 Strict and sloppy functions shouldn't share structure
33 https://bugs.webkit.org/show_bug.cgi?id=180103
34 <rdar://problem/35667847>
36 Reviewed by Saam Barati.
38 * stress/get-by-id-strict-arguments.js: Added. Used to not throw
39 because the IC was wrong.
44 * stress/get-by-id-strict-callee.js: Added. Not strictly necessary
45 in this patch, but may as well test odd strict mode corner cases.
49 * stress/get-by-id-strict-caller.js: Added. Also IC'd wrong.
54 * stress/get-by-id-strict-nested-arguments-2.js: Added. Same as
55 next file, but with invalidation of the FunctionExecutable's
56 singletonFunction() to hit SpeculativeJIT::compileNewFunction's
63 * stress/get-by-id-strict-nested-arguments.js: Added. Make sure
64 strict nesting works correctly.
68 * stress/strict-function-structure.js: Added. The test used to
69 assert in objectProtoFuncHasOwnProperty.
73 * stress/strict-nested-function-structure.js: Added. Nesting.
79 2017-11-29 Robin Morisset <rmorisset@apple.com>
81 The recursive tail call optimisation is wrong on closures
82 https://bugs.webkit.org/show_bug.cgi?id=179835
84 Reviewed by Saam Barati.
86 * stress/closure-recursive-tail-call.js: Added.
89 2017-11-27 JF Bastien <jfbastien@apple.com>
91 JavaScript rest function parameter with negative index leads to bad DFG abstract interpretation
92 https://bugs.webkit.org/show_bug.cgi?id=180051
93 <rdar://problem/35614371>
95 Reviewed by Saam Barati.
97 * stress/rest-parameter-negative.js: Added.
103 2017-11-27 Saam Barati <sbarati@apple.com>
105 Spread can escape when CreateRest does not
106 https://bugs.webkit.org/show_bug.cgi?id=180057
107 <rdar://problem/35676119>
109 Reviewed by JF Bastien.
111 * stress/spread-escapes-but-create-rest-does-not.js: Added.
117 2017-11-21 Yusuke Suzuki <utatane.tea@gmail.com>
119 [DFG] Add NormalizeMapKey DFG IR
120 https://bugs.webkit.org/show_bug.cgi?id=179912
122 Reviewed by Saam Barati.
124 * stress/map-untyped-normalize-cse.js: Added.
127 * stress/map-untyped-normalize.js: Added.
130 * stress/set-untyped-normalize-cse.js: Added.
132 (set return.set has.set has):
133 * stress/set-untyped-normalize.js: Added.
135 (set return.set has):
137 2017-11-26 Yusuke Suzuki <utatane.tea@gmail.com>
139 [FTL] Support DeleteById and DeleteByVal
140 https://bugs.webkit.org/show_bug.cgi?id=180022
142 Reviewed by Saam Barati.
144 * stress/delete-by-id.js: Added.
148 * stress/delete-by-val-ftl.js: Added.
153 2017-11-26 Yusuke Suzuki <utatane.tea@gmail.com>
155 [DFG] Introduce {Set,Map,WeakMap}Fields
156 https://bugs.webkit.org/show_bug.cgi?id=179925
158 Reviewed by Saam Barati.
160 * stress/map-set-clobber-map-get.js: Added.
163 * stress/map-set-does-not-clobber-set-has.js: Added.
165 * stress/map-set-does-not-clobber-weak-map-get.js: Added.
168 * stress/set-add-clobber-set-has.js: Added.
170 * stress/set-add-does-not-clobber-map-get.js: Added.
173 2017-11-24 Mark Lam <mark.lam@apple.com>
175 Move unsafe jsc shell test functions to the $vm object.
176 https://bugs.webkit.org/show_bug.cgi?id=179980
178 Reviewed by Yusuke Suzuki.
180 * controlFlowProfiler/driver/driver.js:
181 * controlFlowProfiler/execution-count.js:
182 * controlFlowProfiler/if-statement.js:
183 * controlFlowProfiler/loop-statements.js:
184 * controlFlowProfiler/switch-statements.js:
185 * controlFlowProfiler/test-jit.js:
186 * exceptionFuzz/3d-cube.js:
187 * exceptionFuzz/date-format-xparb.js:
188 * exceptionFuzz/earley-boyer.js:
189 * heapProfiler/basic-edges.js:
190 * heapProfiler/property-edge-types.js:
191 * microbenchmarks/try-get-by-id-basic.js:
192 * microbenchmarks/try-get-by-id-polymorphic.js:
193 * modules/namespace-object-try-get.js:
194 * stress/argument-count-bytecode.js:
195 * stress/argument-intrinsic-basic.js:
196 * stress/argument-intrinsic-inlining-use-caller-arg.js:
197 * stress/argument-intrinsic-inlining-with-result-escape.js:
198 * stress/argument-intrinsic-inlining-with-vararg-with-enough-arguments.js:
199 * stress/argument-intrinsic-inlining-with-vararg.js:
200 * stress/argument-intrinsic-nested-inlining.js:
201 * stress/argument-intrinsic-not-convert-to-get-argument.js:
202 * stress/argument-intrinsic-with-stack-write.js:
203 * stress/arity-mismatch-get-argument.js:
204 * stress/array-message-passing.js:
205 * stress/array-push-with-force-exit.js:
206 * stress/check-dom-with-signature.js:
207 * stress/check-sub-class.js:
208 * stress/compare-eq-incomplete-profile.js:
209 * stress/custom-get-set-inline-caching-one-level-up-proto-chain.js:
210 * stress/do-eval-virtual-call-correctly.js:
211 * stress/dom-jit-with-poly-proto.js:
212 * stress/domjit-exception-ic.js:
213 * stress/domjit-exception.js:
214 * stress/domjit-getter-complex-with-incorrect-object.js:
215 * stress/domjit-getter-complex.js:
216 * stress/domjit-getter-poly.js:
217 * stress/domjit-getter-proto.js:
218 * stress/domjit-getter-super-poly.js:
219 * stress/domjit-getter-try-catch-getter-as-get-by-id-register-restoration.js:
220 * stress/domjit-getter-type-check.js:
221 * stress/domjit-getter.js:
222 * stress/exit-during-inlined-arity-fixup-recover-proper-frame.js:
223 * stress/for-in-proxy-target-changed-structure.js:
224 * stress/for-in-proxy.js:
225 * stress/generational-opaque-roots.js:
226 * stress/global-const-redeclaration-setting-2.js:
227 * stress/global-const-redeclaration-setting-3.js:
228 * stress/global-const-redeclaration-setting-4.js:
229 * stress/global-const-redeclaration-setting-5.js:
230 * stress/global-const-redeclaration-setting.js:
231 * stress/import-basic.js:
232 * stress/import-from-eval.js:
233 * stress/import-reject-with-exception.js:
234 * stress/import-syntax.js:
235 * stress/impure-get-own-property-slot-inline-cache.js:
236 * stress/is-constructor.js:
237 * stress/istypedarrayview-intrinsic.js:
238 * stress/jsc-setImpureGetterDelegate-on-bad-type.js:
239 * stress/jsc-test-functions-should-be-more-robust.js:
240 * stress/object-toString-with-proxy.js:
241 * stress/poly-proto-custom-value-and-accessor.js:
242 * stress/proxy-inline-cache.js:
243 * stress/re-execute-error-module.js:
244 * stress/regress-150532.js:
245 * stress/regress-156992.js:
246 * stress/regress-179619.js:
247 * stress/resources/shadow-chicken-support.js:
248 * stress/runtime-array.js:
249 * stress/sampling-profiler-microtasks.js:
250 * stress/shadow-chicken-enabled.js:
251 * stress/spread-correct-global-object-on-exception.js:
252 * stress/super-get-by-id.js:
253 * stress/tailCallForwardArguments.js:
254 * stress/to-object-intrinsic-boolean-edge.js:
255 * stress/to-object-intrinsic-null-or-undefined-edge.js:
256 * stress/to-object-intrinsic-number-edge.js:
257 * stress/to-object-intrinsic-object-edge.js:
258 * stress/to-object-intrinsic-string-edge.js:
259 * stress/to-object-intrinsic-symbol-edge.js:
260 * stress/to-object-intrinsic.js:
261 * stress/try-catch-custom-getter-as-get-by-id.js:
262 * stress/try-get-by-id-poly-proto.js:
263 * stress/try-get-by-id-should-spill-registers-dfg.js:
264 * stress/try-get-by-id.js:
265 * typeProfiler/arrow-functions.js:
266 * typeProfiler/basic.js:
267 * typeProfiler/captured.js:
268 * typeProfiler/classes.js:
269 * typeProfiler/dfg-jit-optimizations.js:
270 * typeProfiler/dictionary-mode.js:
271 * typeProfiler/es6-block-scoping.js:
272 * typeProfiler/es6-classes.js:
273 * typeProfiler/inheritance.js:
274 * typeProfiler/int52-dfg.js:
275 * typeProfiler/loop.js:
276 * typeProfiler/optional-fields.js:
277 * typeProfiler/overflow.js:
278 * typeProfiler/return.js:
279 * typeProfiler/symbol.js:
280 * typeProfiler/weird-prototype-chain.js:
282 2017-11-21 Yusuke Suzuki <utatane.tea@gmail.com>
284 [DFG][FTL] Support MapSet / SetAdd intrinsics
285 https://bugs.webkit.org/show_bug.cgi?id=179858
287 Reviewed by Saam Barati.
289 * microbenchmarks/map-has-and-set.js: Added.
291 * stress/map-set-check-failure.js: Added.
295 * stress/map-set-cse.js: Added.
298 * stress/set-add-check-failure.js: Added.
302 * stress/set-add-cse.js: Added.
305 2017-11-21 Yusuke Suzuki <utatane.tea@gmail.com>
307 [JSC] Allow poly proto for intrinsic getters
308 https://bugs.webkit.org/show_bug.cgi?id=179550
310 Reviewed by Saam Barati.
312 This change is also tested by existing tests.
314 1. stress/intrinsic-getter-with-poly-proto.js
315 2. stress/poly-proto-intrinsic-getter-correctness.js
317 * stress/intrinsic-getter-with-poly-proto-getter-change.js: Added.
319 (makePolyProtoObject.foo.C):
320 (makePolyProtoObject.foo):
321 (makePolyProtoObject):
323 * stress/intrinsic-getter-with-poly-proto-proto-change.js: Added.
325 (makePolyProtoObject.foo.C):
326 (makePolyProtoObject.foo):
327 (makePolyProtoObject):
330 2017-11-20 Guillaume Emont <guijemont@igalia.com>
332 Skip stress/unshiftCountSlowCase-correct-postCapacity.js on embedded Linux
333 https://bugs.webkit.org/show_bug.cgi?id=179744
335 Reviewed by Michael Catanzaro.
337 This test uses too much memory for our buildbots on these platforms
340 * stress/unshiftCountSlowCase-correct-postCapacity.js:
341 Skip if $memoryLimited and linux.
343 2017-11-17 JF Bastien <jfbastien@apple.com>
345 WebAssembly JS API: throw when a promise can't be created
346 https://bugs.webkit.org/show_bug.cgi?id=179826
347 <rdar://problem/35455813>
349 Reviewed by Mark Lam.
351 Test WebAssembly.{compile,instantiate} where promise creation
352 fails because of a stack overflow.
354 * wasm/js-api/promise-stack-overflow.js: Added.
355 (const.runNearStackLimit.f.const.t):
357 (async.testInstantiate):
359 2017-11-16 Yusuke Suzuki <utatane.tea@gmail.com>
361 Unreviewed, mark regress-178385.js as memory exhausting
363 * stress/regress-178385.js:
365 2017-11-16 Ryan Haddad <ryanhaddad@apple.com>
367 Mark test262/test/language/statements/class/definition/fn-name-static-precedence.js as passing after r224927.
369 Unreviewed test gardening.
373 2017-11-16 Robin Morisset <rmorisset@apple.com>
375 REGRESSION (r224592): oss-fuzz: jsc: Null-dereference READ in JSC::JSCell::isObject (4216)
376 https://bugs.webkit.org/show_bug.cgi?id=179763
377 <rdar://problem/35550513>
379 Reviewed by Keith Miller.
381 Just adding a slightly cleaned-up version of the original fuzzer-found test.
383 * stress/tdz-this-in-try-catch.js: Added.
387 2017-11-14 Yusuke Suzuki <utatane.tea@gmail.com>
389 [DFG][FTL] Support Array::DirectArguments with OutOfBounds
390 https://bugs.webkit.org/show_bug.cgi?id=179594
392 Reviewed by Saam Barati.
394 * stress/direct-arguments-in-bounds-to-out-of-bounds.js: Added.
397 * stress/direct-arguments-out-of-bounds-watchpoint.js: Added.
401 2017-11-14 Saam Barati <sbarati@apple.com>
403 We need to set topCallFrame when calling Wasm::Memory::grow from the JIT
404 https://bugs.webkit.org/show_bug.cgi?id=179639
405 <rdar://problem/35513018>
407 Reviewed by JF Bastien.
409 * wasm/function-tests/grow-memory-cause-gc.js: Added.
413 2017-11-13 Mark Lam <mark.lam@apple.com>
415 Add more overflow check book-keeping for MarkedArgumentBuffer.
416 https://bugs.webkit.org/show_bug.cgi?id=179634
417 <rdar://problem/35492517>
419 Reviewed by Saam Barati.
421 * stress/regress-179634.js: Added.
423 2017-11-13 Mark Lam <mark.lam@apple.com>
425 Make the jsc shell loadGetterFromGetterSetter() function more robust.
426 https://bugs.webkit.org/show_bug.cgi?id=179619
427 <rdar://problem/35492518>
429 Reviewed by Saam Barati.
431 * stress/regress-179619.js: Added.
433 2017-11-12 Mark Lam <mark.lam@apple.com>
435 We should ensure that operationStrCat2 and operationStrCat3 are never passed Symbols as arguments.
436 https://bugs.webkit.org/show_bug.cgi?id=179562
437 <rdar://problem/35467022>
439 Reviewed by Saam Barati.
441 * regress-179562.js: Added.
443 2017-11-08 Saam Barati <sbarati@apple.com>
445 A JSFunction's ObjectAllocationProfile should watch the poly prototype watchpoint so it can clear its object allocation profile
446 https://bugs.webkit.org/show_bug.cgi?id=177792
448 Reviewed by Yusuke Suzuki.
450 * microbenchmarks/poly-proto-clear-js-function-allocation-profile.js: Added.
452 (foo.Foo.prototype.ensureX):
457 2017-11-08 Ryan Haddad <ryanhaddad@apple.com>
459 Mark test262.yaml/test262/test/language/statements/try/tco-catch.js as passing.
460 https://bugs.webkit.org/show_bug.cgi?id=178592
462 Unreviewed test gardening.
466 2017-11-08 Robin Morisset <rmorisset@apple.com>
468 Turn recursive tail calls into loops
469 https://bugs.webkit.org/show_bug.cgi?id=176601
471 Reviewed by Saam Barati.
473 Relanding after https://bugs.webkit.org/show_bug.cgi?id=178834.
475 Add some simple test that computes factorial in several ways, and other trivial computations.
476 They all tests the case where foo calls bar (in an inlineable way) that then does a tail call.
477 Depending on the nature of both calls, it is possible or not to turn the tail call into a loop.
478 I have no clear way of checking that the call was indeed transformed, but I can check that the code computes the right result
479 (which it doesn't if that tail call is transformed into a loop in the unsound cases).
481 * stress/inline-call-to-recursive-tail-call.js: Added.
496 2017-11-07 Mark Lam <mark.lam@apple.com>
498 AccessCase::generateImpl() should exclude the result register when restoring registers after a call.
499 https://bugs.webkit.org/show_bug.cgi?id=179355
500 <rdar://problem/35263053>
502 Reviewed by Saam Barati.
504 * stress/regress-179355.js: Added.
506 2017-11-05 Yusuke Suzuki <utatane.tea@gmail.com>
508 JIT call inline caches should cache calls to objects with getCallData/getConstructData traps
509 https://bugs.webkit.org/show_bug.cgi?id=144458
511 Reviewed by Saam Barati.
513 * microbenchmarks/dfg-internal-function-call.js: Added.
515 * microbenchmarks/dfg-internal-function-construct.js: Added.
517 * microbenchmarks/dfg-internal-function-not-handled-call.js: Added.
519 * microbenchmarks/dfg-internal-function-not-handled-construct.js: Added.
521 * stress/dfg-internal-function-call.js: Added.
524 * stress/dfg-internal-function-construct.js: Added.
527 * stress/internal-function-call.js: Added.
529 * stress/internal-function-construct.js: Added.
532 2017-11-05 Per Arne Vollan <pvollan@apple.com>
534 [Win] Skip stress/regress-178385.js.
535 https://bugs.webkit.org/show_bug.cgi?id=179298
537 Unreviewed test gardening.
539 * stress/regress-178385.js:
541 2017-11-03 Keith Miller <keith_miller@apple.com>
543 Add test for ic with side effects
544 https://bugs.webkit.org/show_bug.cgi?id=179268
546 Reviewed by Saam Barati.
548 * stress/put-inline-cache-side-effects.js: Added.
549 (let.i.of.objs.keys):
552 2017-11-03 Mark Lam <mark.lam@apple.com>
554 CachedCall (and its clients) needs overflow checks.
555 https://bugs.webkit.org/show_bug.cgi?id=179185
557 Reviewed by JF Bastien.
559 * stress/regress-179185.js: Added.
561 2017-11-02 Michael Saboff <msaboff@apple.com>
563 DFG needs to handle code motion of code in for..in loop bodies
564 https://bugs.webkit.org/show_bug.cgi?id=179212
566 Reviewed by Keith Miller.
570 * stress/for-in-side-effects.js: Added.
578 2017-11-02 Filip Pizlo <fpizlo@apple.com>
580 AI does not correctly model the clobber case of ArithClz32
581 https://bugs.webkit.org/show_bug.cgi?id=179188
583 Reviewed by Michael Saboff.
585 * stress/arith-clz32-effects.js: Added.
589 2017-11-01 Michael Saboff <msaboff@apple.com>
591 Integer overflow in code generated by LoadVarargs processing in DFG and FTL.
592 https://bugs.webkit.org/show_bug.cgi?id=179140
594 Reviewed by Saam Barati.
598 * stress/regress-179140.js: Added.
602 2017-11-01 Yusuke Suzuki <utatane.tea@gmail.com>
604 [JSC] Introduce @toObject
605 https://bugs.webkit.org/show_bug.cgi?id=178726
607 Reviewed by Saam Barati.
609 * stress/array-copywithin.js:
611 * stress/object-constructor-boolean-edge.js: Added.
614 * stress/object-constructor-global.js: Added.
616 * stress/object-constructor-null-edge.js: Added.
619 * stress/object-constructor-number-edge.js: Added.
622 * stress/object-constructor-object-edge.js: Added.
626 * stress/object-constructor-string-edge.js: Added.
629 * stress/object-constructor-symbol-edge.js: Added.
632 * stress/object-constructor-undefined-edge.js: Added.
635 * stress/symbol-array-from.js: Added.
637 * stress/to-object-intrinsic-boolean-edge.js: Added.
639 (builtin.createBuiltin):
640 * stress/to-object-intrinsic-null-or-undefined-edge.js: Added.
642 * stress/to-object-intrinsic-number-edge.js: Added.
644 (builtin.createBuiltin):
645 * stress/to-object-intrinsic-object-edge.js: Added.
647 (builtin.createBuiltin):
649 * stress/to-object-intrinsic-string-edge.js: Added.
651 (builtin.createBuiltin):
652 * stress/to-object-intrinsic-symbol-edge.js: Added.
654 (builtin.createBuiltin):
655 * stress/to-object-intrinsic.js: Added.
658 (builtin.createBuiltin):
660 2017-10-27 Yusuke Suzuki <utatane.tea@gmail.com>
662 [DFG][FTL] Introduce StringSlice
663 https://bugs.webkit.org/show_bug.cgi?id=178934
665 Reviewed by Saam Barati.
667 * microbenchmarks/string-slice-empty.js: Added.
669 * microbenchmarks/string-slice-one-char.js: Added.
671 * microbenchmarks/string-slice.js: Added.
674 2017-10-26 Michael Saboff <msaboff@apple.com>
676 REGRESSION(r222601): We fail to properly backtrack into a sub pattern of a parenthesis with non-zero minimum
677 https://bugs.webkit.org/show_bug.cgi?id=178890
679 Reviewed by Keith Miller.
683 * stress/regress-178890.js: Added.
685 2017-10-26 Mark Lam <mark.lam@apple.com>
687 JSRopeString::RopeBuilder::append() should check for overflows.
688 https://bugs.webkit.org/show_bug.cgi?id=178385
689 <rdar://problem/35027468>
691 Reviewed by Saam Barati.
693 * stress/regress-178385.js: Added.
695 2017-10-26 Ryan Haddad <ryanhaddad@apple.com>
697 Unreviewed, rolling out r223961.
699 The change that required this has been rolled out.
703 "Mark test262.yaml/test262/test/language/statements/try/tco-
704 catch.js as passing."
705 https://bugs.webkit.org/show_bug.cgi?id=178592
706 https://trac.webkit.org/changeset/223961
708 2017-10-25 Commit Queue <commit-queue@webkit.org>
710 Unreviewed, rolling out r223691 and r223729.
711 https://bugs.webkit.org/show_bug.cgi?id=178834
713 Broke Speedometer 2 React-Redux-TodoMVC test case (Requested
714 by rniwa on #webkit).
718 "Turn recursive tail calls into loops"
719 https://bugs.webkit.org/show_bug.cgi?id=176601
720 https://trac.webkit.org/changeset/223691
722 "REGRESSION(r223691): DFGByteCodeParser.cpp:1483:83: warning:
723 comparison is always false due to limited range of data type
725 https://bugs.webkit.org/show_bug.cgi?id=178543
726 https://trac.webkit.org/changeset/223729
728 2017-10-25 Ryan Haddad <ryanhaddad@apple.com>
730 Mark test262.yaml/test262/test/language/statements/try/tco-catch.js as passing.
731 https://bugs.webkit.org/show_bug.cgi?id=178592
733 Unreviewed test gardening.
737 2017-10-24 Yusuke Suzuki <utatane.tea@gmail.com>
739 [FTL] Support NewStringObject
740 https://bugs.webkit.org/show_bug.cgi?id=178737
742 Reviewed by Saam Barati.
744 * stress/new-string-object.js: Added.
748 2017-10-15 Yusuke Suzuki <utatane.tea@gmail.com>
750 [JSC] modules can be visited more than once when resolving bindings through "star" exports as long as the exportName is different each time
751 https://bugs.webkit.org/show_bug.cgi?id=178308
753 Reviewed by Mark Lam.
757 2017-10-23 Yusuke Suzuki <utatane.tea@gmail.com>
759 [JSC] Use fastJoin in Array#toString
760 https://bugs.webkit.org/show_bug.cgi?id=178062
762 Reviewed by Darin Adler.
764 * microbenchmarks/contiguous-array-to-string.js: Added.
766 * microbenchmarks/double-array-to-string.js: Added.
768 * microbenchmarks/int32-array-to-string.js: Added.
771 2017-10-22 Zan Dobersek <zdobersek@igalia.com>
773 stress/check-string-ident.js is improperly skipped
774 https://bugs.webkit.org/show_bug.cgi?id=178642
776 Reviewed by Saam Barati.
778 * stress/check-string-ident.js: Drop the defaultNoEagerRun directive
779 since it enforces the run-jsc-stress-tests script to still set up the
780 test to run, despite the skip directive that's used before.
782 2017-10-20 Mark Lam <mark.lam@apple.com>
784 Add a test case for r214334.
785 https://bugs.webkit.org/show_bug.cgi?id=169941
786 <rdar://problem/31221258>
788 Reviewed by JF Bastien.
790 * stress/regress-169941.js: Added.
792 2017-10-19 JF Bastien <jfbastien@apple.com>
794 WebAssembly: no VM / JS version of everything but Instance
795 https://bugs.webkit.org/show_bug.cgi?id=177473
797 Reviewed by Filip Pizlo, Saam Barati.
799 - Exceeding max on memory growth now returns a range error as per
800 spec. This is a (very minor) breaking change: it used to throw OOM
801 error. Update the corresponding test.
803 * wasm/js-api/memory-grow.js:
805 * wasm/js-api/table.js:
808 2017-10-19 Mark Lam <mark.lam@apple.com>
810 Stringifier::appendStringifiedValue() is missing an exception check.
811 https://bugs.webkit.org/show_bug.cgi?id=178386
812 <rdar://problem/35027610>
814 Reviewed by Saam Barati.
816 * stress/regress-178386.js: Added.
818 2017-10-19 Michael Saboff <msaboff@apple.com>
820 Test262: RegExp/property-escapes/generated/Emoji_Component.js fails with current RegExp Unicode Properties implementation
821 https://bugs.webkit.org/show_bug.cgi?id=178521
823 Reviewed by JF Bastien.
825 * test262.yaml: Enabled test262/test/built-ins/RegExp/property-escapes/generated/Emoji_Component.js as it
826 now passes with the current version (5.0) of the Emoji spec.
828 2017-10-19 Robin Morisset <rmorisset@apple.com>
830 Turn recursive tail calls into loops
831 https://bugs.webkit.org/show_bug.cgi?id=176601
833 Reviewed by Saam Barati.
835 Add some simple test that computes factorial in several ways, and other trivial computations.
836 They all tests the case where foo calls bar (in an inlineable way) that then does a tail call.
837 Depending on the nature of both calls, it is possible or not to turn the tail call into a loop.
838 I have no clear way of checking that the call was indeed transformed, but I can check that the code computes the right result
839 (which it doesn't if that tail call is transformed into a loop in the unsound cases).
841 * stress/inline-call-to-recursive-tail-call.js: Added.
853 2017-10-18 Mark Lam <mark.lam@apple.com>
855 RegExpObject::defineOwnProperty() does not need to compare values if no descriptor value is specified.
856 https://bugs.webkit.org/show_bug.cgi?id=177600
857 <rdar://problem/34710985>
859 Reviewed by Saam Barati.
861 * stress/regress-177600.js: Added.
863 2017-10-18 Mark Lam <mark.lam@apple.com>
865 The compiler should always register a structure when it adds its transitionWatchPointSet.
866 https://bugs.webkit.org/show_bug.cgi?id=178420
867 <rdar://problem/34814024>
869 Reviewed by Saam Barati and Filip Pizlo.
871 * stress/regress-178420.js: Added.
872 (new.Array.10000.map):
874 2017-10-18 Yusuke Suzuki <utatane.tea@gmail.com>
876 [JSC] __proto__ getter should be fast
877 https://bugs.webkit.org/show_bug.cgi?id=178067
879 Reviewed by Saam Barati.
881 * stress/dfg-object-proto-accessor.js: Added.
885 * stress/dfg-object-proto-getter.js: Added.
889 * stress/dfg-object-prototype-of.js: Added.
893 * stress/dfg-reflect-get-prototype-of.js: Added.
897 * stress/intrinsic-getter-with-poly-proto.js: Added.
899 (makePolyProtoObject.foo.C):
900 (makePolyProtoObject.foo):
901 (makePolyProtoObject):
903 * stress/object-get-prototype-of-filtered.js: Added.
908 * stress/object-get-prototype-of-mono-proto.js: Added.
910 (makePolyProtoObject.foo.C):
911 (makePolyProtoObject.foo):
912 (makePolyProtoObject):
914 * stress/object-get-prototype-of-poly-mono-proto.js: Added.
916 (makePolyProtoObject.foo.C):
917 (makePolyProtoObject.foo):
918 (makePolyProtoObject):
920 * stress/object-get-prototype-of-poly-proto.js: Added.
922 (makePolyProtoObject.foo.C):
923 (makePolyProtoObject.foo):
924 (makePolyProtoObject):
926 * stress/object-proto-getter-filtered.js: Added.
931 * stress/object-proto-getter-poly-mono-proto.js: Added.
933 (makePolyProtoObject.foo.C):
934 (makePolyProtoObject.foo):
935 (makePolyProtoObject):
937 * stress/object-proto-getter-poly-proto.js: Added.
939 (makePolyProtoObject.foo.C):
940 (makePolyProtoObject.foo):
941 (makePolyProtoObject):
943 * stress/object-prototype-proto-accessors-should-throw-on-undefined-this.js:
944 * stress/string-proto.js: Added.
948 2017-10-17 Ryan Haddad <ryanhaddad@apple.com>
950 Unreviewed, rolling out r223523.
952 A test for this change is failing on debug JSC bots.
956 "[JSC] __proto__ getter should be fast"
957 https://bugs.webkit.org/show_bug.cgi?id=178067
958 https://trac.webkit.org/changeset/223523
960 2017-10-10 Yusuke Suzuki <utatane.tea@gmail.com>
962 [JSC] __proto__ getter should be fast
963 https://bugs.webkit.org/show_bug.cgi?id=178067
965 Reviewed by Saam Barati.
967 * stress/dfg-object-proto-accessor.js: Added.
971 * stress/dfg-object-proto-getter.js: Added.
975 * stress/dfg-object-prototype-of.js: Added.
979 * stress/dfg-reflect-get-prototype-of.js: Added.
983 * stress/object-get-prototype-of-filtered.js: Added.
988 * stress/object-get-prototype-of-mono-proto.js: Added.
990 (makePolyProtoObject.foo.C):
991 (makePolyProtoObject.foo):
992 (makePolyProtoObject):
994 * stress/object-get-prototype-of-poly-mono-proto.js: Added.
996 (makePolyProtoObject.foo.C):
997 (makePolyProtoObject.foo):
998 (makePolyProtoObject):
1000 * stress/object-get-prototype-of-poly-proto.js: Added.
1002 (makePolyProtoObject.foo.C):
1003 (makePolyProtoObject.foo):
1004 (makePolyProtoObject):
1006 * stress/object-proto-getter-filtered.js: Added.
1011 * stress/object-proto-getter-poly-mono-proto.js: Added.
1013 (makePolyProtoObject.foo.C):
1014 (makePolyProtoObject.foo):
1015 (makePolyProtoObject):
1017 * stress/object-proto-getter-poly-proto.js: Added.
1019 (makePolyProtoObject.foo.C):
1020 (makePolyProtoObject.foo):
1021 (makePolyProtoObject):
1023 * stress/object-prototype-proto-accessors-should-throw-on-undefined-this.js:
1024 * stress/string-proto.js: Added.
1028 2017-10-14 Yusuke Suzuki <utatane.tea@gmail.com>
1030 Reland "Add Above/Below comparisons for UInt32 patterns"
1031 https://bugs.webkit.org/show_bug.cgi?id=177281
1033 Reviewed by Saam Barati.
1035 * stress/uint32-comparison-jump.js: Added.
1045 * stress/uint32-comparison.js: Added.
1056 2017-10-12 Yusuke Suzuki <utatane.tea@gmail.com>
1058 WebAssembly: Wasm functions should have either JSFunctionType or TypeOfShouldCallGetCallData
1059 https://bugs.webkit.org/show_bug.cgi?id=178210
1061 Reviewed by Saam Barati.
1063 * wasm/function-tests/trap-from-start-async.js:
1064 (async.StartTrapsAsync):
1065 * wasm/function-tests/trap-from-start.js:
1067 * wasm/js-api/web-assembly-function.js:
1068 (assert.eq.Object.getPrototypeOf):
1069 * wasm/js-api/wrapper-function.js:
1070 (return.new.WebAssembly.Module):
1071 (assert.throws.makeInstance): Deleted.
1072 (assert.throws.Bar): Deleted.
1073 (assert.throws): Deleted.
1075 2017-09-29 Filip Pizlo <fpizlo@apple.com>
1077 Enable gigacage on iOS
1078 https://bugs.webkit.org/show_bug.cgi?id=177586
1080 Reviewed by JF Bastien.
1082 Add tests for when Gigacage gets runtime disabled.
1084 * stress/disable-gigacage-arrays.js: Added.
1086 * stress/disable-gigacage-strings.js: Added.
1088 * stress/disable-gigacage-typed-arrays.js: Added.
1091 2017-10-11 Yusuke Suzuki <utatane.tea@gmail.com>
1093 import.meta should not be assignable
1094 https://bugs.webkit.org/show_bug.cgi?id=178202
1096 Reviewed by Saam Barati.
1098 * modules/import-meta-assignment.js: Added.
1100 (SyntaxError.import.meta.can.shouldThrow):
1102 2017-10-11 Saam Barati <sbarati@apple.com>
1104 Unreviewed. Actually skip certain type profiler tests in debug.
1106 * typeProfiler.yaml:
1107 * typeProfiler/deltablue-for-of.js:
1108 * typeProfiler/getter-richards.js:
1110 2017-10-11 Commit Queue <commit-queue@webkit.org>
1112 Unreviewed, rolling out r223113 and r223121.
1113 https://bugs.webkit.org/show_bug.cgi?id=178182
1115 Reintroduced 20% regression on Kraken (Requested by rniwa on
1118 Reverted changesets:
1120 "Enable gigacage on iOS"
1121 https://bugs.webkit.org/show_bug.cgi?id=177586
1122 https://trac.webkit.org/changeset/223113
1124 "Use one virtual allocation for all gigacages and their
1126 https://bugs.webkit.org/show_bug.cgi?id=178050
1127 https://trac.webkit.org/changeset/223121
1129 2017-10-11 Michael Saboff <msaboff@apple.com>
1131 Disable test262 named capture group tests with direct unicode names and with references before definitions
1132 https://bugs.webkit.org/show_bug.cgi?id=178177
1134 Reviewed by Keith Miller.
1136 Bugs to track fixing these test are:
1137 https://bugs.webkit.org/show_bug.cgi?id=178174 -
1138 "Add support in named capture group identifiers for direct surrogate pairs"
1139 https://bugs.webkit.org/show_bug.cgi?id=178175 -
1140 "Test262 failure with Named Capture Groups - using a reference before the group is defined"
1144 2017-10-11 Caio Lima <ticaiolima@gmail.com>
1146 Object properties are undefined in super.call() but not in this.call()
1147 https://bugs.webkit.org/show_bug.cgi?id=177230
1149 Reviewed by Saam Barati.
1151 * stress/super-call-function-subclass.js: Added.
1155 * stress/super-dot-call-and-apply.js: Added.
1159 (A.prototype.apply):
1160 (B.prototype.testSuper):
1162 (const.obj.new.B.string_appeared_here.obj.testSuper.C):
1163 (D.prototype.testSuper):
1166 2017-10-10 Saam Barati <sbarati@apple.com>
1168 The prototype cache should be aware of the Executable it generates a Structure for
1169 https://bugs.webkit.org/show_bug.cgi?id=177907
1171 Reviewed by Filip Pizlo.
1173 * microbenchmarks/dont-confuse-structures-from-different-executable-as-poly-proto.js: Added.
1183 2017-10-09 Yusuke Suzuki <utatane.tea@gmail.com>
1185 `async` should be able to be used as an imported binding name
1186 https://bugs.webkit.org/show_bug.cgi?id=176573
1188 Reviewed by Saam Barati.
1190 * modules/import-default-async.js: Added.
1191 * modules/import-named-async-as.js: Added.
1192 * modules/import-named-async.js: Added.
1193 * modules/import-named-async/target.js: Added.
1194 * modules/import-namespace-async.js: Added.
1197 2017-09-29 Filip Pizlo <fpizlo@apple.com>
1199 Enable gigacage on iOS
1200 https://bugs.webkit.org/show_bug.cgi?id=177586
1202 Reviewed by JF Bastien.
1204 Add tests for when Gigacage gets runtime disabled.
1206 * stress/disable-gigacage-arrays.js: Added.
1208 * stress/disable-gigacage-strings.js: Added.
1210 * stress/disable-gigacage-typed-arrays.js: Added.
1213 2017-10-09 Michael Saboff <msaboff@apple.com>
1215 Implement RegExp Unicode property escapes
1216 https://bugs.webkit.org/show_bug.cgi?id=172069
1218 Reviewed by JF Bastien.
1220 Enabled Unicode Property tests.
1224 2017-10-09 Commit Queue <commit-queue@webkit.org>
1226 Unreviewed, rolling out r223015 and r223025.
1227 https://bugs.webkit.org/show_bug.cgi?id=178093
1229 Regressed Kraken on iOS by 20% (Requested by keith_mi_ on
1232 Reverted changesets:
1234 "Enable gigacage on iOS"
1235 https://bugs.webkit.org/show_bug.cgi?id=177586
1236 http://trac.webkit.org/changeset/223015
1238 "Unreviewed, disable Gigacage on ARM64 Linux"
1239 https://bugs.webkit.org/show_bug.cgi?id=177586
1240 http://trac.webkit.org/changeset/223025
1242 2017-10-09 Ryan Haddad <ryanhaddad@apple.com>
1244 Update expectations for test262 tests that pass after r223043.
1245 https://bugs.webkit.org/show_bug.cgi?id=176685
1247 Unreviewed test gardening.
1251 2017-10-09 Ryan Haddad <ryanhaddad@apple.com>
1253 Unreviewed, rolling out r223022.
1255 This change introduced 18 test262 failures.
1259 "`async` should be able to be used as an imported binding
1261 https://bugs.webkit.org/show_bug.cgi?id=176573
1262 http://trac.webkit.org/changeset/223022
1264 2017-10-09 Saam Barati <sbarati@apple.com>
1266 3 poly-proto JSC tests timing out on debug after r222827
1267 https://bugs.webkit.org/show_bug.cgi?id=177880
1268 <rdar://problem/34817122>
1272 I'm skipping these type profiler tests on debug since they are long running.
1274 * typeProfiler/deltablue-for-of.js:
1275 * typeProfiler/getter-richards.js:
1277 2017-10-09 Oleksandr Skachkov <gskachkov@gmail.com>
1279 Safari 10 /11 problem with if (!await get(something)).
1280 https://bugs.webkit.org/show_bug.cgi?id=176685
1282 Reviewed by Saam Barati.
1284 * stress/async-await-basic.js:
1285 (awaitEpression.async):
1286 * stress/async-await-syntax.js:
1287 (testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntax):
1288 (prototype.testTopLevelAsyncAwaitSyntaxStrictMode):
1290 2017-10-08 Saam Barati <sbarati@apple.com>
1292 Unreviewed. Make some type profiler tests run for less time to avoid debug timeouts.
1294 * typeProfiler/deltablue-for-of.js:
1295 * typeProfiler/getter-richards.js:
1297 2017-10-07 Yusuke Suzuki <utatane.tea@gmail.com>
1299 `async` should be able to be used as an imported binding name
1300 https://bugs.webkit.org/show_bug.cgi?id=176573
1302 Reviewed by Darin Adler.
1304 * modules/import-default-async.js: Added.
1305 * modules/import-named-async-as.js: Added.
1306 * modules/import-named-async.js: Added.
1307 * modules/import-named-async/target.js: Added.
1308 * modules/import-namespace-async.js: Added.
1310 2017-09-29 Filip Pizlo <fpizlo@apple.com>
1312 Enable gigacage on iOS
1313 https://bugs.webkit.org/show_bug.cgi?id=177586
1315 Reviewed by JF Bastien.
1317 Add tests for when Gigacage gets runtime disabled.
1319 * stress/disable-gigacage-arrays.js: Added.
1321 * stress/disable-gigacage-strings.js: Added.
1323 * stress/disable-gigacage-typed-arrays.js: Added.
1326 2017-10-06 Commit Queue <commit-queue@webkit.org>
1328 Unreviewed, rolling out r222791 and r222873.
1329 https://bugs.webkit.org/show_bug.cgi?id=178031
1331 Caused crashes with workers/wasm LayoutTests (Requested by
1332 ryanhaddad on #webkit).
1334 Reverted changesets:
1336 "WebAssembly: no VM / JS version of everything but Instance"
1337 https://bugs.webkit.org/show_bug.cgi?id=177473
1338 http://trac.webkit.org/changeset/222791
1340 "WebAssembly: address no VM / JS follow-ups"
1341 https://bugs.webkit.org/show_bug.cgi?id=177887
1342 http://trac.webkit.org/changeset/222873
1344 2017-10-05 Saam Barati <sbarati@apple.com>
1346 Make sure all prototypes under poly proto get added into the VM's prototype map
1347 https://bugs.webkit.org/show_bug.cgi?id=177909
1349 Reviewed by Keith Miller.
1351 * stress/poly-proto-prototype-map-having-a-bad-time.js: Added.
1357 2017-09-30 Yusuke Suzuki <utatane.tea@gmail.com>
1359 [JSC] Introduce import.meta
1360 https://bugs.webkit.org/show_bug.cgi?id=177703
1362 Reviewed by Filip Pizlo.
1364 * modules/import-meta-syntax.js: Added.
1367 * modules/import-meta.js: Added.
1368 * modules/import-meta/cocoa.js: Added.
1369 * modules/resources/assert.js:
1370 (export.shouldNotThrow):
1371 * stress/import-syntax.js:
1373 2017-10-04 Saam Barati <sbarati@apple.com>
1375 Make pertinent AccessCases watch the poly proto watchpoint
1376 https://bugs.webkit.org/show_bug.cgi?id=177765
1378 Reviewed by Keith Miller.
1380 * microbenchmarks/poly-proto-and-non-poly-proto-same-ic.js: Added.
1385 * stress/poly-proto-clear-stub.js: Added.
1390 2017-10-04 Ryan Haddad <ryanhaddad@apple.com>
1392 Remove failure expectation for async-func-decl-dstr-obj-id-put-unresolvable-no-strict.js.
1394 Unreviewed test gardening.
1398 2017-10-04 Saam Barati <sbarati@apple.com>
1400 3 poly-proto JSC tests timing out on debug after r222827
1401 https://bugs.webkit.org/show_bug.cgi?id=177880
1403 Rubber stamped by Mark Lam.
1405 * microbenchmarks/poly-proto-access.js:
1406 * typeProfiler/deltablue-for-of.js:
1407 * typeProfiler/getter-richards.js:
1409 2017-10-04 Joseph Pecoraro <pecoraro@apple.com>
1411 Unreviewed, marking tco-catch.js as a failure after test262 update
1412 https://bugs.webkit.org/show_bug.cgi?id=177859
1416 2017-10-04 Yusuke Suzuki <utatane.tea@gmail.com>
1418 Unreviewed, marking one async iterator test262 test failed
1419 https://bugs.webkit.org/show_bug.cgi?id=177859
1423 2017-10-04 Yusuke Suzuki <utatane.tea@gmail.com>
1425 [Test262] Update Test262 to Oct 4 version
1426 https://bugs.webkit.org/show_bug.cgi?id=177859
1428 Reviewed by Sam Weinig.
1430 Let's rebaseline test262. Since it includes the latest changes to ArrayIterator::next,
1431 we no longer need to mark it skip/fail. Also this update includes bunch of BigInt tests.
1434 * test262/harness/promiseHelper.js: Renamed from JSTests/test262/harness/PromiseHelper.js.
1436 * test262/harness/typeCoercion.js:
1437 (testCoercibleToIndexZero):
1438 (testCoercibleToIndexOne):
1439 (testCoercibleToIndexFromIndex):
1440 (testNotCoercibleToIndex.testPrimitiveValue):
1441 (testNotCoercibleToInteger):
1442 (testCoercibleToBigIntZero.testPrimitiveValue):
1443 (testCoercibleToBigIntZero):
1444 (testCoercibleToBigIntOne.testPrimitiveValue):
1445 (testCoercibleToBigIntOne):
1446 (testPrimitiveValue):
1447 (testCoercibleToBigIntFromBigInt):
1448 (testNotCoercibleToBigInt.testPrimitiveValue):
1449 (testNotCoercibleToBigInt.testStringValue):
1450 (testNotCoercibleToBigInt):
1451 * test262/test/built-ins/Array/from/proto-from-ctor-realm.js:
1452 * test262/test/built-ins/Array/length/define-own-prop-length-overflow-realm.js:
1453 * test262/test/built-ins/Array/of/proto-from-ctor-realm.js:
1454 * test262/test/built-ins/Array/proto-from-ctor-realm.js:
1455 * test262/test/built-ins/Array/prototype/concat/create-proto-from-ctor-realm-array.js:
1456 * test262/test/built-ins/Array/prototype/concat/create-proto-from-ctor-realm-non-array.js:
1457 * test262/test/built-ins/Array/prototype/filter/create-proto-from-ctor-realm-array.js:
1458 * test262/test/built-ins/Array/prototype/filter/create-proto-from-ctor-realm-non-array.js:
1459 * test262/test/built-ins/Array/prototype/map/create-proto-from-ctor-realm-array.js:
1460 * test262/test/built-ins/Array/prototype/map/create-proto-from-ctor-realm-non-array.js:
1461 * test262/test/built-ins/Array/prototype/slice/create-proto-from-ctor-realm-array.js:
1462 * test262/test/built-ins/Array/prototype/slice/create-proto-from-ctor-realm-non-array.js:
1463 * test262/test/built-ins/Array/prototype/splice/create-proto-from-ctor-realm-array.js:
1464 * test262/test/built-ins/Array/prototype/splice/create-proto-from-ctor-realm-non-array.js:
1465 * test262/test/built-ins/ArrayBuffer/proto-from-ctor-realm.js:
1466 * test262/test/built-ins/BigInt/asIntN/bigint-tobigint.js:
1467 (testCoercibleToBigIntZero):
1468 (testCoercibleToBigIntOne):
1469 (testNotCoercibleToBigInt):
1472 (toString): Deleted.
1473 (Symbol.toPrimitive): Deleted.
1474 * test262/test/built-ins/BigInt/asIntN/bits-toindex.js:
1475 (testCoercibleToIndexZero):
1476 (testCoercibleToIndexOne):
1477 (testNotCoercibleToIndex):
1479 (assert.sameValue.BigInt.asIntN.valueOf): Deleted.
1480 (assert.sameValue.BigInt.asIntN.toString): Deleted.
1481 (BigInt.asIntN.Symbol.toPrimitive): Deleted.
1482 (BigInt.asIntN.valueOf): Deleted.
1483 (BigInt.asIntN.toString): Deleted.
1484 * test262/test/built-ins/BigInt/asUintN/arithmetic.js: Added.
1485 * test262/test/built-ins/BigInt/asUintN/asUintN.js: Added.
1486 * test262/test/built-ins/BigInt/asUintN/bigint-tobigint.js: Added.
1487 (testCoercibleToBigIntZero):
1488 (testCoercibleToBigIntOne):
1489 (testNotCoercibleToBigInt):
1490 * test262/test/built-ins/BigInt/asUintN/bits-toindex.js: Added.
1491 (testCoercibleToIndexZero):
1492 (testCoercibleToIndexOne):
1493 (testNotCoercibleToIndex):
1494 * test262/test/built-ins/BigInt/asUintN/length.js: Added.
1495 * test262/test/built-ins/BigInt/asUintN/name.js: Added.
1496 * test262/test/built-ins/BigInt/asUintN/order-of-steps.js: Added.
1499 * test262/test/built-ins/BigInt/prototype/valueOf/length.js: Added.
1500 * test262/test/built-ins/BigInt/prototype/valueOf/name.js: Added.
1501 * test262/test/built-ins/BigInt/prototype/valueOf/prop-desc.js: Added.
1502 * test262/test/built-ins/BigInt/prototype/valueOf/return.js: Added.
1503 * test262/test/built-ins/BigInt/prototype/valueOf/this-value-invalid-object-throws.js: Added.
1504 * test262/test/built-ins/BigInt/prototype/valueOf/this-value-invalid-primitive-throws.js: Added.
1505 * test262/test/built-ins/Boolean/proto-from-ctor-realm.js:
1506 * test262/test/built-ins/DataView/proto-from-ctor-realm-sab.js:
1507 * test262/test/built-ins/DataView/proto-from-ctor-realm.js:
1508 * test262/test/built-ins/Date/proto-from-ctor-realm-one.js:
1509 * test262/test/built-ins/Date/proto-from-ctor-realm-two.js:
1510 * test262/test/built-ins/Date/proto-from-ctor-realm-zero.js:
1511 * test262/test/built-ins/Error/proto-from-ctor-realm.js:
1512 * test262/test/built-ins/Function/call-bind-this-realm-undef.js:
1513 * test262/test/built-ins/Function/call-bind-this-realm-value.js:
1514 * test262/test/built-ins/Function/internals/Call/class-ctor-realm.js:
1515 * test262/test/built-ins/Function/internals/Construct/base-ctor-revoked-proxy-realm.js:
1516 * test262/test/built-ins/Function/internals/Construct/derived-return-val-realm.js:
1517 * test262/test/built-ins/Function/internals/Construct/derived-this-uninitialized-realm.js:
1518 * test262/test/built-ins/Function/proto-from-ctor-realm.js:
1519 * test262/test/built-ins/Function/prototype/bind/get-fn-realm.js:
1520 * test262/test/built-ins/Function/prototype/bind/proto-from-ctor-realm.js:
1521 * test262/test/built-ins/GeneratorFunction/proto-from-ctor-realm.js:
1522 * test262/test/built-ins/JSON/stringify/bigint-order.js: Added.
1524 (BigInt.prototype.toJSON):
1525 * test262/test/built-ins/JSON/stringify/bigint-replacer.js: Added.
1527 * test262/test/built-ins/JSON/stringify/bigint-tojson.js: Added.
1528 (BigInt.prototype.toJSON):
1529 * test262/test/built-ins/JSON/stringify/bigint.js:
1530 * test262/test/built-ins/Map/proto-from-ctor-realm.js:
1531 * test262/test/built-ins/Number/S9.3.1_A2_U180E.js:
1532 * test262/test/built-ins/Number/S9.3.1_A3_T1_U180E.js:
1533 * test262/test/built-ins/Number/S9.3.1_A3_T2_U180E.js:
1534 * test262/test/built-ins/Number/proto-from-ctor-realm.js:
1535 * test262/test/built-ins/Object/proto-from-ctor.js:
1536 * test262/test/built-ins/Promise/proto-from-ctor-realm.js:
1537 * test262/test/built-ins/Proxy/apply/arguments-realm.js:
1538 * test262/test/built-ins/Proxy/apply/trap-is-not-callable-realm.js:
1539 * test262/test/built-ins/Proxy/construct/arguments-realm.js:
1540 * test262/test/built-ins/Proxy/construct/trap-is-not-callable-realm.js:
1541 * test262/test/built-ins/Proxy/construct/trap-is-undefined-proto-from-ctor-realm.js:
1542 * test262/test/built-ins/Proxy/defineProperty/desc-realm.js:
1543 * test262/test/built-ins/Proxy/defineProperty/null-handler-realm.js:
1544 * test262/test/built-ins/Proxy/defineProperty/targetdesc-configurable-desc-not-configurable-realm.js:
1545 * test262/test/built-ins/Proxy/defineProperty/targetdesc-not-compatible-descriptor-not-configurable-target-realm.js:
1546 * test262/test/built-ins/Proxy/defineProperty/targetdesc-not-compatible-descriptor-realm.js:
1547 * test262/test/built-ins/Proxy/defineProperty/targetdesc-undefined-not-configurable-descriptor-realm.js:
1548 * test262/test/built-ins/Proxy/defineProperty/targetdesc-undefined-target-is-not-extensible-realm.js:
1549 * test262/test/built-ins/Proxy/defineProperty/trap-is-not-callable-realm.js:
1550 * test262/test/built-ins/Proxy/deleteProperty/trap-is-not-callable-realm.js:
1551 * test262/test/built-ins/Proxy/get-fn-realm.js:
1552 * test262/test/built-ins/Proxy/get/trap-is-not-callable-realm.js:
1553 * test262/test/built-ins/Proxy/getOwnPropertyDescriptor/result-type-is-not-object-nor-undefined-realm.js:
1554 * test262/test/built-ins/Proxy/getOwnPropertyDescriptor/trap-is-not-callable-realm.js:
1555 * test262/test/built-ins/Proxy/getPrototypeOf/trap-is-not-callable-realm.js:
1556 * test262/test/built-ins/Proxy/has/trap-is-not-callable-realm.js:
1557 * test262/test/built-ins/Proxy/isExtensible/trap-is-not-callable-realm.js:
1558 * test262/test/built-ins/Proxy/ownKeys/return-not-list-object-throws-realm.js:
1559 * test262/test/built-ins/Proxy/ownKeys/trap-is-not-callable-realm.js:
1560 * test262/test/built-ins/Proxy/preventExtensions/trap-is-not-callable-realm.js:
1561 * test262/test/built-ins/Proxy/set/trap-is-not-callable-realm.js:
1562 * test262/test/built-ins/Proxy/setPrototypeOf/trap-is-not-callable-realm.js:
1563 * test262/test/built-ins/RegExp/S15.10.2.12_A1_T1.js:
1566 * test262/test/built-ins/RegExp/dotall/with-dotall-unicode.js:
1567 * test262/test/built-ins/RegExp/dotall/with-dotall.js:
1568 * test262/test/built-ins/RegExp/dotall/without-dotall-unicode.js:
1569 * test262/test/built-ins/RegExp/dotall/without-dotall.js:
1570 * test262/test/built-ins/RegExp/proto-from-ctor-realm.js:
1571 * test262/test/built-ins/RegExp/prototype/Symbol.split/splitter-proto-from-ctor-realm.js:
1572 * test262/test/built-ins/RegExp/u180e.js: Added.
1573 * test262/test/built-ins/Set/proto-from-ctor-realm.js:
1574 * test262/test/built-ins/SharedArrayBuffer/proto-from-ctor-realm.js:
1575 * test262/test/built-ins/String/proto-from-ctor-realm.js:
1576 * test262/test/built-ins/String/prototype/endsWith/String.prototype.endsWith_Fail.js:
1577 * test262/test/built-ins/String/prototype/endsWith/String.prototype.endsWith_Fail_2.js:
1578 * test262/test/built-ins/String/prototype/endsWith/String.prototype.endsWith_Success.js:
1579 * test262/test/built-ins/String/prototype/endsWith/String.prototype.endsWith_Success_2.js:
1580 * test262/test/built-ins/String/prototype/endsWith/String.prototype.endsWith_Success_3.js:
1581 * test262/test/built-ins/String/prototype/endsWith/String.prototype.endsWith_Success_4.js:
1582 * test262/test/built-ins/String/prototype/endsWith/coerced-values-of-position.js:
1583 * test262/test/built-ins/String/prototype/endsWith/endsWith.js:
1584 * test262/test/built-ins/String/prototype/endsWith/length.js:
1585 * test262/test/built-ins/String/prototype/endsWith/name.js:
1586 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-position-as-symbol.js:
1587 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-position.js:
1588 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-searchstring-as-symbol.js:
1589 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-searchstring-regexp-test.js:
1590 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-searchstring.js:
1591 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-this-as-symbol.js:
1592 * test262/test/built-ins/String/prototype/endsWith/return-abrupt-from-this.js:
1593 * test262/test/built-ins/String/prototype/endsWith/return-false-if-search-start-is-less-than-zero.js:
1594 * test262/test/built-ins/String/prototype/endsWith/return-true-if-searchstring-is-empty.js:
1595 * test262/test/built-ins/String/prototype/endsWith/searchstring-found-with-position.js:
1596 * test262/test/built-ins/String/prototype/endsWith/searchstring-found-without-position.js:
1597 * test262/test/built-ins/String/prototype/endsWith/searchstring-is-regexp-throws.js:
1598 * test262/test/built-ins/String/prototype/endsWith/searchstring-not-found-with-position.js:
1599 * test262/test/built-ins/String/prototype/endsWith/searchstring-not-found-without-position.js:
1600 * test262/test/built-ins/String/prototype/endsWith/this-is-null-throws.js:
1601 * test262/test/built-ins/String/prototype/endsWith/this-is-undefined-throws.js:
1602 * test262/test/built-ins/String/prototype/includes/String.prototype.includes_FailBadLocation.js:
1603 * test262/test/built-ins/String/prototype/includes/String.prototype.includes_FailLocation.js:
1604 * test262/test/built-ins/String/prototype/includes/String.prototype.includes_FailMissingLetter.js:
1605 * test262/test/built-ins/String/prototype/includes/String.prototype.includes_Success.js:
1606 * test262/test/built-ins/String/prototype/includes/String.prototype.includes_SuccessNoLocation.js:
1607 * test262/test/built-ins/String/prototype/includes/String.prototype.includes_lengthProp.js:
1608 * test262/test/built-ins/String/prototype/includes/coerced-values-of-position.js:
1609 * test262/test/built-ins/String/prototype/includes/includes.js:
1610 * test262/test/built-ins/String/prototype/includes/length.js:
1611 * test262/test/built-ins/String/prototype/includes/name.js:
1612 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-position-as-symbol.js:
1613 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-position.js:
1614 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-searchstring-as-symbol.js:
1615 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-searchstring-regexp-test.js:
1616 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-searchstring.js:
1617 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-this-as-symbol.js:
1618 * test262/test/built-ins/String/prototype/includes/return-abrupt-from-this.js:
1619 * test262/test/built-ins/String/prototype/includes/return-false-with-out-of-bounds-position.js:
1620 * test262/test/built-ins/String/prototype/includes/return-true-if-searchstring-is-empty.js:
1621 * test262/test/built-ins/String/prototype/includes/searchstring-found-with-position.js:
1622 * test262/test/built-ins/String/prototype/includes/searchstring-found-without-position.js:
1623 * test262/test/built-ins/String/prototype/includes/searchstring-is-regexp-throws.js:
1624 * test262/test/built-ins/String/prototype/includes/searchstring-not-found-with-position.js:
1625 * test262/test/built-ins/String/prototype/includes/searchstring-not-found-without-position.js:
1626 * test262/test/built-ins/String/prototype/includes/this-is-null-throws.js:
1627 * test262/test/built-ins/String/prototype/includes/this-is-undefined-throws.js:
1628 * test262/test/built-ins/String/prototype/toLocaleLowerCase/Final_Sigma_U180E.js:
1629 * test262/test/built-ins/String/prototype/toLowerCase/Final_Sigma_U180E.js:
1630 * test262/test/built-ins/String/prototype/trim/u180e.js:
1631 * test262/test/built-ins/Symbol/for/cross-realm.js:
1632 * test262/test/built-ins/Symbol/hasInstance/cross-realm.js:
1633 * test262/test/built-ins/Symbol/isConcatSpreadable/cross-realm.js:
1634 * test262/test/built-ins/Symbol/iterator/cross-realm.js:
1635 * test262/test/built-ins/Symbol/keyFor/cross-realm.js:
1636 * test262/test/built-ins/Symbol/match/cross-realm.js:
1637 * test262/test/built-ins/Symbol/replace/cross-realm.js:
1638 * test262/test/built-ins/Symbol/search/cross-realm.js:
1639 * test262/test/built-ins/Symbol/species/cross-realm.js:
1640 * test262/test/built-ins/Symbol/split/cross-realm.js:
1641 * test262/test/built-ins/Symbol/toPrimitive/cross-realm.js:
1642 * test262/test/built-ins/Symbol/toStringTag/cross-realm.js:
1643 * test262/test/built-ins/Symbol/unscopables/cross-realm.js:
1644 * test262/test/built-ins/ThrowTypeError/distinct-cross-realm.js:
1645 * test262/test/built-ins/TypedArrays/buffer-arg-proto-from-ctor-realm-sab.js:
1646 * test262/test/built-ins/TypedArrays/buffer-arg-proto-from-ctor-realm.js:
1647 * test262/test/built-ins/TypedArrays/internals/DefineOwnProperty/detached-buffer-realm.js:
1648 * test262/test/built-ins/TypedArrays/internals/Get/detached-buffer-realm.js:
1649 * test262/test/built-ins/TypedArrays/internals/GetOwnProperty/detached-buffer-realm.js:
1650 * test262/test/built-ins/TypedArrays/internals/HasProperty/detached-buffer-realm.js:
1651 * test262/test/built-ins/TypedArrays/internals/Set/detached-buffer-realm.js:
1652 * test262/test/built-ins/TypedArrays/length-arg-proto-from-ctor-realm.js:
1653 * test262/test/built-ins/TypedArrays/no-args-proto-from-ctor-realm.js:
1654 * test262/test/built-ins/TypedArrays/object-arg-proto-from-ctor-realm.js:
1655 * test262/test/built-ins/TypedArrays/typedarray-arg-other-ctor-buffer-ctor-custom-species-proto-from-ctor-realm.js:
1656 * test262/test/built-ins/TypedArrays/typedarray-arg-proto-from-ctor-realm.js:
1657 * test262/test/built-ins/TypedArrays/typedarray-arg-same-ctor-buffer-ctor-species-custom-proto-from-ctor-realm.js:
1658 * test262/test/built-ins/WeakMap/proto-from-ctor-realm.js:
1659 * test262/test/built-ins/WeakSet/proto-from-ctor-realm.js:
1660 * test262/test/built-ins/parseFloat/S15.1.2.3_A2_T10_U180E.js:
1661 * test262/test/built-ins/parseInt/S15.1.2.2_A2_T10_U180E.js:
1662 * test262/test/intl402/NumberFormat/prototype/formatToParts/length.js:
1663 * test262/test/language/comments/mongolian-vowel-separator-multi.js:
1664 * test262/test/language/comments/mongolian-vowel-separator-single-eval.js:
1665 * test262/test/language/comments/mongolian-vowel-separator-single.js:
1666 * test262/test/language/eval-code/indirect/realm.js:
1667 * test262/test/language/expressions/assignment/dstr-obj-rest-order.js: Added.
1670 * test262/test/language/expressions/call/eval-realm-indirect.js:
1671 * test262/test/language/expressions/generators/eval-body-proto-realm.js:
1672 * test262/test/language/expressions/greater-than-or-equal/bigint-and-bigint.js: Added.
1673 * test262/test/language/expressions/greater-than-or-equal/bigint-and-non-finite.js: Added.
1674 * test262/test/language/expressions/greater-than-or-equal/bigint-and-number-extremes.js: Added.
1675 * test262/test/language/expressions/greater-than-or-equal/bigint-and-number.js:
1676 * test262/test/language/expressions/greater-than/bigint-and-bigint.js: Added.
1677 * test262/test/language/expressions/greater-than/bigint-and-non-finite.js: Added.
1678 * test262/test/language/expressions/greater-than/bigint-and-number-extremes.js: Added.
1679 * test262/test/language/expressions/greater-than/bigint-and-number.js:
1680 * test262/test/language/expressions/less-than-or-equal/bigint-and-bigint.js: Added.
1681 * test262/test/language/expressions/less-than-or-equal/bigint-and-non-finite.js: Added.
1682 * test262/test/language/expressions/less-than-or-equal/bigint-and-number-extremes.js: Added.
1683 * test262/test/language/expressions/less-than-or-equal/bigint-and-number.js:
1684 * test262/test/language/expressions/less-than/bigint-and-bigint.js: Added.
1685 * test262/test/language/expressions/less-than/bigint-and-non-finite.js: Added.
1686 * test262/test/language/expressions/less-than/bigint-and-number-extremes.js: Added.
1687 * test262/test/language/expressions/less-than/bigint-and-number.js:
1688 * test262/test/language/expressions/new/non-ctor-err-realm.js:
1689 * test262/test/language/expressions/super/realm.js:
1690 * test262/test/language/expressions/tagged-template/cache-realm.js:
1691 * test262/test/language/expressions/template-literal/mongolian-vowel-separator-eval.js:
1692 * test262/test/language/expressions/template-literal/mongolian-vowel-separator.js:
1693 * test262/test/language/literals/regexp/mongolian-vowel-separator-eval.js:
1694 * test262/test/language/literals/regexp/mongolian-vowel-separator.js:
1695 * test262/test/language/literals/string/mongolian-vowel-separator-eval.js:
1696 * test262/test/language/literals/string/mongolian-vowel-separator.js:
1697 * test262/test/language/statements/for-of/dstr-obj-rest-order.js: Added.
1700 * test262/test/language/statements/for-of/iterator-next-reference.js:
1702 (iterator.next): Deleted.
1703 (x.of.iterable.): Deleted.
1704 (x.of.iterable.get return): Deleted.
1705 (x.of.iterable.iterator.next): Deleted.
1706 * test262/test/language/types/reference/get-value-prop-base-primitive-realm.js:
1707 * test262/test/language/types/reference/put-value-prop-base-primitive-realm.js:
1708 * test262/test/language/white-space/mongolian-vowel-separator-eval.js:
1709 * test262/test/language/white-space/mongolian-vowel-separator.js:
1710 * test262/test262-Revision.txt:
1712 2017-10-03 Saam Barati <sbarati@apple.com>
1714 Implement polymorphic prototypes
1715 https://bugs.webkit.org/show_bug.cgi?id=176391
1717 Reviewed by Filip Pizlo.
1719 * microbenchmarks/poly-proto-access.js: Added.
1722 (foo.C.prototype.get bar):
1725 * microbenchmarks/poly-proto-put-transition-speed.js: Added.
1727 (makePolyProtoObject.foo.C):
1728 (makePolyProtoObject.foo):
1729 (makePolyProtoObject):
1731 * microbenchmarks/poly-proto-setter-speed.js: Added.
1733 (makePolyProtoObject.foo.C):
1734 (makePolyProtoObject.foo.C.prototype.set p):
1735 (makePolyProtoObject.foo):
1736 (makePolyProtoObject):
1738 * stress/constructor-with-return.js:
1739 (i.tests.forEach.Constructor):
1741 (tests.forEach.Constructor): Deleted.
1742 (tests.forEach): Deleted.
1743 * stress/dom-jit-with-poly-proto.js: Added.
1745 (makePolyProtoObject.foo.C):
1746 (makePolyProtoObject.foo):
1747 (makePolyProtoObject):
1749 * stress/poly-proto-custom-value-and-accessor.js: Added.
1751 (makePolyProtoObject.foo.C):
1752 (makePolyProtoObject.foo):
1753 (makePolyProtoObject):
1756 * stress/poly-proto-intrinsic-getter-correctness.js: Added.
1758 (makePolyProtoObject.foo.C):
1759 (makePolyProtoObject.foo):
1760 (makePolyProtoObject):
1762 * stress/poly-proto-miss.js: Added.
1763 (makePolyProtoInstanceWithNullPrototype.foo.C):
1764 (makePolyProtoInstanceWithNullPrototype.foo):
1765 (makePolyProtoInstanceWithNullPrototype):
1768 * stress/poly-proto-op-in-caching.js: Added.
1770 (makePolyProtoObject.foo.C):
1771 (makePolyProtoObject.foo):
1772 (makePolyProtoObject):
1775 * stress/poly-proto-put-transition.js: Added.
1777 (makePolyProtoObject.foo.C):
1778 (makePolyProtoObject.foo):
1779 (makePolyProtoObject):
1781 (i.obj.__proto__.set p):
1782 * stress/poly-proto-set-prototype.js: Added.
1784 (let.alternateProto.get x):
1785 (let.alternateProto2.get y):
1786 (let.alternateProto2.get x):
1790 * stress/poly-proto-setter.js: Added.
1792 (makePolyProtoObject.foo.C):
1793 (makePolyProtoObject.foo.C.prototype.set p):
1794 (makePolyProtoObject.foo.C.prototype.get p):
1795 (makePolyProtoObject.foo):
1796 (makePolyProtoObject):
1798 * stress/poly-proto-using-inheritance.js: Added.
1801 (foo.C.prototype.get baz):
1806 * stress/primitive-poly-proto.js: Added.
1807 (makePolyProtoInstance.foo.C):
1808 (makePolyProtoInstance.foo):
1809 (makePolyProtoInstance):
1812 * stress/prototype-is-not-js-object.js: Added.
1817 * stress/try-get-by-id-poly-proto.js: Added.
1819 (makePolyProtoObject.foo.C):
1820 (makePolyProtoObject.foo):
1821 (makePolyProtoObject):
1823 (x.__proto__.get bar):
1825 * typeProfiler/overflow.js:
1827 2017-10-03 JF Bastien <jfbastien@apple.com>
1829 WebAssembly: no VM / JS version of everything but Instance
1830 https://bugs.webkit.org/show_bug.cgi?id=177473
1832 Reviewed by Filip Pizlo.
1834 - Exceeding max on memory growth now returns a range error as per
1835 spec. This is a (very minor) breaking change: it used to throw OOM
1836 error. Update the corresponding test.
1838 * wasm/js-api/memory-grow.js:
1840 * wasm/js-api/table.js:
1843 2017-10-03 Ryan Haddad <ryanhaddad@apple.com>
1845 Skip JSC test stress/regress-159779-2.js on debug.
1846 https://bugs.webkit.org/show_bug.cgi?id=177204
1848 Unreviewed test gardening.
1850 * stress/regress-159779-2.js:
1852 2017-10-02 Caio Lima <ticaiolima@gmail.com>
1854 ChakraCore/test/Function/apply3.js is resulting wrong result in x86_64
1855 https://bugs.webkit.org/show_bug.cgi?id=175642
1857 Reviewed by Darin Adler.
1859 * ChakraCore/test/Function/apply3.baseline-jsc:
1861 2017-10-01 Commit Queue <commit-queue@webkit.org>
1863 Unreviewed, rolling out r222564.
1864 https://bugs.webkit.org/show_bug.cgi?id=177720
1866 "It regressed JetStream by 2% on iOS caused by a 50%
1867 regression on the bigfib subtest" (Requested by saamyjoon on
1872 "Add Above/Below comparisons for UInt32 patterns"
1873 https://bugs.webkit.org/show_bug.cgi?id=177281
1874 http://trac.webkit.org/changeset/222564
1876 2017-09-29 Yusuke Suzuki <utatane.tea@gmail.com>
1878 [DFG] Support ArrayPush with multiple args
1879 https://bugs.webkit.org/show_bug.cgi?id=175823
1881 Reviewed by Saam Barati.
1883 * microbenchmarks/array-push-0.js: Added.
1885 * microbenchmarks/array-push-1.js: Added.
1887 * microbenchmarks/array-push-2.js: Added.
1889 * microbenchmarks/array-push-3.js: Added.
1891 * stress/array-push-multiple-contiguous.js: Added.
1894 * stress/array-push-multiple-double-nan.js: Added.
1897 * stress/array-push-multiple-double.js: Added.
1900 * stress/array-push-multiple-int32.js: Added.
1903 * stress/array-push-multiple-many-contiguous.js: Added.
1906 * stress/array-push-multiple-many-double.js: Added.
1909 * stress/array-push-multiple-many-int32.js: Added.
1912 * stress/array-push-multiple-many-storage.js: Added.
1915 * stress/array-push-multiple-storage.js: Added.
1918 * stress/array-push-with-force-exit.js: Added.
1919 (target.createBuiltin):
1921 2017-09-29 Saam Barati <sbarati@apple.com>
1923 Custom GetterSetterAccessCase does not use the correct slotBase when making call
1924 https://bugs.webkit.org/show_bug.cgi?id=177639
1926 Reviewed by Geoffrey Garen.
1928 * stress/custom-get-set-inline-caching-one-level-up-proto-chain.js: Added.
1934 2017-09-29 Commit Queue <commit-queue@webkit.org>
1936 Unreviewed, rolling out r222563, r222565, and r222581.
1937 https://bugs.webkit.org/show_bug.cgi?id=177675
1939 "It causes a crash when playing youtube videos" (Requested by
1940 saamyjoon on #webkit).
1942 Reverted changesets:
1944 "[DFG] Support ArrayPush with multiple args"
1945 https://bugs.webkit.org/show_bug.cgi?id=175823
1946 http://trac.webkit.org/changeset/222563
1948 "Unreviewed, build fix after r222563"
1949 https://bugs.webkit.org/show_bug.cgi?id=175823
1950 http://trac.webkit.org/changeset/222565
1952 "Unreviewed, fix x86 breaking due to exhausted registers"
1953 https://bugs.webkit.org/show_bug.cgi?id=175823
1954 http://trac.webkit.org/changeset/222581
1956 2017-09-28 Mark Lam <mark.lam@apple.com>
1958 test262: Unexpected passes after r222617 and r222618.
1959 https://bugs.webkit.org/show_bug.cgi?id=177622
1960 <rdar://problem/34725960>
1962 Reviewed by Saam Barati.
1964 Update test262.yaml for tests that are now passing.
1968 2017-09-27 Michael Saboff <msaboff@apple.com>
1970 REGRESSION(210837): RegExp containing failed non-zero minimum greedy groups incorrectly match
1971 https://bugs.webkit.org/show_bug.cgi?id=177570
1973 Reviewed by Filip Pizlo.
1975 New regression test.
1977 * stress/regress-177570.js: Added.
1979 2017-09-28 Michael Saboff <msaboff@apple.com>
1981 Heap out of bounds read in JSC::Yarr::Parser<JSC::Yarr::SyntaxChecker, unsigned char>::peek()
1982 https://bugs.webkit.org/show_bug.cgi?id=177423
1984 Reviewed by Mark Lam.
1986 Updated regression test.
1988 * stress/regress-177423.js:
1991 2017-09-27 Mark Lam <mark.lam@apple.com>
1993 JSArray::canFastCopy() should fail if the source and destination arrays are the same.
1994 https://bugs.webkit.org/show_bug.cgi?id=177584
1995 <rdar://problem/34463903>
1997 Reviewed by Saam Barati.
1999 * stress/regress-177584.js: Added.
2001 (Array.prototype.Symbol.species):
2003 2017-09-27 Saam Barati <sbarati@apple.com>
2005 Propagate hasBeenFlattenedBefore in Structure's transition constructor and fix our for-in caching to fail when the prototype chain has an object with a dictionary structure
2006 https://bugs.webkit.org/show_bug.cgi?id=177523
2008 Reviewed by Mark Lam.
2010 * stress/prototype-chain-has-dictionary-structure-for-in-caching.js: Added.
2013 (addMethods.Test.prototype.string_appeared_here.i.methodNumber):
2015 (i.Test.prototype.propName):
2017 2017-09-27 Mark Lam <mark.lam@apple.com>
2019 Yarr::Parser::tryConsumeGroupName() should check for the end of the pattern.
2020 https://bugs.webkit.org/show_bug.cgi?id=177423
2021 <rdar://problem/34621320>
2023 Reviewed by Keith Miller.
2025 * stress/regress-177423.js: Added.
2027 2017-09-27 Yusuke Suzuki <utatane.tea@gmail.com>
2029 Add Above/Below comparisons for UInt32 patterns
2030 https://bugs.webkit.org/show_bug.cgi?id=177281
2032 Reviewed by Saam Barati.
2034 * stress/uint32-comparison-jump.js: Added.
2044 * stress/uint32-comparison.js: Added.
2055 2017-09-25 Yusuke Suzuki <utatane.tea@gmail.com>
2057 [DFG] Support ArrayPush with multiple args
2058 https://bugs.webkit.org/show_bug.cgi?id=175823
2060 Reviewed by Saam Barati.
2062 * microbenchmarks/array-push-0.js: Added.
2064 * microbenchmarks/array-push-1.js: Added.
2066 * microbenchmarks/array-push-2.js: Added.
2068 * microbenchmarks/array-push-3.js: Added.
2070 * stress/array-push-multiple-contiguous.js: Added.
2073 * stress/array-push-multiple-double-nan.js: Added.
2076 * stress/array-push-multiple-double.js: Added.
2079 * stress/array-push-multiple-int32.js: Added.
2082 * stress/array-push-multiple-many-contiguous.js: Added.
2085 * stress/array-push-multiple-many-double.js: Added.
2088 * stress/array-push-multiple-many-int32.js: Added.
2091 * stress/array-push-multiple-many-storage.js: Added.
2094 * stress/array-push-multiple-storage.js: Added.
2098 2017-09-26 Commit Queue <commit-queue@webkit.org>
2100 Unreviewed, rolling out r222518.
2101 https://bugs.webkit.org/show_bug.cgi?id=177507
2103 Break the High Sierra build (Requested by yusukesuzuki on
2108 "Add Above/Below comparisons for UInt32 patterns"
2109 https://bugs.webkit.org/show_bug.cgi?id=177281
2110 http://trac.webkit.org/changeset/222518
2112 2017-09-26 Yusuke Suzuki <utatane.tea@gmail.com>
2114 Add Above/Below comparisons for UInt32 patterns
2115 https://bugs.webkit.org/show_bug.cgi?id=177281
2117 Reviewed by Saam Barati.
2119 * stress/uint32-comparison-jump.js: Added.
2129 * stress/uint32-comparison.js: Added.
2140 2017-09-23 Keith Miller <keith_miller@apple.com>
2142 Fix infinite looping test262 test
2143 https://bugs.webkit.org/show_bug.cgi?id=177412
2145 Reviewed by Yusuke Suzuki.
2147 This test was poorly designed since failing it would cause the vm
2148 to inifinite loop. I've fixed it locally and will fix it on github pending
2149 the results of next weeks tc39 meeting.
2152 * test262/test/language/statements/for-of/iterator-next-reference.js:
2154 2017-09-23 Joseph Pecoraro <pecoraro@apple.com>
2156 test262: $.agent became $262.agent in test262 update
2157 https://bugs.webkit.org/show_bug.cgi?id=177407
2159 Reviewed by Yusuke Suzuki.
2162 ~320 tests pass now that we correctly make $262 available.
2164 2017-09-22 Keith Miller <keith_miller@apple.com>
2166 Speculatively change iteration protocall to use the same next function
2167 https://bugs.webkit.org/show_bug.cgi?id=175653
2169 Reviewed by Saam Barati.
2171 Change test to match the new iteration behavior.
2173 * stress/spread-optimized-properly.js:
2175 2017-09-22 Yusuke Suzuki <utatane.tea@gmail.com>
2177 [DFG][FTL] Profile array vector length for array allocation
2178 https://bugs.webkit.org/show_bug.cgi?id=177051
2180 Reviewed by Saam Barati.
2182 * microbenchmarks/new-array-buffer-vector-profile.js: Added.
2185 2017-09-22 Commit Queue <commit-queue@webkit.org>
2187 Unreviewed, rolling out r222380.
2188 https://bugs.webkit.org/show_bug.cgi?id=177352
2190 Octane/box2d shows 8% regression (Requested by yusukesuzuki on
2195 "[DFG][FTL] Profile array vector length for array allocation"
2196 https://bugs.webkit.org/show_bug.cgi?id=177051
2197 http://trac.webkit.org/changeset/222380
2199 2017-09-21 Yusuke Suzuki <utatane.tea@gmail.com>
2201 [DFG][FTL] Profile array vector length for array allocation
2202 https://bugs.webkit.org/show_bug.cgi?id=177051
2204 Reviewed by Saam Barati.
2206 * microbenchmarks/new-array-buffer-vector-profile.js: Added.
2209 2017-09-21 Joseph Pecoraro <pecoraro@apple.com>
2211 Skip new hanging test262 tests.
2212 https://bugs.webkit.org/show_bug.cgi?id=177326
2214 Unreviewed test gardening.
2218 2017-09-21 Ryan Haddad <ryanhaddad@apple.com>
2220 Mark 6 test262 tests as passing.
2221 https://bugs.webkit.org/show_bug.cgi?id=177307
2223 Unreviewed test gardening.
2227 2017-09-20 Joseph Pecoraro <pecoraro@apple.com>
2229 Unreviewed follow-up to r222311.
2231 * test262/harness/sta.js:
2232 * test262/test/built-ins/Array/from/calling-from-valid-1-noStrict.js:
2233 * test262/test/built-ins/Array/from/calling-from-valid-1-onlyStrict.js:
2234 * test262/test/built-ins/Array/from/calling-from-valid-2.js:
2235 * test262/test/built-ins/Array/from/elements-added-after.js:
2236 * test262/test/built-ins/Array/from/elements-deleted-after.js:
2237 * test262/test/built-ins/Array/from/elements-updated-after.js:
2238 * test262/test/built-ins/Array/from/from-array.js:
2239 * test262/test/built-ins/Array/from/mapfn-is-not-callable-typeerror.js:
2240 * test262/test/built-ins/Array/from/mapfn-throws-exception.js:
2241 * test262/test/built-ins/Array/from/source-array-boundary.js:
2242 * test262/test/built-ins/Array/from/source-object-constructor.js:
2243 * test262/test/built-ins/Array/from/source-object-iterator-1.js:
2244 * test262/test/built-ins/Array/from/source-object-iterator-2.js:
2245 * test262/test/built-ins/Array/from/source-object-length.js:
2246 * test262/test/built-ins/Array/from/source-object-missing.js:
2247 * test262/test/built-ins/Array/from/source-object-without.js:
2248 * test262/test/built-ins/Array/from/this-null.js:
2249 * test262/test/built-ins/Function/prototype/toString/line-terminator-normalisation-CR.js:
2250 * test262/test/language/line-terminators/S7.3_A3.2_T1.js:
2251 * test262/test/language/literals/numeric/7.8.3-1gs.js:
2252 * test262/test/language/literals/numeric/7.8.3-2gs.js:
2253 * test262/test/language/literals/numeric/7.8.3-3gs.js:
2254 * test262/test/language/literals/regexp/7.8.5-1gs.js:
2255 * test262/test/language/literals/string/7.8.4-1gs.js:
2256 Fix some files that I failed to update when I applied my patch.
2258 2017-09-20 Joseph Pecoraro <pecoraro@apple.com>
2260 Update test262 tests
2261 https://bugs.webkit.org/show_bug.cgi?id=177220
2263 Reviewed by Saam Barati and Yusuke Suzuki.
2266 * test262/test262-Revision.txt:
2267 New rebaselined expectations for all tests.
2272 2017-09-17 Yusuke Suzuki <utatane.tea@gmail.com>
2274 [DFG] Remove ToThis more aggressively
2275 https://bugs.webkit.org/show_bug.cgi?id=177056
2277 Reviewed by Saam Barati.
2279 * stress/generator-with-this-strict.js: Added.
2283 * stress/generator-with-this.js: Added.
2288 2017-09-17 Michael Saboff <msaboff@apple.com>
2290 https://bugs.webkit.org/show_bug.cgi?id=177038
2291 Add an option to run-jsc-stress-tests to limit tests variations to a basic set
2293 Reviewed by JF Bastien.
2295 * stress/unshiftCountSlowCase-correct-postCapacity.js: Disabled this test on ARM64 iOS devices
2296 as it dies using too much memory.
2298 2017-09-15 Saam Barati <sbarati@apple.com>
2300 Arity fixup during inlining should do a 2 phase commit so it properly recovers the frame in case of exit
2301 https://bugs.webkit.org/show_bug.cgi?id=176981
2303 Reviewed by Yusuke Suzuki.
2305 * stress/exit-during-inlined-arity-fixup-recover-proper-frame.js: Added.
2309 (const.bar.createBuiltin):
2311 2017-09-14 Saam Barati <sbarati@apple.com>
2313 It should be valid to exit before each set when doing arity fixup when inlining
2314 https://bugs.webkit.org/show_bug.cgi?id=176948
2316 Reviewed by Keith Miller.
2318 * stress/arity-fixup-inlining-dont-generate-invalid-use.js: Added.
2323 2017-09-14 Yusuke Suzuki <utatane.tea@gmail.com>
2325 [JSC] Add PrivateSymbolMode::{Include,Exclude} for PropertyNameArray
2326 https://bugs.webkit.org/show_bug.cgi?id=176867
2328 Reviewed by Sam Weinig.
2330 * microbenchmarks/object-get-own-property-symbols.js: Added.
2333 2017-09-13 Mark Lam <mark.lam@apple.com>
2335 Rolling out r221832: Regresses Speedometer by ~4% and Dromaeo CSS YUI by ~20%.
2336 https://bugs.webkit.org/show_bug.cgi?id=176888
2337 <rdar://problem/34381832>
2341 * stress/op_mod-ConstVar.js:
2342 * stress/op_mod-VarConst.js:
2343 * stress/op_mod-VarVar.js:
2345 2017-09-13 Ryan Haddad <ryanhaddad@apple.com>
2347 Skip 3 op_mod tests on Debug JSC bots.
2348 https://bugs.webkit.org/show_bug.cgi?id=176630
2350 Unreviewed test gardening.
2352 * stress/op_mod-ConstVar.js:
2353 * stress/op_mod-VarConst.js:
2354 * stress/op_mod-VarVar.js:
2356 2017-09-13 Yusuke Suzuki <utatane.tea@gmail.com>
2358 [JSC] Fix Array allocation in Object.keys
2359 https://bugs.webkit.org/show_bug.cgi?id=176826
2361 Reviewed by Saam Barati.
2363 * stress/object-own-property-keys.js: Added.
2366 2017-09-12 Yusuke Suzuki <utatane.tea@gmail.com>
2368 [DFG] Optimize WeakMap::get by adding intrinsic and fixup
2369 https://bugs.webkit.org/show_bug.cgi?id=176010
2371 Reviewed by Filip Pizlo.
2373 * microbenchmarks/weak-map-key.js: Added.
2376 (let.start.Date.now):
2378 2017-09-12 Mark Lam <mark.lam@apple.com>
2380 REGRESSION: 3 stress/op_mod (and op_div) tests timing out on Debug JSC bots.
2381 https://bugs.webkit.org/show_bug.cgi?id=176630
2383 Reviewed by JF Bastien.
2385 Debug builds are just slow, and these tests do a lot. They pass when I run them
2386 locally on my MacBook Pro. So, I'm bumping their timing multiplier to 2.0x as
2387 a speculative fix for the bots that are seeing these fail.
2389 I also undid the skipping of the op_mod tests for debug builds.
2391 * stress/op_div-ConstVar.js:
2392 * stress/op_div-VarConst.js:
2393 * stress/op_div-VarVar.js:
2394 * stress/op_mod-ConstVar.js:
2395 * stress/op_mod-VarConst.js:
2396 * stress/op_mod-VarVar.js:
2398 2017-09-12 Ryan Haddad <ryanhaddad@apple.com>
2400 Skip stress/value-to-boolean.js on Debug bots.
2401 https://bugs.webkit.org/show_bug.cgi?id=176787
2403 Unreviewed test gardening.
2405 * stress/value-to-boolean.js:
2407 2017-09-11 Mark Lam <mark.lam@apple.com>
2409 Change test expectation for test262/test/language/statements/try/tco-catch.js
2410 https://bugs.webkit.org/show_bug.cgi?id=176749
2412 Rubber stamped by Keith Miller.
2414 It's been failing since at least r221821. I'm changing the test expectation to
2415 fail to green the bots while I investigate some more.
2419 2017-09-11 Ryan Haddad <ryanhaddad@apple.com>
2421 Unreviewed, rolling out r221854.
2423 The test added with this change fails on 32-bit JSC bots.
2427 "[DFG] Optimize WeakMap::get by adding intrinsic and fixup"
2428 https://bugs.webkit.org/show_bug.cgi?id=176010
2429 http://trac.webkit.org/changeset/221854
2431 2017-09-03 Yusuke Suzuki <utatane.tea@gmail.com>
2433 [DFG] Optimize WeakMap::get by adding intrinsic and fixup
2434 https://bugs.webkit.org/show_bug.cgi?id=176010
2436 Reviewed by Filip Pizlo.
2438 * microbenchmarks/weak-map-key.js: Added.
2441 (let.start.Date.now):
2443 2017-09-09 Yusuke Suzuki <utatane.tea@gmail.com>
2445 [JSC] Optimize Object.keys by using careful array allocation
2446 https://bugs.webkit.org/show_bug.cgi?id=176654
2448 Reviewed by Darin Adler.
2450 * microbenchmarks/object-keys.js: Added.
2453 2017-09-09 Filip Pizlo <fpizlo@apple.com>
2455 Error should compute .stack and friends lazily
2456 https://bugs.webkit.org/show_bug.cgi?id=176645
2458 Reviewed by Saam Barati.
2460 * ChakraCore.yaml: Skip test that was testing non-standard behavior of these fields.
2461 * microbenchmarks/new-error.js: Added.
2462 * microbenchmarks/throw.js: Added.
2464 2017-09-09 Mark Lam <mark.lam@apple.com>
2466 [Re-landing] Use JIT probes for DFG OSR exit.
2467 https://bugs.webkit.org/show_bug.cgi?id=175144
2468 <rdar://problem/33437050>
2470 Not reviewed. Original patch reviewed by Saam Barati.
2472 Disable these tests for debug builds because they run too slow with the new OSR exit.
2474 * stress/op_mod-ConstVar.js:
2475 * stress/op_mod-VarConst.js:
2476 * stress/op_mod-VarVar.js:
2478 2017-09-08 Yusuke Suzuki <utatane.tea@gmail.com>
2480 [DFG] NewArrayWithSize(size)'s size does not care negative zero
2481 https://bugs.webkit.org/show_bug.cgi?id=176300
2483 Reviewed by Saam Barati.
2485 * stress/new-array-with-size-div.js: Added.
2490 2017-09-08 Yusuke Suzuki <utatane.tea@gmail.com>
2492 [DFG] PutByVal with Array::Generic is too generic
2493 https://bugs.webkit.org/show_bug.cgi?id=176345
2495 Reviewed by Filip Pizlo.
2497 * stress/object-assign-symbols.js: Added.
2500 * stress/object-assign.js: Added.
2503 (i.shouldBe.JSON.stringify.test):
2505 2017-09-08 Yusuke Suzuki <utatane.tea@gmail.com>
2507 [DFG][FTL] GetByVal(ObjectUse with Array::Generic, StringUse/SymbolUse) should be supported
2508 https://bugs.webkit.org/show_bug.cgi?id=176590
2510 Reviewed by Saam Barati.
2512 * microbenchmarks/object-iterate-symbols.js: Added.
2514 * microbenchmarks/object-iterate.js: Added.
2516 * stress/object-iterate-symbols.js: Added.
2519 * stress/object-iterate.js: Added.
2523 2017-09-07 Per Arne Vollan <pvollan@apple.com>
2525 [Win32] 10 JSC stress tests are failing.
2526 https://bugs.webkit.org/show_bug.cgi?id=176538
2528 Reviewed by Mark Lam.
2530 Skip tests on Windows to make the bots green.
2533 * stress/date-relaxed.js:
2535 2017-09-06 Mark Lam <mark.lam@apple.com>
2537 constructGenericTypedArrayViewWithArguments() is missing an exception check.
2538 https://bugs.webkit.org/show_bug.cgi?id=176485
2539 <rdar://problem/33898874>
2541 Reviewed by Keith Miller.
2543 * stress/regress-176485.js: Added.
2545 2017-09-05 Saam Barati <sbarati@apple.com>
2547 isNotCellSpeculation is wrong with respect to SpecEmpty
2548 https://bugs.webkit.org/show_bug.cgi?id=176429
2550 Reviewed by Michael Saboff.
2552 * microbenchmarks/is-not-cell-speculation-for-empty-value.js: Added.
2555 2017-09-05 Joseph Pecoraro <pecoraro@apple.com>
2557 test262: Completion values for control flow do not match the spec
2558 https://bugs.webkit.org/show_bug.cgi?id=171265
2560 Reviewed by Saam Barati.
2562 * stress/completion-value.js:
2563 Condensed test for completion values in top level statements.
2565 * stress/super-get-by-id.js:
2566 ClassDeclaration when evaled no longer produce values. Convert
2567 these to ClassExpressions so they produce the class value.
2569 * ChakraCore/test/GlobalFunctions/evalreturns3.baseline-jsc:
2570 This is a progression for currect spec behavior.
2572 * mozilla/mozilla-tests.yaml:
2573 This test is now outdated, so mark it as failing for that reason.
2576 Passing all "cptn" completion value tests.
2578 2017-09-04 Saam Barati <sbarati@apple.com>
2580 typeCheckHoistingPhase may emit a CheckStructure on the empty value which leads to a dereference of zero on 64 bit platforms
2581 https://bugs.webkit.org/show_bug.cgi?id=176317
2583 Reviewed by Keith Miller.
2585 * stress/dont-crash-when-hoist-check-structure-on-tdz.js: Added.
2588 2017-09-03 Yusuke Suzuki <utatane.tea@gmail.com>
2590 [DFG][FTL] Efficiently execute number#toString()
2591 https://bugs.webkit.org/show_bug.cgi?id=170007
2593 Reviewed by Keith Miller.
2595 * microbenchmarks/number-to-string-strength-reduction.js: Added.
2597 * microbenchmarks/number-to-string-with-radix-10.js: Added.
2599 * microbenchmarks/number-to-string-with-radix-cse.js: Added.
2601 * microbenchmarks/number-to-string-with-radix.js: Added.
2603 * stress/number-to-string-strength-reduction.js: Added.
2606 * stress/number-to-string-with-radix-10.js: Added.
2609 * stress/number-to-string-with-radix-cse.js: Added.
2612 * stress/number-to-string-with-radix-invalid.js: Added.
2614 * stress/number-to-string-with-radix-watchpoint.js: Added.
2617 (i.i.1e3.Number.prototype.toString):
2618 * stress/number-to-string-with-radix.js: Added.
2622 2017-09-02 Yusuke Suzuki <utatane.tea@gmail.com>
2624 [DFG] Relax arity requirement
2625 https://bugs.webkit.org/show_bug.cgi?id=175523
2627 Reviewed by Saam Barati.
2629 * stress/arity-mismatch-arguments-length.js: Added.
2633 * stress/arity-mismatch-get-argument.js: Added.
2635 (builtin.createBuiltin):
2637 * stress/arity-mismatch-inlining-extra-slots.js: Added.
2641 * stress/arity-mismatch-inlining.js: Added.
2645 * stress/arity-mismatch-rest.js: Added.
2651 2017-08-31 Yusuke Suzuki <utatane.tea@gmail.com>
2653 [JSC] Fix "name" and "length" of Proxy revoke function
2654 https://bugs.webkit.org/show_bug.cgi?id=176155
2656 Reviewed by Mark Lam.
2660 2017-08-31 Saam Barati <sbarati@apple.com>
2662 Graph::methodOfGettingAValueProfileFor compares NodeOrigin instead of the semantic CodeOrigin
2663 https://bugs.webkit.org/show_bug.cgi?id=176206
2665 Reviewed by Keith Miller.
2667 * stress/compare-semantic-origin-op-negate-method-of-getting-a-value-profile.js: Added.
2672 2017-08-31 Ryan Haddad <ryanhaddad@apple.com>
2674 Skip two slow JSC tests after r221422.
2676 Unreviewed test gardening.
2678 * stress/regexp-prototype-match-on-too-long-rope.js:
2679 * stress/regexp-prototype-test-on-too-long-rope.js:
2681 2017-08-31 Filip Pizlo <fpizlo@apple.com>
2683 Unreviewed, skipping slow tests.
2685 These tests are now timing out. They would have always been slow. The timeouts are probably because OOMs
2686 work differently now.
2688 * stress/regexp-prototype-exec-on-too-long-rope.js:
2689 * stress/string-prototype-charCodeAt-on-too-long-rope.js:
2691 2017-08-31 Yusuke Suzuki <utatane.tea@gmail.com>
2693 [JSC] Use reifying system for "name" property of builtin JSFunction
2694 https://bugs.webkit.org/show_bug.cgi?id=175260
2696 Reviewed by Saam Barati.
2698 * stress/accessors-get-set-prefix.js:
2699 * stress/builtin-function-name.js: Added.
2702 (shouldBe.JSON.stringify.Object.getOwnPropertyDescriptor):
2703 (shouldBe.JSON.stringify.Object.getOwnPropertyNames.Array.prototype.filter.sort):
2704 * stress/private-name-as-anonymous-builtin.js: Added.
2708 2017-08-30 Saam Barati <sbarati@apple.com>
2710 Unreviewed. Make test stop printing.
2712 * microbenchmarks/fake-iterators-that-throw-when-finished.js:
2714 2017-08-30 Ryan Haddad <ryanhaddad@apple.com>
2716 Unreviewed, rolling out r221327.
2718 This change caused test262 failures.
2722 "[JSC] Use reifying system for "name" property of builtin
2724 https://bugs.webkit.org/show_bug.cgi?id=175260
2725 http://trac.webkit.org/changeset/221327
2727 2017-08-30 Saam Barati <sbarati@apple.com>
2729 semicolon is being interpreted as an = in the LiteralParser
2730 https://bugs.webkit.org/show_bug.cgi?id=176114
2732 Reviewed by Oliver Hunt.
2734 * stress/jsonp-literal-parser-semicolon-is-not-assignment.js: Added.
2735 * stress/resources/literal-parser-test-case.js: Added.
2737 2017-08-30 Oleksandr Skachkov <gskachkov@gmail.com>
2739 [ESNext] Async iteration - Implement async iteration statement: for-await-of
2740 https://bugs.webkit.org/show_bug.cgi?id=166698
2742 Reviewed by Yusuke Suzuki.
2744 * stress/async-iteration-for-await-of-syntax.js: Added.
2748 (checkSimpleAsyncGeneratorSloppyMode):
2749 (checkSimpleAsyncGeneratorStrictMode):
2750 (checkNestedAsyncGenerators):
2751 (checkSimpleAsyncGeneratorSyntaxErrorInStrictMode):
2752 * stress/async-iteration-for-await-of.js: Added.
2758 2017-08-29 Yusuke Suzuki <utatane.tea@gmail.com>
2760 [JSC] Use reifying system for "name" property of builtin JSFunction
2761 https://bugs.webkit.org/show_bug.cgi?id=175260
2763 Reviewed by Saam Barati.
2765 * stress/accessors-get-set-prefix.js:
2766 * stress/builtin-function-name.js: Added.
2769 (shouldBe.JSON.stringify.Object.getOwnPropertyDescriptor):
2770 (shouldBe.JSON.stringify.Object.getOwnPropertyNames.Array.prototype.filter.sort):
2772 2017-08-25 Saam Barati <sbarati@apple.com>
2774 Support compiling catch in the DFG
2775 https://bugs.webkit.org/show_bug.cgi?id=174590
2776 <rdar://problem/34047845>
2778 Reviewed by Filip Pizlo.
2780 * microbenchmarks/delta-blue-try-catch.js: Added.
2783 (OrderedCollection):
2784 (OrderedCollection.prototype.add):
2785 (OrderedCollection.prototype.at):
2786 (OrderedCollection.prototype.size):
2787 (OrderedCollection.prototype.removeFirst):
2788 (OrderedCollection.prototype.remove):
2790 (Strength.stronger):
2792 (Strength.weakestOf):
2793 (Strength.strongest):
2794 (Strength.prototype.nextWeaker):
2796 (Constraint.prototype.addConstraint):
2797 (Constraint.prototype.satisfy):
2798 (Constraint.prototype.destroyConstraint):
2799 (Constraint.prototype.isInput):
2801 (UnaryConstraint.prototype.addToGraph):
2802 (UnaryConstraint.prototype.chooseMethod):
2803 (UnaryConstraint.prototype.isSatisfied):
2804 (UnaryConstraint.prototype.markInputs):
2805 (UnaryConstraint.prototype.output):
2806 (UnaryConstraint.prototype.recalculate):
2807 (UnaryConstraint.prototype.markUnsatisfied):
2808 (UnaryConstraint.prototype.inputsKnown):
2809 (UnaryConstraint.prototype.removeFromGraph):
2811 (StayConstraint.prototype.execute):
2812 (EditConstraint.prototype.isInput):
2813 (EditConstraint.prototype.execute):
2815 (BinaryConstraint.prototype.chooseMethod):
2816 (BinaryConstraint.prototype.addToGraph):
2817 (BinaryConstraint.prototype.isSatisfied):
2818 (BinaryConstraint.prototype.markInputs):
2819 (BinaryConstraint.prototype.input):
2820 (BinaryConstraint.prototype.output):
2821 (BinaryConstraint.prototype.recalculate):
2822 (BinaryConstraint.prototype.markUnsatisfied):
2823 (BinaryConstraint.prototype.inputsKnown):
2824 (BinaryConstraint.prototype.removeFromGraph):
2826 (ScaleConstraint.prototype.addToGraph):
2827 (ScaleConstraint.prototype.removeFromGraph):
2828 (ScaleConstraint.prototype.markInputs):
2829 (ScaleConstraint.prototype.execute):
2830 (ScaleConstraint.prototype.recalculate):
2831 (EqualityConstraint):
2832 (EqualityConstraint.prototype.execute):
2834 (Variable.prototype.addConstraint):
2835 (Variable.prototype.removeConstraint):
2837 (Planner.prototype.incrementalAdd):
2838 (Planner.prototype.incrementalRemove):
2839 (Planner.prototype.newMark):
2840 (Planner.prototype.makePlan):
2841 (Planner.prototype.extractPlanFromConstraints):
2842 (Planner.prototype.addPropagate):
2843 (Planner.prototype.removePropagateFrom):
2844 (Planner.prototype.addConstraintsConsumingTo):
2846 (Plan.prototype.addConstraint):
2847 (Plan.prototype.size):
2848 (Plan.prototype.constraintAt):
2849 (Plan.prototype.execute):
2854 * microbenchmarks/fake-iterators-that-throw-when-finished.js: Added.
2857 (Numbers.prototype.next):
2859 (return.Transpose.prototype.next):
2865 * microbenchmarks/try-catch-word-count.js: Added.
2880 (A.prototype.getValue):
2881 (B.prototype.getParentValue):
2891 (set delete.set has.set add):
2892 * stress/catch-set-argument-speculation-failure.js: Added.
2900 * stress/osr-enter-to-catch-with-set-local-type-check-failure.js: Added.
2906 2017-08-24 Commit Queue <commit-queue@webkit.org>
2908 Unreviewed, rolling out r221119, r221124, and r221143.
2909 https://bugs.webkit.org/show_bug.cgi?id=175973
2911 "I think it regressed JSBench by 20%" (Requested by saamyjoon
2914 Reverted changesets:
2916 "Support compiling catch in the DFG"
2917 https://bugs.webkit.org/show_bug.cgi?id=174590
2918 http://trac.webkit.org/changeset/221119
2920 "Unreviewed, build fix in GTK port"
2921 https://bugs.webkit.org/show_bug.cgi?id=174590
2922 http://trac.webkit.org/changeset/221124
2924 "DFG::JITCode::osrEntry should get sorted since we perform a
2925 binary search on it"
2926 https://bugs.webkit.org/show_bug.cgi?id=175893
2927 http://trac.webkit.org/changeset/221143
2929 2017-08-24 Michael Saboff <msaboff@apple.com>
2931 Add support for RegExp "dotAll" flag
2932 https://bugs.webkit.org/show_bug.cgi?id=175924
2934 Reviewed by Keith Miller.
2936 Updated tests for new dotAll ('s' flag) changes.
2938 * es6/Proxy_internal_get_calls_RegExp.prototype.flags.js:
2939 * stress/static-getter-in-names.js:
2941 2017-08-24 Mark Lam <mark.lam@apple.com>
2943 Land regression test for https://bugs.webkit.org/show_bug.cgi?id=164081.
2944 https://bugs.webkit.org/show_bug.cgi?id=175940
2945 <rdar://problem/29003921>
2947 Reviewed by Saam Barati.
2949 * stress/regress-164081.js: Added.
2953 2017-08-24 Ryan Haddad <ryanhaddad@apple.com>
2955 Skip flaky JSC test stress/test-finally.js.
2956 https://bugs.webkit.org/show_bug.cgi?id=160283
2958 Unreviewed test gardening.
2960 * stress/test-finally.js:
2962 2017-08-23 Saam Barati <sbarati@apple.com>
2964 Support compiling catch in the DFG
2965 https://bugs.webkit.org/show_bug.cgi?id=174590
2967 Reviewed by Filip Pizlo.
2969 * microbenchmarks/delta-blue-try-catch.js: Added.
2972 (OrderedCollection):
2973 (OrderedCollection.prototype.add):
2974 (OrderedCollection.prototype.at):
2975 (OrderedCollection.prototype.size):
2976 (OrderedCollection.prototype.removeFirst):
2977 (OrderedCollection.prototype.remove):
2979 (Strength.stronger):
2981 (Strength.weakestOf):
2982 (Strength.strongest):
2983 (Strength.prototype.nextWeaker):
2985 (Constraint.prototype.addConstraint):
2986 (Constraint.prototype.satisfy):
2987 (Constraint.prototype.destroyConstraint):
2988 (Constraint.prototype.isInput):
2990 (UnaryConstraint.prototype.addToGraph):
2991 (UnaryConstraint.prototype.chooseMethod):
2992 (UnaryConstraint.prototype.isSatisfied):
2993 (UnaryConstraint.prototype.markInputs):
2994 (UnaryConstraint.prototype.output):
2995 (UnaryConstraint.prototype.recalculate):
2996 (UnaryConstraint.prototype.markUnsatisfied):
2997 (UnaryConstraint.prototype.inputsKnown):
2998 (UnaryConstraint.prototype.removeFromGraph):
3000 (StayConstraint.prototype.execute):
3001 (EditConstraint.prototype.isInput):
3002 (EditConstraint.prototype.execute):
3004 (BinaryConstraint.prototype.chooseMethod):
3005 (BinaryConstraint.prototype.addToGraph):
3006 (BinaryConstraint.prototype.isSatisfied):
3007 (BinaryConstraint.prototype.markInputs):
3008 (BinaryConstraint.prototype.input):
3009 (BinaryConstraint.prototype.output):
3010 (BinaryConstraint.prototype.recalculate):
3011 (BinaryConstraint.prototype.markUnsatisfied):
3012 (BinaryConstraint.prototype.inputsKnown):
3013 (BinaryConstraint.prototype.removeFromGraph):
3015 (ScaleConstraint.prototype.addToGraph):
3016 (ScaleConstraint.prototype.removeFromGraph):
3017 (ScaleConstraint.prototype.markInputs):
3018 (ScaleConstraint.prototype.execute):
3019 (ScaleConstraint.prototype.recalculate):
3020 (EqualityConstraint):
3021 (EqualityConstraint.prototype.execute):
3023 (Variable.prototype.addConstraint):
3024 (Variable.prototype.removeConstraint):
3026 (Planner.prototype.incrementalAdd):
3027 (Planner.prototype.incrementalRemove):
3028 (Planner.prototype.newMark):
3029 (Planner.prototype.makePlan):
3030 (Planner.prototype.extractPlanFromConstraints):
3031 (Planner.prototype.addPropagate):
3032 (Planner.prototype.removePropagateFrom):
3033 (Planner.prototype.addConstraintsConsumingTo):
3035 (Plan.prototype.addConstraint):
3036 (Plan.prototype.size):
3037 (Plan.prototype.constraintAt):
3038 (Plan.prototype.execute):
3043 * microbenchmarks/fake-iterators-that-throw-when-finished.js: Added.
3046 (Numbers.prototype.next):
3048 (return.Transpose.prototype.next):
3054 * microbenchmarks/try-catch-word-count.js: Added.
3069 (A.prototype.getValue):
3070 (B.prototype.getParentValue):
3080 (set delete.set has.set add):
3081 * stress/catch-set-argument-speculation-failure.js: Added.
3089 * stress/osr-enter-to-catch-with-set-local-type-check-failure.js: Added.
3095 2017-08-23 Yusuke Suzuki <utatane.tea@gmail.com>
3097 [JSC] Optimize Map iteration with intrinsic
3098 https://bugs.webkit.org/show_bug.cgi?id=174355
3100 Reviewed by Saam Barati.
3102 * stress/map-iterator-result-should-have-expected-shape.js: Added.
3105 * stress/set-iterator-result-should-have-expected-shape.js: Added.
3107 (throw.new.Error.let.iterator.set Symbol):
3108 (throw.new.Error.set add):
3109 (let.iterator.set Symbol):
3111 2017-08-23 Robin Morisset <rmorisset@apple.com>
3113 Add a micro-benchmark for checking that accessing a variable within a 'with'
3114 block does not automatically prevent type prediction.
3115 https://bugs.webkit.org/show_bug.cgi?id=175738
3117 Reviewed by Saam Barati.
3119 * stress/with_and_arith.js: Added.
3122 2017-08-23 Skachkov Oleksandr <gskachkov@gmail.com>
3124 [ESNext] Async iteration - Implement Async Generator - runtime
3125 https://bugs.webkit.org/show_bug.cgi?id=175240
3127 Reviewed by Yusuke Suzuki.
3129 * stress/async-iteration-async-from-sync.js: Added.
3133 (this.fullfilledDone):
3138 (const.assertLogger):
3139 (const.getPromise.promiseHolder.return.new.Promise):
3145 * stress/async-iteration-basic.js: Added.
3149 (this.fullfilledDone):
3154 (const.assertLogger):
3155 (const.getPromise.promiseHolder.return.new.Promise):
3157 (iterator.next.then):
3162 (A.prototype.async.foo):
3163 (A.prototype.async.boo):
3165 (asyncGenExp.async):
3178 * stress/async-iteration-evaluation.js: Added.
3182 * stress/async-iteration-syntax.js:
3183 * stress/async-iteration-yield-promise.js: Added.
3187 (this.fullfilledDone):
3192 (const.assertLogger):
3193 (const.getPromise.promiseHolder.return.new.Promise):
3197 * stress/async-iteration-yield-star-interface.js: Added.
3199 (const.getPromise.promiseHolder.return.new.Promise):
3202 (this.fullfilledDone):
3208 (const.assertLogger):
3209 (let.asyncIter.Symbol.asyncIterator):
3210 (let.asyncIter.next):
3211 (let.asyncIter.throw):
3212 (let.asyncIter.return):
3214 (asyncIter.Symbol.asyncIterator):
3221 * stress/async-iteration-yield-star.js: Added.
3225 (this.fullfilledDone):
3231 (const.assertLogger):
3232 (const.getPromise.promiseHolder.return.new.Promise):
3241 (let.asyncIter.Symbol.asyncIterator):
3242 (let.asyncIter.next):
3243 (let.asyncIter.throw):
3244 (let.asyncIter.return):
3249 2017-08-23 JF Bastien <jfbastien@apple.com>
3251 Fix printing in test
3253 Unreviewed: fixing verbosity, shouldn't have been there.
3255 * wasm/regress/175693.js:
3259 2017-08-18 Ryan Haddad <ryanhaddad@apple.com>
3261 Skip flaky JSC test microbenchmarks/generator-with-several-types.js.
3262 https://bugs.webkit.org/show_bug.cgi?id=172543
3264 Unreviewed test gardening.
3266 * microbenchmarks/generator-with-several-types.js:
3268 2017-08-17 JF Bastien <jfbastien@apple.com>
3270 WebAssembly: const in unreachable code decoded incorrectly, erroneously rejects binary as invalid
3271 https://bugs.webkit.org/show_bug.cgi?id=175693
3272 <rdar://problem/33952443>
3274 Reviewed by Saam Barati.
3276 Add a regression directory for WebAssembly tests.
3279 * wasm/regress/175693.js: Added.
3281 (instance.new.WebAssembly.Instance.new.WebAssembly.Module):
3283 * wasm/regress/175693.wasm: Added.
3285 2017-08-15 Robin Morisset <rmorisset@apple.com>
3287 Support the 'with' keyword in FTL.
3288 https://bugs.webkit.org/show_bug.cgi?id=175585
3290 Reviewed by Saam Barati.
3292 Also improve the JSTest/stress/with.js file to test
3293 what happens when non-objects are passed to with.
3300 2017-08-14 Keith Miller <keith_miller@apple.com>
3302 Add testing tool to lie to the DFG about profiles
3303 https://bugs.webkit.org/show_bug.cgi?id=175487
3305 Reviewed by Saam Barati.
3307 * stress/compare-eq-incomplete-profile.js: Added.
3308 (const.test.createBuiltin):
3310 2017-08-14 Robin Morisset <rmorisset@apple.com>
3312 Support the with keyword in DFG
3313 https://bugs.webkit.org/show_bug.cgi?id=175470
3315 Reviewed by Saam Barati.
3317 Added a new stress-test for the 'with' keyword, that caught a bug in a
3318 previous version of this code.
3320 * stress/with.js: Added.
3323 2017-08-14 Ryan Haddad <ryanhaddad@apple.com>
3325 Skip flaky JSC test test/fieldopts/objtypespec-newobj-invalidation.1.js
3326 https://bugs.webkit.org/show_bug.cgi?id=175544
3328 Unreviewed test gardening.
3332 2017-08-09 Caitlin Potter <caitp@igalia.com>
3334 Early error on ANY operator before new.target
3335 https://bugs.webkit.org/show_bug.cgi?id=157970
3337 Reviewed by Saam Barati.
3339 Instead of throwing if any unary operator precedes new.target, only
3340 throw if the unary operator updates the reference.
3342 The following become legal in JSC:
3352 All of which are legal in v8 and SpiderMonkey in strict and sloppy mode
3354 * stress/new-target-syntax-errors.js:
3355 * stress/new-target.js:
3357 2017-08-09 Ryan Haddad <ryanhaddad@apple.com>
3359 Skip failing JSC tests stress/regress-169783.js and wasm.yaml/wasm/stress/oom.js.
3360 https://bugs.webkit.org/show_bug.cgi?id=175255
3362 Unreviewed test gardening.
3364 * stress/regress-169783.js:
3365 * wasm/stress/oom.js:
3367 2017-08-09 Oleksandr Skachkov <gskachkov@gmail.com>
3369 REGRESSION: 2 test262/test/language/statements/async-function failures
3370 https://bugs.webkit.org/show_bug.cgi?id=175334
3372 Reviewed by Yusuke Suzuki.
3374 Add @skip parameters to tests, and remove test for async iterator from
3375 async await syntax test because it is already covered by async-iterator-syntax.js
3377 * stress/async-await-syntax.js:
3378 * stress/async-iteration-syntax.js:
3380 2017-08-08 Yusuke Suzuki <utatane.tea@gmail.com>
3382 Unreviewed, gardening test262 for Promise resolve / reject function length
3383 https://bugs.webkit.org/show_bug.cgi?id=175333
3387 2017-08-07 Robin Morisset <rmorisset@apple.com>
3389 GetOwnProperty of TypedArray indexed fields is wrongly configurable
3390 https://bugs.webkit.org/show_bug.cgi?id=175307
3392 Reviewed by Saam Barati.
3394 * stress/typedarray-getownproperty-not-configurable.js: Added.
3398 2017-08-06 Yusuke Suzuki <utatane.tea@gmail.com>
3400 Promise resolve and reject function should have length = 1
3401 https://bugs.webkit.org/show_bug.cgi?id=175242
3403 Reviewed by Saam Barati.
3405 * stress/builtin-function-length.js: Added.
3408 (shouldBe.JSON.stringify.Object.getOwnPropertyDescriptor):
3409 (shouldBe.JSON.stringify.Object.getOwnPropertyNames.Array.prototype.filter.sort):
3411 2017-08-06 Oleksandr Skachkov <gskachkov@gmail.com>
3413 [ESNext] Async iteration - Implement Async Generator - parser
3414 https://bugs.webkit.org/show_bug.cgi?id=175210
3416 Reviewed by Yusuke Suzuki.
3418 * stress/async-await-syntax.js:
3419 (testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntax):
3420 * stress/async-iteration-syntax.js: Added.
3424 (checkSimpleAsyncGeneratorSloppyMode):
3425 (checkSimpleAsyncGeneratorStrictMode):
3426 (checkNestedAsyncGenerators):
3427 (checkSimpleAsyncGeneratorSyntaxErrorInStrictMode):
3428 * stress/generator-class-methods-syntax.js:
3430 2017-08-03 Carlos Alberto Lopez Perez <clopez@igalia.com>
3432 JSC test wasm/js-api/test_memory_constructor.js should be skipped on memoryLimited
3433 https://bugs.webkit.org/show_bug.cgi?id=175150
3435 Unreviewed test gardening.
3437 * wasm/js-api/test_memory_constructor.js:
3439 2017-08-02 Carlos Alberto Lopez Perez <clopez@igalia.com>
3441 [Linux] JSTests/wasm/stress/oom.js should not run on Linux
3442 https://bugs.webkit.org/show_bug.cgi?id=175100
3444 Reviewed by Mark Lam.
3446 The JSC test JSTests/wasm/stress/oom.js tries to use all the
3447 available memory until an out of memory exception happens.
3449 The Linux kernel is more tuned for server workloads than for GUI
3450 responsiveness. When a process tries to use a lot of memory, Linux
3451 will do its best to serve the request. This usually translates to
3452 free physical RAM by writing to disk dirty pages and/or moving out
3453 less recently used pages to swap (disk storage).
3454 Meanwhile it does this, the system will become unresponsive and this
3455 leads to freezes that can last even some minutes on the worst cases.
3457 Therefore, let's skip this test on Linux as it will cause more harm
3458 than good on the Linux bots or on the machines of Linux developers.
3460 * wasm/stress/oom.js:
3462 2017-08-01 Oleksandr Skachkov <gskachkov@gmail.com>
3464 [JSC] Remove unnecessary print from stress\promise-finally.js test
3465 https://bugs.webkit.org/show_bug.cgi?id=175015
3467 Reviewed by Yusuke Suzuki.
3469 * stress/promise-finally.js:
3473 2017-07-31 Yusuke Suzuki <utatane.tea@gmail.com>
3475 Unreviewed, update test262 results for optional catch binding
3479 2017-07-31 Yusuke Suzuki <utatane.tea@gmail.com>
3481 [JSC] Support optional catch binding
3482 https://bugs.webkit.org/show_bug.cgi?id=174981
3484 Reviewed by Saam Barati.
3486 * stress/optional-catch-binding-syntax.js: Added.
3490 * stress/optional-catch-binding.js: Added.
3494 2017-07-28 Mark Lam <mark.lam@apple.com>
3496 ObjectToStringAdaptiveStructureWatchpoint should not fire if it's dying imminently.
3497 https://bugs.webkit.org/show_bug.cgi?id=174948
3498 <rdar://problem/33495680>
3500 Reviewed by Filip Pizlo.
3502 * stress/regress-174948.js: Added.
3504 2017-07-28 Yusuke Suzuki <utatane.tea@gmail.com>
3506 ASSERTION FAILED: candidate->op() == PhantomCreateRest || candidate->op() == PhantomDirectArguments || candidate->op() == PhantomClonedArguments || candidate->op() == PhantomSpread || candidate->op() == PhantomNewArrayWithSpread
3507 https://bugs.webkit.org/show_bug.cgi?id=174900
3509 Reviewed by Saam Barati.
3511 * stress/arguments-elimination-candidate-listings-should-respect-pseudo-terminals.js: Added.
3516 2017-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
3518 Hoist DOM binding attribute getter prologue into JavaScriptCore taking advantage of DOMJIT / CheckSubClass
3519 https://bugs.webkit.org/show_bug.cgi?id=171637
3521 Reviewed by Darin Adler.
3523 * stress/domjit-getter-complex-with-incorrect-object.js:
3525 * stress/domjit-getter-type-check.js: Copied from JSTests/stress/domjit-getter-complex-with-incorrect-object.js.
3529 2017-07-26 JF Bastien <jfbastien@apple.com>
3531 WebAssembly: test throwing out of the start function
3532 https://bugs.webkit.org/show_bug.cgi?id=165714
3533 <rdar://problem/29760251>
3535 Reviewed by Keith Miller.
3538 * wasm/function-tests/trap-from-start.js: Added.
3540 * wasm/function-tests/trap-from-start-async.js: Added.
3541 (async.StartTrapsAsync):
3543 2017-07-21 Yusuke Suzuki <utatane.tea@gmail.com>
3545 [FTL] Arguments elimination is suppressed by unreachable blocks
3546 https://bugs.webkit.org/show_bug.cgi?id=174352
3548 Reviewed by Filip Pizlo.
3550 * stress/arguments-elimination-force-exit.js: Added.
3554 * stress/arguments-elimination-throw.js: Added.
3560 2017-07-13 Mark Lam <mark.lam@apple.com>
3562 Add some additional test cases for bug 170896.
3563 https://bugs.webkit.org/show_bug.cgi?id=174491
3565 Reviewed by Filip Pizlo.
3567 * stress/regress-170896-with-contiguous-shape-profile.js: Copied from JSTests/stress/regress-170896.js.
3568 * stress/regress-170896-with-double-shape-profile.js: Added.
3570 * stress/regress-170896-with-int32-shape-profile.js: Added.
3572 * stress/regress-170896.js: Removed.
3574 2017-07-13 Saam Barati <sbarati@apple.com>
3576 Missing exception check in JSObject::hasInstance
3577 https://bugs.webkit.org/show_bug.cgi?id=174455
3578 <rdar://problem/31384608>
3580 Reviewed by Mark Lam.
3582 * stress/has-instance-exception-check.js: Added.
3584 (let.getter.Object.getOwnPropertyDescriptor.get foo):
3586 2017-07-13 Caio Lima <ticaiolima@gmail.com>
3588 [ESnext] Implement Object Spread
3589 https://bugs.webkit.org/show_bug.cgi?id=167963
3591 Reviewed by Saam Barati.
3593 * stress/obj-rest-destructuring-order.js: Added.
3597 * stress/obj-spread-order.js: Added.
3601 * stress/object-spread.js: Added.
3610 (try.let.obj.get foo):
3613 2017-07-12 Saam Barati <sbarati@apple.com>
3615 GenericArguments consults the wrong state when tracking modified argument descriptors and mapped arguments
3616 https://bugs.webkit.org/show_bug.cgi?id=174411
3617 <rdar://problem/31696186>
3619 Reviewed by Mark Lam.
3621 * stress/generic-arguments-correct-delete-behavior.js: Added.
3625 2017-07-07 Mark Lam <mark.lam@apple.com>
3627 \n\r is not the same as \r\n.
3628 https://bugs.webkit.org/show_bug.cgi?id=173053
3630 Reviewed by Keith Miller.
3632 * stress/regress-173053.js: Added.
3633 * stress/template-literal-line-terminators.js:
3635 2017-07-06 Saam Barati <sbarati@apple.com>
3637 We are missing places where we invalidate the for-in context
3638 https://bugs.webkit.org/show_bug.cgi?id=174184
3640 Reviewed by Geoffrey Garen.
3642 * stress/for-in-invalidate-context-weird-assignments.js: Added.
3646 2017-07-05 Saam Barati <sbarati@apple.com>
3648 NewArray in FTLLowerDFGToB3 does not handle speculating on doubles when having a bad time
3649 https://bugs.webkit.org/show_bug.cgi?id=174188
3650 <rdar://problem/30581423>
3652 Reviewed by Mark Lam.
3654 * stress/new-array-having-a-bad-time-double.js: Added.
3658 2017-07-05 Yusuke Suzuki <utatane.tea@gmail.com>
3660 WTF::StringImpl::copyChars segfaults when built with GCC 7
3661 https://bugs.webkit.org/show_bug.cgi?id=173407
3663 Reviewed by Andreas Kling.
3665 * stress/string-repeat-copy-chars-crash.js: Added.
3668 2017-07-03 Saam Barati <sbarati@apple.com>
3670 Skip unshiftCountSlowCase-correct-postCapacity.js on debug builds since it takes a long time to run.
3672 * stress/unshiftCountSlowCase-correct-postCapacity.js:
3674 2017-07-03 Yusuke Suzuki <utatane.tea@gmail.com>
3676 Unreviewed, annotate dont--reserve-huge-capacity-lexer.js with $memoryLimited
3678 It requires too much memory.
3680 * stress/dont-reserve-huge-capacity-lexer.js:
3682 2017-06-30 Michael Saboff <msaboff@apple.com>
3684 Skip a test on ARM64 platform since we run out of address space.
3686 Rubber stamped by Saam Barati.
3688 * stress/dont-reserve-huge-capacity-lexer.js:
3690 2017-06-30 Michael Saboff <msaboff@apple.com>
3692 RegExp's anchored with .* with \g flag can return wrong match start for strings with multiple matches
3693 https://bugs.webkit.org/show_bug.cgi?id=174044
3695 Reviewed by Oliver Hunt.
3697 New regression test.
3699 * stress/regress-174044.js: Added.
3703 2017-06-30 Filip Pizlo <fpizlo@apple.com>
3705 RegExpCachedResult::setInput should reify left and right contexts
3706 https://bugs.webkit.org/show_bug.cgi?id=173818
3708 Reviewed by Keith Miller.
3710 * stress/right-left-context-invalidated-by-input.js: Added.
3711 (test.validateContexts):
3714 2017-06-29 Saam Barati <sbarati@apple.com>
3716 Calculating postCapacity in unshiftCountSlowCase is wrong
3717 https://bugs.webkit.org/show_bug.cgi?id=173992
3718 <rdar://problem/32283199>
3720 Reviewed by Keith Miller.
3722 * stress/unshiftCountSlowCase-correct-postCapacity.js: Added.
3725 2017-06-29 Commit Queue <commit-queue@webkit.org>
3727 Unreviewed, rolling out r218512.
3728 https://bugs.webkit.org/show_bug.cgi?id=173981
3730 "It changes the behavior of the JS API's JSEvaluateScript
3731 which breaks TurboTax" (Requested by saamyjoon on #webkit).
git://git.webkit.org / WebKit-https.git / blob