stress/big-wasm-memory tests failing on 32-bit JSC bot
[WebKit-https.git] / JSTests / ChangeLog
1 2018-12-06  Keith Miller  <keith_miller@apple.com>
2
3         stress/big-wasm-memory tests failing on 32-bit JSC bot
4         https://bugs.webkit.org/show_bug.cgi?id=192020
5
6         Reviewed by Saam Barati.
7
8         Not every platform has WebAssembly, e.g. 32-bit, so we should exit
9         the wasm stress tests if the WebAssembly object does not exist.
10
11         * stress/big-wasm-memory-grow-no-max.js:
12         (test.foo):
13         (test):
14         (foo): Deleted.
15         (catch): Deleted.
16         * stress/big-wasm-memory-grow.js:
17         (test.foo):
18         (test):
19         (foo): Deleted.
20         (catch): Deleted.
21         * stress/big-wasm-memory.js:
22         (test.foo):
23         (test):
24         (foo): Deleted.
25         (catch): Deleted.
26
27 2018-12-05  Mark Lam  <mark.lam@apple.com>
28
29         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
30         https://bugs.webkit.org/show_bug.cgi?id=192441
31         <rdar://problem/46480355>
32
33         Reviewed by Saam Barati.
34
35         * stress/regress-192441.js: Added.
36
37 2018-12-04  Mark Lam  <mark.lam@apple.com>
38
39         DFG's StrengthReduction phase should not reduce Construct into DirectContruct when the executable does not have constructAbility.
40         https://bugs.webkit.org/show_bug.cgi?id=192386
41         <rdar://problem/46445516>
42
43         Reviewed by Saam Barati.
44
45         * stress/regress-192386.js: Added.
46
47 2018-12-04  Caio Lima  <ticaiolima@gmail.com>
48
49         [ESNext][BigInt] Support logic operations
50         https://bugs.webkit.org/show_bug.cgi?id=179903
51
52         Reviewed by Yusuke Suzuki.
53
54         * stress/big-int-branch-usage.js: Added.
55         * stress/big-int-logical-and.js: Added.
56         * stress/big-int-logical-not.js: Added.
57         * stress/big-int-logical-or.js: Added.
58
59 2018-12-03  Ryan Haddad  <ryanhaddad@apple.com>
60
61         Unreviewed, rolling out r238833.
62
63         Breaks macOS and iOS debug builds.
64
65         Reverted changeset:
66
67         "[ESNext][BigInt] Support logic operations"
68         https://bugs.webkit.org/show_bug.cgi?id=179903
69         https://trac.webkit.org/changeset/238833
70
71 2018-12-03  Caio Lima  <ticaiolima@gmail.com>
72
73         [ESNext][BigInt] Support logic operations
74         https://bugs.webkit.org/show_bug.cgi?id=179903
75
76         Reviewed by Yusuke Suzuki.
77
78         * stress/big-int-branch-usage.js: Added.
79         * stress/big-int-logical-and.js: Added.
80         * stress/big-int-logical-not.js: Added.
81         * stress/big-int-logical-or.js: Added.
82
83 2018-12-02  Caio Lima  <ticaiolima@gmail.com>
84
85         [ESNext][BigInt] Implement support for "<<" and ">>"
86         https://bugs.webkit.org/show_bug.cgi?id=186233
87
88         Reviewed by Yusuke Suzuki.
89
90         * stress/big-int-left-shift-general.js: Added.
91         * stress/big-int-left-shift-range-error.js: Added.
92         * stress/big-int-left-shift-type-error.js: Added.
93         * stress/big-int-left-shift-wrapped-value.js: Added.
94         * stress/big-int-right-shift-general.js: Added.
95         * stress/big-int-right-shift-type-error.js: Added.
96         * stress/big-int-right-shift-wrapped-value.js: Added.
97         * stress/left-shift-to-primitive-precedence.js: Added.
98         * stress/right-shift-to-primitive-precedence.js: Added.
99
100 2018-11-30  Dean Jackson  <dino@apple.com>
101
102         Add first-class support for .mjs files in jsc binary
103         https://bugs.webkit.org/show_bug.cgi?id=192190
104         <rdar://problem/46375715>
105
106         Reviewed by Keith Miller.
107
108         * stress/simple-module.mjs: Added.
109         * stress/simple-script.js: Added.
110
111 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
112
113         [BigInt] Implement ValueBitXor into DFG
114         https://bugs.webkit.org/show_bug.cgi?id=190264
115
116         Reviewed by Yusuke Suzuki.
117
118         * stress/big-int-bitwise-xor-jit.js: Added.
119         * stress/big-int-bitwise-xor-memory-stress.js: Added.
120         * stress/big-int-bitwise-xor-untyped.js: Added.
121
122 2018-11-27  Saam barati  <sbarati@apple.com>
123
124         r238510 broke scopes of size zero
125         https://bugs.webkit.org/show_bug.cgi?id=192033
126         <rdar://problem/46281734>
127
128         Reviewed by Keith Miller.
129
130         * stress/r238510-bad-loop.js: Added.
131         (foo):
132
133 2018-11-27  Mark Lam  <mark.lam@apple.com>
134
135         [Re-landing] NaNs read from Wasm code needs to be be purified.
136         https://bugs.webkit.org/show_bug.cgi?id=191056
137         <rdar://problem/45660341>
138
139         Reviewed by Filip Pizlo.
140
141         * wasm/regress/regress-191056.js: Added.
142
143 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
144
145         Unreviewed, rolling out r238509.
146
147         Causes JSC tests to fail on iOS.
148
149         Reverted changeset:
150
151         "NaNs read from Wasm code needs to be be purified."
152         https://bugs.webkit.org/show_bug.cgi?id=191056
153         https://trac.webkit.org/changeset/238509
154
155 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
156
157         Re-introduce op_bitnot
158         https://bugs.webkit.org/show_bug.cgi?id=190923
159
160         Reviewed by Yusuke Suzuki.
161
162         * stress/bit-not-must-generate.js: Added.
163         * stress/bitwise-not-no-int32.js: Added.
164
165 2018-11-26  Saam barati  <sbarati@apple.com>
166
167         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
168         https://bugs.webkit.org/show_bug.cgi?id=191956
169         <rdar://problem/45665806>
170
171         Reviewed by Yusuke Suzuki.
172
173         * stress/end-basic-block-set-local-should-filter-type.js: Added.
174         (bar):
175         (foo):
176
177 2018-11-26  Saam barati  <sbarati@apple.com>
178
179         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
180         https://bugs.webkit.org/show_bug.cgi?id=191958
181         <rdar://problem/46221877>
182
183         Reviewed by Yusuke Suzuki.
184
185         * stress/object-allocation-sinking-phase-needs-to-write-to-each-scope-offset.js: Added.
186         (x):
187         (foo):
188
189 2018-11-26  Mark Lam  <mark.lam@apple.com>
190
191         NaNs read from Wasm code needs to be be purified.
192         https://bugs.webkit.org/show_bug.cgi?id=191056
193         <rdar://problem/45660341>
194
195         Reviewed by Filip Pizlo.
196
197         * wasm/regress/regress-191056.js: Added.
198
199 2018-11-26  Michael Saboff  <msaboff@apple.com>
200
201         32-bit JSC test failure: stress/regexp-compile-oom.js
202         https://bugs.webkit.org/show_bug.cgi?id=191375
203
204         Reviewed by Mark Lam.
205
206         Disabled the test for 32 bit platforms.
207
208         * stress/regexp-compile-oom.js:
209
210 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
211
212         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
213         https://bugs.webkit.org/show_bug.cgi?id=191716
214         <rdar://problem/45723878>
215
216         Reviewed by Saam Barati.
217
218         * stress/regress-187373.js: Added.
219         (async.fn):
220
221 2018-11-21  Saam barati  <sbarati@apple.com>
222
223         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
224         https://bugs.webkit.org/show_bug.cgi?id=191897
225         <rdar://problem/45871998>
226
227         Reviewed by Mark Lam.
228
229         * stress/exitok-is-not-the-same-as-mayExit.js: Added.
230         (bar):
231         (foo):
232
233 2018-11-21  Saam barati  <sbarati@apple.com>
234
235         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
236         https://bugs.webkit.org/show_bug.cgi?id=191895
237         <rdar://problem/46167406>
238
239         Reviewed by Mark Lam.
240
241         * stress/known-cell-use-needs-type-check-assertion.js: Added.
242         (foo):
243         (bar):
244
245 2018-11-21  Mark Lam  <mark.lam@apple.com>
246
247         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
248         https://bugs.webkit.org/show_bug.cgi?id=191776
249         <rdar://problem/46152851>
250
251         Reviewed by Saam Barati.
252
253         * stress/big-wasm-memory-grow-no-max.js:
254         * stress/big-wasm-memory-grow.js:
255         * stress/big-wasm-memory.js:
256         - updated these to expect an OutOfMemoryError.
257
258         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE-2.js: Added.
259         (Binary.prototype.emit_u8):
260         (Binary.prototype.emit_u32v):
261         (Binary.prototype.emit_header):
262         (Binary.prototype.emit_section):
263         (Binary):
264         (WasmModuleBuilder):
265         (WasmModuleBuilder.prototype.addMemory):
266         (WasmModuleBuilder.prototype.toArray):
267         (WasmModuleBuilder.prototype.toBuffer):
268         (WasmModuleBuilder.prototype.instantiate):
269         (catch):
270         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE.js: Added.
271         (catch):
272
273 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
274
275         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
276         https://bugs.webkit.org/show_bug.cgi?id=190836
277
278         Reviewed by Saam Barati and Yusuke Suzuki.
279
280         * stress/big-int-out-of-memory-tests.js: Added.
281
282 2018-11-20  Mark Lam  <mark.lam@apple.com>
283
284         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
285         https://bugs.webkit.org/show_bug.cgi?id=191856
286         <rdar://problem/46089992>
287
288         Reviewed by Yusuke Suzuki.
289
290         * stress/regress-191856.js: Added.
291         - this test is skipped for now until we have a fix for webkit.org/b/191855.
292
293 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
294
295         Enable JIT on ARM/Linux
296         https://bugs.webkit.org/show_bug.cgi?id=191548
297
298         Reviewed by Yusuke Suzuki.
299
300         Disable test on system with limited memory. Program was killed by
301         the OS before the exception was thrown.
302
303         * slowMicrobenchmarks/function-constructor-with-huge-strings.js:
304
305 2018-11-20  Saam barati  <sbarati@apple.com>
306
307         Merging an IC variant may lead to the IC status containing overlapping structure sets
308         https://bugs.webkit.org/show_bug.cgi?id=191869
309         <rdar://problem/45403453>
310
311         Reviewed by Mark Lam.
312
313         * stress/merging-ic-variants-should-bail-if-structures-overlap.js: Added.
314
315 2018-11-19  Mark Lam  <mark.lam@apple.com>
316
317         globalFuncImportModule() should return a promise when it clears exceptions.
318         https://bugs.webkit.org/show_bug.cgi?id=191792
319         <rdar://problem/46090763>
320
321         Reviewed by Michael Saboff.
322
323         * stress/global-import-function-should-return-a-promise-when-clearing-exceptions.js: Added.
324
325 2018-11-19  Guillaume Emont  <guijemont@igalia.com>
326
327         Skip new memory-hungry tests on memory limited devices
328
329         Unreviewed gardening.
330
331         * stress/big-wasm-memory-grow-no-max.js:
332         * stress/big-wasm-memory-grow.js:
333         * stress/big-wasm-memory.js:
334
335 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
336
337         Unreviewed, rolling in the rest of r237254
338         https://bugs.webkit.org/show_bug.cgi?id=190340
339
340         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
341         * stress/function-cache-with-parameters-end-position.js: Added.
342         (shouldBe):
343         (shouldThrow):
344         (i.anonymous):
345         * stress/function-constructor-name.js: Added.
346         (shouldBe):
347         (GeneratorFunction):
348         (AsyncFunction.async):
349         (AsyncGeneratorFunction.async):
350         (anonymous):
351         (async.anonymous):
352         * test262/expectations.yaml:
353
354 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
355
356         All users of ArrayBuffer should agree on the same max size
357         https://bugs.webkit.org/show_bug.cgi?id=191771
358
359         Reviewed by Mark Lam.
360
361         * stress/big-wasm-memory-grow-no-max.js: Added.
362         (foo):
363         (catch):
364         * stress/big-wasm-memory-grow.js: Added.
365         (foo):
366         (catch):
367         * stress/big-wasm-memory.js: Added.
368         (foo):
369         (catch):
370
371 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
372
373         Unreviewed, make some more tests not crash my computer by only running on instance of it. These tests do not need to
374         run for each JSC config since they're regression tests for runtime bugs.
375
376         * stress/json-stringified-overflow-2.js:
377         * stress/json-stringified-overflow.js:
378
379 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
380
381         Unreviewed, make some tests not crash my computer by only running on instance of it. These tests do not need to run for each JSC
382         config since they're regression tests for runtime bugs.
383
384         * stress/large-unshift-splice.js:
385         * stress/regress-185888.js:
386
387 2018-11-16  Saam Barati  <sbarati@apple.com>
388
389         KnownCellUse should also have SpecCellCheck as its type filter
390         https://bugs.webkit.org/show_bug.cgi?id=191729
391         <rdar://problem/45872852>
392
393         Reviewed by Filip Pizlo.
394
395         * stress/known-cell-type-check-should-allow-empty-value-to-flow-through.js: Added.
396         (C):
397
398 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
399
400         Fix assertion failure on BytecodeGenerator::recordOpcode
401         https://bugs.webkit.org/show_bug.cgi?id=191724
402         <rdar://problem/45724395>
403
404         Reviewed by Saam Barati.
405
406         * stress/regress-187373-2.js: Added.
407         (foo):
408
409 2018-11-15  Mark Lam  <mark.lam@apple.com>
410
411         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
412         https://bugs.webkit.org/show_bug.cgi?id=191730
413         <rdar://problem/46048517>
414
415         Reviewed by Saam Barati.
416
417         * stress/regress-187006.js: Removed.
418           - this test is invalid because its sole purpose is to test for the non-spec
419             compliant behavior that we just fixed.
420
421         * stress/regress-191730.js: Added.
422
423 2018-11-15  Mark Lam  <mark.lam@apple.com>
424
425         RegExp operations should not take fast patch if lastIndex is not numeric.
426         https://bugs.webkit.org/show_bug.cgi?id=191731
427         <rdar://problem/46017305>
428
429         Reviewed by Saam Barati.
430
431         * stress/regress-191731.js: Added.
432
433 2018-11-13  Saam Barati  <sbarati@apple.com>
434
435         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
436         https://bugs.webkit.org/show_bug.cgi?id=191600
437
438         Reviewed by Mark Lam.
439
440         * stress/type-profiler-log-should-defer-pending-exceptions.js: Added.
441         (foo):
442         (test):
443         (bar):
444
445 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
446
447         Unreviewed, rolling out r238132.
448
449         The test added with this change is timing out on Debug JSC
450         bots.
451
452         Reverted changeset:
453
454         "[BigInt] JSBigInt::createWithLength should throw when length
455         is greater than JSBigInt::maxLength"
456         https://bugs.webkit.org/show_bug.cgi?id=190836
457         https://trac.webkit.org/changeset/238132
458
459 2018-11-13  Mark Lam  <mark.lam@apple.com>
460
461         Add OOM detection to StringPrototype's substituteBackreferences().
462         https://bugs.webkit.org/show_bug.cgi?id=191563
463         <rdar://problem/45720428>
464
465         Reviewed by Saam Barati.
466
467         * stress/regress-191563.js: Added.
468
469 2018-11-13  Mark Lam  <mark.lam@apple.com>
470
471         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
472         https://bugs.webkit.org/show_bug.cgi?id=191579
473         <rdar://problem/45942472>
474
475         Reviewed by Saam Barati.
476
477         * stress/regress-191579.js: Added.
478
479 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
480
481         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
482         https://bugs.webkit.org/show_bug.cgi?id=190836
483
484         Reviewed by Saam Barati.
485
486         * stress/big-int-out-of-memory-tests.js: Added.
487
488 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
489
490         U+180E is no longer a whitespace character
491         https://bugs.webkit.org/show_bug.cgi?id=191415
492
493         Reviewed by Saam Barati.
494
495         * ChakraCore/test/es5/regexSpace.baseline:
496         * ChakraCore/test/es6/unicode_whitespace.js:
497         Update tests to latest version.
498         (See https://github.com/Microsoft/ChakraCore/commit/7c097b698de1e400286f9b957597b2a81fc6f80b.)
499
500         * test262.yaml:
501         * test262/config.yaml:
502         * test262/expectations.yaml:
503         Update expectations.
504
505 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
506
507         [BigInt] Add support to BigInt into ValueAdd
508         https://bugs.webkit.org/show_bug.cgi?id=186177
509
510         Reviewed by Keith Miller.
511
512         * stress/big-int-negate-jit.js:
513         * stress/value-add-big-int-and-string.js: Added.
514         * stress/value-add-big-int-prediction-propagation.js: Added.
515         * stress/value-add-big-int-untyped.js: Added.
516
517 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
518
519         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
520         https://bugs.webkit.org/show_bug.cgi?id=191184
521
522         Reviewed by Saam Barati.
523
524         Most tests were failing due to timeouts, since they are too slow to
525         run on CLoop. The exceptions are:
526
527         proxy-get-set-correct-receiver.js: Had to reduce the recursion depth not to overflow on CLoop
528         dont-crash-on-stack-overflow-when-parsing-builtin.js and
529         dont-crash-on-stack-overflow-when-parsing-default-constructor.js: had
530         to change the stack size since CLoop requires it to be page aligned.
531
532         * microbenchmarks/array-push-1.js:
533         * microbenchmarks/array-push-2.js:
534         * microbenchmarks/elidable-new-object-dag.js:
535         * microbenchmarks/elidable-new-object-roflcopter.js:
536         * microbenchmarks/elidable-new-object-tree.js:
537         * microbenchmarks/getter-richards.js:
538         * microbenchmarks/sinkable-new-object-dag.js:
539         * microbenchmarks/string-concat-long-convert.js:
540         * microbenchmarks/typed-array-get-set-by-val-profiling.js:
541         * slowMicrobenchmarks/array-push-3.js:
542         * slowMicrobenchmarks/large-map-iteration-with-additions.js:
543         * slowMicrobenchmarks/spread-small-array.js:
544         * slowMicrobenchmarks/undefined-property-access.js:
545         * stress/activation-sink-default-value-tdz-error.js:
546         * stress/activation-sink-default-value.js:
547         * stress/activation-sink-osrexit-default-value-tdz-error.js:
548         * stress/activation-sink-osrexit-default-value.js:
549         * stress/activation-sink-osrexit.js:
550         * stress/activation-sink.js:
551         * stress/allow-math-ic-b3-code-duplication.js:
552         * stress/array-push-multiple-int32.js:
553         * stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js:
554         * stress/arrowfunction-lexical-this-activation-sink-osrexit.js:
555         * stress/arrowfunction-lexical-this-activation-sink.js:
556         * stress/dont-crash-on-stack-overflow-when-parsing-builtin.js:
557         * stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js:
558         * stress/elide-new-object-dag-then-exit.js:
559         * stress/materialize-regexp-cyclic.js:
560         * stress/new-regex-inline.js:
561         * stress/op_add.js:
562         * stress/op_bitand.js:
563         * stress/op_bitor.js:
564         * stress/op_bitxor.js:
565         * stress/op_div-ConstVar.js:
566         * stress/op_div-VarConst.js:
567         * stress/op_div-VarVar.js:
568         * stress/op_lshift-ConstVar.js:
569         * stress/op_lshift-VarConst.js:
570         * stress/op_lshift-VarVar.js:
571         * stress/op_mod-ConstVar.js:
572         * stress/op_mod-VarConst.js:
573         * stress/op_mod-VarVar.js:
574         * stress/op_mul-ConstVar.js:
575         * stress/op_mul-VarConst.js:
576         * stress/op_mul-VarVar.js:
577         * stress/op_rshift-ConstVar.js:
578         * stress/op_rshift-VarConst.js:
579         * stress/op_rshift-VarVar.js:
580         * stress/op_sub-ConstVar.js:
581         * stress/op_sub-VarConst.js:
582         * stress/op_sub-VarVar.js:
583         * stress/op_urshift-ConstVar.js:
584         * stress/op_urshift-VarConst.js:
585         * stress/op_urshift-VarVar.js:
586         * stress/proxy-get-set-correct-receiver.js:
587         * stress/regress-179562.js:
588         * stress/rest-parameter-many-arguments.js:
589         * stress/sampling-profiler-richards.js:
590         * stress/splay-flash-access-1ms.js:
591         * stress/tailCallForwardArguments.js:
592         * stress/typed-array-get-by-val-profiling.js:
593         * typeProfiler/getter-richards.js:
594
595 2018-11-06  Michael Saboff  <msaboff@apple.com>
596
597         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
598         https://bugs.webkit.org/show_bug.cgi?id=191271
599
600         Reviewed by Saam Barati.
601
602         Added more test cases and made all test cases run with the same deeply recursive stack
603         instead of finding that same point for each test case.
604
605         * stress/regexp-compile-oom.js:
606         (prototype.runTest):
607         (recurseAndTest):
608         (testList.push.new.TestAndExpectedException):
609
610 2018-11-05  Michael Saboff  <msaboff@apple.com>
611
612         Unreviewed build fix for linux.
613
614         * stress/regexp-compile-oom.js: Disabled for non-darwin OSes.
615
616 2018-11-02  Michael Saboff  <msaboff@apple.com>
617
618         Rolling in r237753 with unreviewed build fix.
619
620         Fixed issues with DECLARE_THROW_SCOPE placement.
621
622 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
623
624         Unreviewed, rolling out r237753.
625
626         Introduced JSC test failures
627
628         Reverted changeset:
629
630         "Running out of stack space not properly handled in
631         RegExp::compile() and its callers"
632         https://bugs.webkit.org/show_bug.cgi?id=191206
633         https://trac.webkit.org/changeset/237753
634
635 2018-11-02  Michael Saboff  <msaboff@apple.com>
636
637         Running out of stack space not properly handled in RegExp::compile() and its callers
638         https://bugs.webkit.org/show_bug.cgi?id=191206
639
640         Reviewed by Filip Pizlo.
641
642         New regression test.
643
644         * stress/regexp-compile-oom.js: Added.
645         (recurseAndTest):
646
647 2018-11-01  Guillaume Emont  <guijemont@igalia.com>
648
649         Skip tests on arm/mips that time out now we're running on CLoop
650
651         Unreviewed gardening.
652
653         Since the JIT is temporarily disabled on 32-bit platforms, these tests
654         time out on the bots and need to be disabled. There's more tests
655         disabled on arm because the timeout is longer on the mips bot (as the
656         device is slower to start with), so many of the tests don't time out
657         there.
658
659         * microbenchmarks/getter-richards.js: disable on arm and mips.
660         * stress/op_add.js: disable on arm.
661         * stress/op_bitand.js: disable on arm.
662         * stress/op_bitor.js: disable on arm.
663         * stress/op_bitxor.js: disable on arm.
664         * stress/op_lshift-ConstVar.js: disable on arm.
665         * stress/op_lshift-VarConst.js: disable on arm.
666         * stress/op_lshift-VarVar.js: disable on arm.
667         * stress/op_mod-ConstVar.js: disable on arm.
668         * stress/op_mod-VarConst.js: disable on arm.
669         * stress/op_mod-VarVar.js: disable on arm.
670         * stress/op_mul-ConstVar.js: disable on arm.
671         * stress/op_mul-VarConst.js: disable on arm.
672         * stress/op_mul-VarVar.js: disable on arm.
673         * stress/op_rshift-ConstVar.js: disable on arm.
674         * stress/op_rshift-VarConst.js: disable on arm.
675         * stress/op_rshift-VarVar.js: disable on arm.
676         * stress/op_sub-ConstVar.js: disable on arm.
677         * stress/op_sub-VarConst.js: disable on arm.
678         * stress/op_sub-VarVar.js: disable on arm.
679         * stress/op_urshift-ConstVar.js: disable on arm.
680         * stress/op_urshift-VarConst.js: disable on arm.
681         * stress/op_urshift-VarVar.js: disable on arm.
682         * stress/spread-forward-call-varargs-stack-overflow.js: disable on arm.
683         * stress/value-to-boolean.js: disable on arm and mips.
684
685 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
686
687         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
688         https://bugs.webkit.org/show_bug.cgi?id=191108
689         <rdar://problem/45690700>
690
691         Reviewed by Saam Barati.
692
693         * stress/wide-op_catch.js: Added.
694         (catch):
695
696 2018-10-29  Mark Lam  <mark.lam@apple.com>
697
698         Correctly detect string overflow when using the 'Function' constructor.
699         https://bugs.webkit.org/show_bug.cgi?id=184883
700         <rdar://problem/36320331>
701
702         Reviewed by Saam Barati.
703
704         I've verified that this passes on 32-bit as well.
705
706         * slowMicrobenchmarks/function-constructor-with-huge-strings.js: Added.
707
708 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
709
710         Add support for GetStack FlushedDouble
711         https://bugs.webkit.org/show_bug.cgi?id=191012
712         <rdar://problem/45265141>
713
714         Reviewed by Saam Barati.
715
716         * stress/get-stack-double.js: Added.
717         (bar):
718         (noInline):
719
720 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
721
722         New bytecode format for JSC
723         https://bugs.webkit.org/show_bug.cgi?id=187373
724         <rdar://problem/44186758>
725
726         Reviewed by Filip Pizlo.
727
728         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
729
730         * stress/maximum-inline-capacity.js: Added.
731         (test1):
732         (test3.Foo):
733         (test3):
734
735 2018-10-26  Commit Queue  <commit-queue@webkit.org>
736
737         Unreviewed, rolling out r237479 and r237484.
738         https://bugs.webkit.org/show_bug.cgi?id=190978
739
740         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
741
742         Reverted changesets:
743
744         "New bytecode format for JSC"
745         https://bugs.webkit.org/show_bug.cgi?id=187373
746         https://trac.webkit.org/changeset/237479
747
748         "Gardening: Build fix after r237479."
749         https://bugs.webkit.org/show_bug.cgi?id=187373
750         https://trac.webkit.org/changeset/237484
751
752 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
753
754         New bytecode format for JSC
755         https://bugs.webkit.org/show_bug.cgi?id=187373
756         <rdar://problem/44186758>
757
758         Reviewed by Filip Pizlo.
759
760         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
761
762         * stress/maximum-inline-capacity.js: Added.
763         (test1):
764         (test3.Foo):
765         (test3):
766
767 2018-10-26  Mark Lam  <mark.lam@apple.com>
768
769         Fix missing edge cases with JSGlobalObjects having a bad time.
770         https://bugs.webkit.org/show_bug.cgi?id=189028
771         <rdar://problem/45204939>
772
773         Reviewed by Saam Barati.
774
775         * stress/regress-189028.js: Added.
776
777 2018-10-22  Mark Lam  <mark.lam@apple.com>
778
779         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
780         https://bugs.webkit.org/show_bug.cgi?id=190515
781         <rdar://problem/45222379>
782
783         Rubber-stamped by Saam Barati.
784
785         Adding another test.
786
787         * stress/regress-190515-2.js: Added.
788
789 2018-10-22  Mark Lam  <mark.lam@apple.com>
790
791         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
792         https://bugs.webkit.org/show_bug.cgi?id=190515
793         <rdar://problem/45222379>
794
795         Reviewed by Saam Barati.
796
797         * stress/regress-190515.js: Added.
798
799 2018-10-19  Commit Queue  <commit-queue@webkit.org>
800
801         Unreviewed, rolling out r237254.
802         https://bugs.webkit.org/show_bug.cgi?id=190760
803
804         "It regresses JetStream 2 by 5% on some iOS devices"
805         (Requested by saamyjoon on #webkit).
806
807         Reverted changeset:
808
809         "[JSC] JSC should have "parseFunction" to optimize Function
810         constructor"
811         https://bugs.webkit.org/show_bug.cgi?id=190340
812         https://trac.webkit.org/changeset/237254
813
814 2018-10-19  Saam Barati  <sbarati@apple.com>
815
816         vmCall should check if we exit before emitting an OSR exit due to exceptions
817         https://bugs.webkit.org/show_bug.cgi?id=190740
818         <rdar://problem/45220139>
819
820         Reviewed by Mark Lam.
821
822         * stress/dont-emit-osr-exits-for-every-call-ftl.js: Added.
823         (foo):
824
825 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
826
827         [ESNext][BigInt] Implement support for "^"
828         https://bugs.webkit.org/show_bug.cgi?id=186235
829
830         Reviewed by Yusuke Suzuki.
831
832         * stress/big-int-bitwise-xor-general.js: Added.
833         * stress/big-int-bitwise-xor-to-primitive-precedence.js: Added.
834         * stress/big-int-bitwise-xor-type-error.js: Added.
835         * stress/big-int-bitwise-xor-wrapped-value.js: Added.
836
837 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
838
839         [BigInt] Add ValueSub into DFG
840         https://bugs.webkit.org/show_bug.cgi?id=186176
841
842         Reviewed by Yusuke Suzuki.
843
844         * stress/big-int-subtraction-jit.js:
845         * stress/value-sub-big-int-prediction-propagation.js: Added.
846         * stress/value-sub-big-int-untyped.js: Added.
847         * stress/value-sub-spec-none-case.js: Added.
848
849 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
850
851         [JSC] JSC should have "parseFunction" to optimize Function constructor
852         https://bugs.webkit.org/show_bug.cgi?id=190340
853
854         Reviewed by Mark Lam.
855
856         This patch fixes the line number of syntax errors raised by the Function constructor,
857         since we now parse the final code only once. And we no longer use block statement
858         for Function constructor's parsing.
859
860         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
861         * stress/function-cache-with-parameters-end-position.js: Added.
862         (shouldBe):
863         (shouldThrow):
864         (i.anonymous):
865         * stress/function-constructor-name.js: Added.
866         (shouldBe):
867         (GeneratorFunction):
868         (AsyncFunction.async):
869         (AsyncGeneratorFunction.async):
870         (anonymous):
871         (async.anonymous):
872         * test262/expectations.yaml:
873
874 2018-10-18  Commit Queue  <commit-queue@webkit.org>
875
876         Unreviewed, rolling out r237242.
877         https://bugs.webkit.org/show_bug.cgi?id=190701
878
879         it breaks "stress/sampling-profiler-basic.js" (Requested by
880         caiolima on #webkit).
881
882         Reverted changeset:
883
884         "[BigInt] Add ValueSub into DFG"
885         https://bugs.webkit.org/show_bug.cgi?id=186176
886         https://trac.webkit.org/changeset/237242
887
888 2018-10-17  Keith Miller  <keith_miller@apple.com>
889
890         AI does not clear Phantom allocation nodes.
891         https://bugs.webkit.org/show_bug.cgi?id=190694
892
893         Reviewed by Saam Barati.
894
895         * stress/ftl-ai-filter-phantoms-should-clear-clear-value.js: Added.
896         (Day):
897         (DaysInYear):
898         (TimeInYear):
899         (TimeFromYear):
900         (DayFromYear):
901         (InLeapYear):
902         (YearFromTime):
903         (WeekDay):
904         (DaylightSavingTA):
905         (GetSecondSundayInMarch):
906         (TimeInMonth):
907
908 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
909
910         [BigInt] Add ValueSub into DFG
911         https://bugs.webkit.org/show_bug.cgi?id=186176
912
913         Reviewed by Yusuke Suzuki.
914
915         * stress/big-int-subtraction-jit.js:
916         * stress/value-sub-big-int-prediction-propagation.js: Added.
917         * stress/value-sub-big-int-untyped.js: Added.
918
919 2018-10-16  Dominik Infuehr  <dinfuehr@igalia.com>
920
921         [JSC] stress/array-prototype-concat-of-long-spliced-arrays2.js times out on arm and mips
922         https://bugs.webkit.org/show_bug.cgi?id=190611
923
924         Reviewed by Saam Barati.
925
926         Reduce array length just like in array-prototype-concat-of-long-spliced-arrays.js
927         to improve test runtime. On ARM/MIPS this test even timed out when running all
928         tests.
929
930         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
931         (test):
932
933 2018-10-15  Guillaume Emont  <guijemont@igalia.com>
934
935         Skip stress/array-prototype-concat-of-long-spliced-arrays2.js on arm and mips/linux
936
937         Unreviewed gardening.
938
939         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
940
941 2018-10-15  Saam barati  <sbarati@apple.com>
942
943         Emit fjcvtzs on ARM64E on Darwin
944         https://bugs.webkit.org/show_bug.cgi?id=184023
945
946         Reviewed by Yusuke Suzuki and Filip Pizlo.
947
948         * stress/double-to-int32-NaN.js: Added.
949         (assert):
950         (foo):
951
952 2018-10-15  Saam Barati  <sbarati@apple.com>
953
954         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
955         https://bugs.webkit.org/show_bug.cgi?id=190262
956         <rdar://problem/44986241>
957
958         Reviewed by Mark Lam.
959
960         * stress/array-prototype-concat-of-long-spliced-arrays.js:
961         (test):
962         * stress/slice-array-storage-with-holes.js: Added.
963         (main):
964
965 2018-10-15  Commit Queue  <commit-queue@webkit.org>
966
967         Unreviewed, rolling out r237054.
968         https://bugs.webkit.org/show_bug.cgi?id=190593
969
970         "this regressed JetStream 2 by 6% on iOS" (Requested by
971         saamyjoon on #webkit).
972
973         Reverted changeset:
974
975         "[JSC] JSC should have "parseFunction" to optimize Function
976         constructor"
977         https://bugs.webkit.org/show_bug.cgi?id=190340
978         https://trac.webkit.org/changeset/237054
979
980 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
981
982         [JSC] JSON.stringify can accept call-with-no-arguments
983         https://bugs.webkit.org/show_bug.cgi?id=190343
984
985         Reviewed by Mark Lam.
986
987         * stress/json-stringify-no-arguments.js: Added.
988         (shouldBe):
989
990 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
991
992         [JSC] JSC should have "parseFunction" to optimize Function constructor
993         https://bugs.webkit.org/show_bug.cgi?id=190340
994
995         Reviewed by Mark Lam.
996
997         This patch fixes the line number of syntax errors raised by the Function constructor,
998         since we now parse the final code only once. And we no longer use block statement
999         for Function constructor's parsing.
1000
1001         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1002         * stress/function-cache-with-parameters-end-position.js: Added.
1003         (shouldBe):
1004         (shouldThrow):
1005         (i.anonymous):
1006         * stress/function-constructor-name.js: Added.
1007         (shouldBe):
1008         (GeneratorFunction):
1009         (AsyncFunction.async):
1010         (AsyncGeneratorFunction.async):
1011         (anonymous):
1012         (async.anonymous):
1013         * test262/expectations.yaml:
1014
1015 2018-10-10  Guillaume Emont  <guijemont@igalia.com>
1016
1017         Skip JSC test stress/sampling-profiler-richards.js on armv7/linux
1018         https://bugs.webkit.org/show_bug.cgi?id=190426
1019
1020         Unreviewed gardening.
1021
1022         * stress/sampling-profiler-richards.js:
1023
1024 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
1025
1026         [ESNext][BigInt] Implement support for "|"
1027         https://bugs.webkit.org/show_bug.cgi?id=186229
1028
1029         Reviewed by Yusuke Suzuki.
1030
1031         * stress/big-int-bitwise-and-jit.js:
1032         * stress/big-int-bitwise-or-general.js: Added.
1033         * stress/big-int-bitwise-or-jit-untyped.js: Added.
1034         * stress/big-int-bitwise-or-jit.js: Added.
1035         * stress/big-int-bitwise-or-memory-stress.js: Added.
1036         * stress/big-int-bitwise-or-to-primitive-precedence.js: Added.
1037         * stress/big-int-bitwise-or-type-error.js: Added.
1038         * stress/big-int-bitwise-or-wrapped-value.js: Added.
1039
1040 2018-10-05  Dominik Infuehr  <dominik.infuehr@gmail.com>
1041
1042         Skip test on systems with limited memory
1043         https://bugs.webkit.org/show_bug.cgi?id=190310
1044
1045         Invoking runDefault adds test to runlist, skipping the test in the next
1046         line does not prevent the test from executing. Change order of lines such
1047         that runDefault is only executed if test is not executed.
1048
1049         Reviewed by Mark Lam.
1050
1051         * stress/regress-190187.js:
1052
1053 2018-10-03  Saam barati  <sbarati@apple.com>
1054
1055         lowXYZ in FTLLower should always filter the type of the incoming edge
1056         https://bugs.webkit.org/show_bug.cgi?id=189939
1057         <rdar://problem/44407030>
1058
1059         Reviewed by Michael Saboff.
1060
1061         * stress/ftl-should-always-filter-for-low-type-check-functions.js: Added.
1062         (foo):
1063         (test):
1064
1065 2018-10-03  Mark Lam  <mark.lam@apple.com>
1066
1067         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1068         https://bugs.webkit.org/show_bug.cgi?id=190187
1069         <rdar://problem/42512909>
1070
1071         Reviewed by Michael Saboff.
1072
1073         * stress/regress-190187.js: Added.
1074
1075 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1076
1077         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1078         https://bugs.webkit.org/show_bug.cgi?id=190033
1079
1080         Reviewed by Yusuke Suzuki.
1081
1082         * stress/big-int-to-string.js:
1083
1084 2018-10-01  Mark Lam  <mark.lam@apple.com>
1085
1086         Function.toString() should also copy the source code Functions that are class definitions.
1087         https://bugs.webkit.org/show_bug.cgi?id=190186
1088         <rdar://problem/44733360>
1089
1090         Reviewed by Saam Barati.
1091
1092         * stress/regress-190186.js: Added.
1093
1094 2018-10-01  Dominik Infuehr  <dinfuehr@igalia.com>
1095
1096         Split NaN-check into separate test
1097         https://bugs.webkit.org/show_bug.cgi?id=190010
1098
1099         Reviewed by Saam Barati.
1100
1101         DataView exposes NaN-representation, which is not necessarily the same on each
1102         architecture. Therefore move the check of the NaN-representation into its own
1103         file such that we can disable this test on MIPS where NaN-representation can be
1104         different on older CPUs.
1105
1106         * stress/dataview-jit-set-nan.js: Added.
1107         (assert):
1108         (test.storeLittleEndian):
1109         (test.storeBigEndian):
1110         (test.store):
1111         (test):
1112         * stress/dataview-jit-set.js:
1113         (test5):
1114
1115 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1116
1117         Unreviewed, rolling out r236647.
1118         https://bugs.webkit.org/show_bug.cgi?id=190124
1119
1120         Breaking test stress/big-int-to-string.js (Requested by
1121         caiolima_ on #webkit).
1122
1123         Reverted changeset:
1124
1125         "[BigInt] BigInt.proptotype.toString is broken when radix is
1126         power of 2"
1127         https://bugs.webkit.org/show_bug.cgi?id=190033
1128         https://trac.webkit.org/changeset/236647
1129
1130 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1131
1132         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1133         https://bugs.webkit.org/show_bug.cgi?id=190033
1134
1135         Reviewed by Yusuke Suzuki.
1136
1137         * stress/big-int-to-string.js:
1138
1139 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1140
1141         [ESNext][BigInt] Implement support for "&"
1142         https://bugs.webkit.org/show_bug.cgi?id=186228
1143
1144         Reviewed by Yusuke Suzuki.
1145
1146         * stress/big-int-bitwise-and-general.js: Added.
1147         (assert):
1148         (assert.sameValue):
1149         * stress/big-int-bitwise-and-jit.js: Added.
1150         (let.assert.sameValue):
1151         (bigIntBitAnd):
1152         * stress/big-int-bitwise-and-memory-stress.js: Added.
1153         (assert):
1154         * stress/big-int-bitwise-and-to-primitive-precedence.js: Added.
1155         (assert.sameValue):
1156         (let.o.Symbol.toPrimitive):
1157         (catch):
1158         * stress/big-int-bitwise-and-type-error.js: Added.
1159         (assert):
1160         (assertThrowTypeError):
1161         (let.o.valueOf):
1162         (o.valueOf):
1163         (o.toString):
1164         (o.Symbol.toPrimitive):
1165         * stress/big-int-bitwise-and-wrapped-value.js: Added.
1166         (assert.sameValue):
1167         (testBitAnd):
1168         (let.o.Symbol.toPrimitive):
1169         (o.valueOf):
1170         (o.toString):
1171
1172 2018-09-28  Ross Kirsling  <ross.kirsling@sony.com>
1173
1174         JSC test stress/jsc-read.js doesn't support CRLF
1175         https://bugs.webkit.org/show_bug.cgi?id=190063
1176
1177         Reviewed by Yusuke Suzuki.
1178
1179         In order to run this test via Windows command prompt, we can't assume that the final newline will be LF.
1180
1181         * stress/jsc-read.js:
1182         (test):
1183
1184 2018-09-27  Saam barati  <sbarati@apple.com>
1185
1186         Verify the contents of AssemblerBuffer on arm64e
1187         https://bugs.webkit.org/show_bug.cgi?id=190057
1188         <rdar://problem/38916630>
1189
1190         Reviewed by Mark Lam.
1191
1192         * stress/regress-189132.js:
1193
1194 2018-09-27  Dominik Infuehr  <dinfuehr@igalia.com>
1195
1196         Disable test without LLInt on ARMv7
1197         https://bugs.webkit.org/show_bug.cgi?id=190037
1198
1199         Reviewed by Mark Lam.
1200
1201         Test runs out of executable memory on ARMv7, do not run
1202         this test without LLInt enabled.
1203
1204         * stress/regress-169445.js:
1205
1206 2018-09-26  Keith Miller  <keith_miller@apple.com>
1207
1208         We should zero unused property storage when rebalancing array storage.
1209         https://bugs.webkit.org/show_bug.cgi?id=188151
1210
1211         Reviewed by Michael Saboff.
1212
1213         * stress/splice-should-zero-property-storage-when-rebalancing.js: Added.
1214
1215 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1216
1217         [JSC] Optimize Array#lastIndexOf
1218         https://bugs.webkit.org/show_bug.cgi?id=189780
1219
1220         Reviewed by Saam Barati.
1221
1222         * stress/array-lastindexof-array-prototype-trap.js: Added.
1223         (shouldBe):
1224         (AncestorArray.prototype.get 2):
1225         (AncestorArray):
1226         * stress/array-lastindexof-have-a-bad-time-c-runtime.js: Added.
1227         (shouldBe):
1228         * stress/array-lastindexof-hole-nan.js: Added.
1229         (shouldBe):
1230         (throw.new.Error):
1231         * stress/array-lastindexof-infinity.js: Added.
1232         (shouldBe):
1233         (throw.new.Error):
1234         * stress/array-lastindexof-negative-zero.js: Added.
1235         (shouldBe):
1236         (throw.new.Error):
1237         * stress/array-lastindexof-own-getter.js: Added.
1238         (shouldBe):
1239         (throw.new.Error.get array):
1240         (get array):
1241         * stress/array-lastindexof-prototype-trap.js: Added.
1242         (shouldBe):
1243         (DerivedArray.prototype.get 2):
1244         (DerivedArray):
1245
1246 2018-09-25  Saam Barati  <sbarati@apple.com>
1247
1248         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1249         https://bugs.webkit.org/show_bug.cgi?id=189940
1250         <rdar://problem/43640987>
1251
1252         Reviewed by Mark Lam.
1253
1254         * stress/use-baseline-codeblock-materialize-osr-exit.js: Added.
1255
1256 2018-09-24  Saam Barati  <sbarati@apple.com>
1257
1258         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1259         https://bugs.webkit.org/show_bug.cgi?id=189922
1260         <rdar://problem/44651275>
1261
1262         Reviewed by Mark Lam.
1263
1264         * stress/array-indexof-fast-path-effects.js: Added.
1265         * stress/array-indexof-cached-length.js: Added.
1266
1267 2018-09-24  Saam barati  <sbarati@apple.com>
1268
1269         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1270         https://bugs.webkit.org/show_bug.cgi?id=189682
1271         <rdar://problem/43557315>
1272
1273         Reviewed by Mark Lam.
1274
1275         * stress/arguments-elimination-will-generate-edge-without-result.js: Added.
1276         (foo):
1277
1278 2018-09-22  Saam barati  <sbarati@apple.com>
1279
1280         The sampling should not use Strong<CodeBlock> in its machineLocation field
1281         https://bugs.webkit.org/show_bug.cgi?id=189319
1282
1283         Reviewed by Filip Pizlo.
1284
1285         * stress/sampling-profiler-richards.js: Added.
1286
1287 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1288
1289         [JSC] Optimize Array#indexOf in C++ runtime
1290         https://bugs.webkit.org/show_bug.cgi?id=189507
1291
1292         Reviewed by Saam Barati.
1293
1294         * stress/array-indexof-array-prototype-trap.js: Added.
1295         (shouldBe):
1296         (AncestorArray.prototype.get 2):
1297         (AncestorArray):
1298         * stress/array-indexof-have-a-bad-time-c-runtime.js: Added.
1299         (shouldBe):
1300         * stress/array-indexof-hole-nan.js: Added.
1301         (shouldBe):
1302         (throw.new.Error):
1303         * stress/array-indexof-infinity.js: Added.
1304         (shouldBe):
1305         (throw.new.Error):
1306         * stress/array-indexof-negative-zero.js: Added.
1307         (shouldBe):
1308         (throw.new.Error):
1309         * stress/array-indexof-own-getter.js: Added.
1310         (shouldBe):
1311         (throw.new.Error.get array):
1312         (get array):
1313         * stress/array-indexof-prototype-trap.js: Added.
1314         (shouldBe):
1315         (DerivedArray.prototype.get 2):
1316         (DerivedArray):
1317
1318 2018-09-19  Saam barati  <sbarati@apple.com>
1319
1320         AI rule for MultiPutByOffset executes its effects in the wrong order
1321         https://bugs.webkit.org/show_bug.cgi?id=189757
1322         <rdar://problem/43535257>
1323
1324         Reviewed by Michael Saboff.
1325
1326         * stress/multi-put-by-offset-must-filter-value-before-filtering-base.js: Added.
1327         (foo):
1328         (Foo):
1329         (g):
1330
1331 2018-09-17  Mark Lam  <mark.lam@apple.com>
1332
1333         Ensure that ForInContexts are invalidated if their loop local is over-written.
1334         https://bugs.webkit.org/show_bug.cgi?id=189571
1335         <rdar://problem/44402277>
1336
1337         Reviewed by Saam Barati.
1338
1339         * stress/regress-189571.js: Added.
1340
1341 2018-09-17  Saam barati  <sbarati@apple.com>
1342
1343         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
1344         https://bugs.webkit.org/show_bug.cgi?id=189676
1345         <rdar://problem/39682897>
1346
1347         Reviewed by Michael Saboff.
1348
1349         * typeProfiler/check-structure-or-empty-in-fixup.js: Added.
1350         (A):
1351         (K):
1352         (i.catch):
1353
1354 2018-09-14  Saam barati  <sbarati@apple.com>
1355
1356         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1357         https://bugs.webkit.org/show_bug.cgi?id=189628
1358         <rdar://problem/39481690>
1359
1360         Reviewed by Mark Lam.
1361
1362         * stress/verbose-failure-dont-graph-dump-availability-already-freed.js: Added.
1363         (foo):
1364
1365 2018-09-11  Mark Lam  <mark.lam@apple.com>
1366
1367         Test for array initialization in arrayProtoFuncSplice.
1368         https://bugs.webkit.org/show_bug.cgi?id=170253
1369         <rdar://problem/31328773>
1370
1371         Rubber-stamped by Saam Barati.
1372
1373         * stress/regress-170253.js: Added.
1374
1375 2018-09-11  Mark Lam  <mark.lam@apple.com>
1376
1377         Test for IntlObject initialization.
1378         https://bugs.webkit.org/show_bug.cgi?id=170251
1379         <rdar://problem/31328419>
1380
1381         Rubber-stamped by Saam Barati.
1382
1383         * stress/regress-170251.js: Added.
1384
1385 2018-09-11  Mark Lam  <mark.lam@apple.com>
1386
1387         Test for array memcpy'ing when JSGlobalObject::haveABadTime.
1388         https://bugs.webkit.org/show_bug.cgi?id=169889
1389         <rdar://problem/31155607>
1390
1391         Reviewed by Saam Barati.
1392
1393         * stress/regress-169889-array-concat.js: Added.
1394         * stress/regress-169889-array-concat1.js: Added.
1395         * stress/regress-169889-array-slice.js: Added.
1396
1397 2018-09-11  Mark Lam  <mark.lam@apple.com>
1398
1399         Test for incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope.
1400         https://bugs.webkit.org/show_bug.cgi?id=169445
1401         <rdar://problem/30957435>
1402
1403         Reviewed by Saam Barati.
1404
1405         * stress/regress-169445.js: Added.
1406         (let.gun.eval.A):
1407         (let.gun.eval.B.C):
1408         (let.gun.eval.B.C.prototype.trigger):
1409         (let.gun.eval.B.C.prototype.triggerWithRestParameters):
1410         (let.gun.eval.B):
1411         (let.gun.eval):
1412
1413 == Rolled over to ChangeLog-2018-09-11 ==