Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
[WebKit-https.git] / JSTests / ChangeLog
1 2018-12-20  Mark Lam  <mark.lam@apple.com>
2
3         Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
4         https://bugs.webkit.org/show_bug.cgi?id=192939
5         <rdar://problem/46869516>
6
7         Reviewed by Keith Miller.
8
9         * stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js: Added.
10
11 2018-12-20  Tadeu Zagallo  <tzagallo@apple.com>
12
13         WTF::String and StringImpl overflow MaxLength
14         https://bugs.webkit.org/show_bug.cgi?id=192853
15         <rdar://problem/45726906>
16
17         Reviewed by Mark Lam.
18
19         * stress/string-16bit-repeat-overflow.js: Added.
20         (catch):
21
22 2018-12-19  Ross Kirsling  <ross.kirsling@sony.com>
23
24         Unreviewed follow-up to r192914.
25
26         * test262/expectations.yaml:
27         Add the last 20 missing expectations.
28
29 2018-12-19  Keith Miller  <keith_miller@apple.com>
30
31         Fix test262 expectations
32         https://bugs.webkit.org/show_bug.cgi?id=192914
33
34         Unreviewed, when I imported the latest round of test262 tests I must have failed to update the test expectations.
35
36         * test262/expectations.yaml:
37
38 2018-12-19  Keith Miller  <keith_miller@apple.com>
39
40         Update test262 tests.
41         https://bugs.webkit.org/show_bug.cgi?id=192907
42
43         Rubber stamped by Mark Lam.
44
45         * test262/*: Omitted because prepare-changelog crashes.
46
47 2018-12-19  Mark Lam  <mark.lam@apple.com>
48
49         JSPropertyNameEnumerator should cache the iterated object's structure only after getting its property names.
50         https://bugs.webkit.org/show_bug.cgi?id=192464
51         <rdar://problem/46519455>
52
53         Reviewed by Saam Barati.
54
55         This patch is about a 10% speed up on the new for-in-on-object-with-lazily-materialized-properties.js
56         microbenchmark.
57
58         * microbenchmarks/for-in-on-object-with-lazily-materialized-properties.js: Added.
59         * stress/property-name-enumerator-should-cache-structure-after-getting-property-names.js: Added.
60
61 2018-12-19  Tadeu Zagallo  <tzagallo@apple.com>
62
63         String overflow in JSC::createError results in ASSERT in WTF::makeString
64         https://bugs.webkit.org/show_bug.cgi?id=192833
65         <rdar://problem/45706868>
66
67         Reviewed by Mark Lam.
68
69         * stress/string-overflow-createError.js: Added.
70
71 2018-12-18  Ross Kirsling  <ross.kirsling@sony.com>
72
73         Error message for `-x ** y` contains a typo.
74         https://bugs.webkit.org/show_bug.cgi?id=192832
75
76         Reviewed by Saam Barati.
77
78         * ChakraCore/test/UnitTestFramework/UnitTestFramework.js:
79         (assert.assert.return.throws):
80         * stress/pow-expects-update-expression-on-lhs.js:
81         (throw.new.Error):
82         Update test expectations which match against the exact error message.
83
84 2018-12-18  Mark Lam  <mark.lam@apple.com>
85
86         Gardening: test options fix.
87         https://bugs.webkit.org/show_bug.cgi?id=192822
88
89         Unreviewed.
90
91         * stress/json-stringify-string-builder-overflow.js:
92
93 2018-12-18  Mark Lam  <mark.lam@apple.com>
94
95         JSON.stringify() should throw OOM on StringBuilder overflows.
96         https://bugs.webkit.org/show_bug.cgi?id=192822
97         <rdar://problem/46670577>
98
99         Reviewed by Saam Barati.
100
101         * stress/json-stringify-string-builder-overflow.js: Added.
102
103 2018-12-18  Ross Kirsling  <ross.kirsling@sony.com>
104
105         Redeclaration of var over let/const/class should be a syntax error.
106         https://bugs.webkit.org/show_bug.cgi?id=192298
107
108         Reviewed by Keith Miller.
109
110         * test262.yaml:
111         * test262/expectations.yaml:
112         Mark 46 tests as passing.
113
114         * stress/block-scope-redeclarations.js:
115         Add some new tests.
116
117         * stress/for-in-invalidate-context-weird-assignments.js:
118         * stress/for-in-tests.js:
119         Replace tests for outdated behavior with tests for SyntaxError.
120
121         * ChakraCore/test/LetConst/defer3.baseline-jsc:
122         * ChakraCore/test/LetConst/letvar.baseline-jsc:
123         Update expectations.
124
125 2018-12-18  Mark Lam  <mark.lam@apple.com>
126
127         Skip the stress/elidable-new-object-roflcopter-then-exit.js test on 32-bit.
128         https://bugs.webkit.org/show_bug.cgi?id=191374
129         <rdar://problem/46525447>
130
131         Reviewed by Yusuke Suzuki.
132
133         This test runs too slow on 32-bit, and is not relevant for non-JIT builds.
134
135         * stress/elidable-new-object-roflcopter-then-exit.js:
136
137 2018-12-17  Mark Lam  <mark.lam@apple.com>
138
139         Skip the stress/materialized-regexp-has-correct-last-index-set-by-match.js test on 32-bit.
140         https://bugs.webkit.org/show_bug.cgi?id=192019
141         <rdar://problem/46525456>
142
143         Reviewed by Yusuke Suzuki.
144
145         The test runs too slow on 32-bit.
146
147         * stress/materialized-regexp-has-correct-last-index-set-by-match.js:
148
149 2018-12-17  Mark Lam  <mark.lam@apple.com>
150
151         Skip the stress/materialize-regexp-cyclic-regexp.js test on 32-bit.
152         https://bugs.webkit.org/show_bug.cgi?id=191373
153         <rdar://problem/46525458>
154
155         Reviewed by Yusuke Suzuki.
156
157         The test is already slow running with a JIT on 64-bit.  It will always timeout
158         on 32-bit without a JIT.
159
160         * stress/materialize-regexp-cyclic-regexp.js:
161
162 2018-12-17  Mark Lam  <mark.lam@apple.com>
163
164         Array unshift/shift should not race against the AI in the compiler thread.
165         https://bugs.webkit.org/show_bug.cgi?id=192795
166         <rdar://problem/46724263>
167
168         Reviewed by Saam Barati.
169
170         * stress/array-unshift-should-not-race-against-compiler-thread.js: Added.
171
172 2018-12-16  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
173
174         [JSC] Optimize Object.keys by caching own keys results in StructureRareData
175         https://bugs.webkit.org/show_bug.cgi?id=190047
176
177         Reviewed by Saam Barati.
178
179         * stress/object-keys-cached-zero.js: Added.
180         (shouldBe):
181         (test):
182         * stress/object-keys-changed-attribute.js: Added.
183         (shouldBe):
184         (test):
185         * stress/object-keys-changed-index.js: Added.
186         (shouldBe):
187         (test):
188         * stress/object-keys-changed.js: Added.
189         (shouldBe):
190         (test):
191         * stress/object-keys-indexed-non-cache.js: Added.
192         (shouldBe):
193         (test):
194         * stress/object-keys-overrides-get-property-names.js: Added.
195         (shouldBe):
196         (test):
197         (noInline):
198
199 2018-12-17  Mark Lam  <mark.lam@apple.com>
200
201         SamplingProfiler's isValidFramePointer() should reject address at stack origin.
202         https://bugs.webkit.org/show_bug.cgi?id=192779
203         <rdar://problem/46775869>
204
205         Reviewed by Saam Barati.
206
207         * stress/sampling-profiler-should-not-sample-beyond-stack-bounds.js: Added.
208
209 2018-12-17  Ryan Haddad  <ryanhaddad@apple.com>
210
211         Unreviewed test gardening, address a syntax error in a new test.
212
213         * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js:
214
215 2018-12-17  Mark Lam  <mark.lam@apple.com>
216
217         Suppress ASAN on valid stack accesses in Probe-based OSRExit::executeOSRExit().
218         https://bugs.webkit.org/show_bug.cgi?id=192776
219         <rdar://problem/46772368>
220
221         Reviewed by Keith Miller.
222
223         * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js: Added.
224
225 2018-12-17  Mark Lam  <mark.lam@apple.com>
226
227         Fix stale assertion in attemptToForceStringArrayModeByToStringConversion().
228         https://bugs.webkit.org/show_bug.cgi?id=192770
229         <rdar://problem/46449037>
230
231         Reviewed by Keith Miller.
232
233         * stress/force-string-arrayMode-on-originalNonArray-array-class.js: Added.
234
235 2018-12-14  Mark Lam  <mark.lam@apple.com>
236
237         CallFrame::convertToStackOverflowFrame() needs to keep the top CodeBlock alive.
238         https://bugs.webkit.org/show_bug.cgi?id=192717
239         <rdar://problem/46660677>
240
241         Reviewed by Saam Barati.
242
243         * stress/regress-192717.js: Added.
244
245 2018-12-14  Commit Queue  <commit-queue@webkit.org>
246
247         Unreviewed, rolling out r239153, r239154, and r239155.
248         https://bugs.webkit.org/show_bug.cgi?id=192715
249
250         Caused flaky GC-related crashes seen with layout tests
251         (Requested by ryanhaddad on #webkit).
252
253         Reverted changesets:
254
255         "[JSC] Optimize Object.keys by caching own keys results in
256         StructureRareData"
257         https://bugs.webkit.org/show_bug.cgi?id=190047
258         https://trac.webkit.org/changeset/239153
259
260         "Unreviewed, build fix after r239153"
261         https://bugs.webkit.org/show_bug.cgi?id=190047
262         https://trac.webkit.org/changeset/239154
263
264         "Unreviewed, build fix after r239153, part 2"
265         https://bugs.webkit.org/show_bug.cgi?id=190047
266         https://trac.webkit.org/changeset/239155
267
268 2018-12-14  Keith Miller  <keith_miller@apple.com>
269
270         Callers of JSString::getIndex should check for OOM exceptions
271         https://bugs.webkit.org/show_bug.cgi?id=192709
272
273         Reviewed by Mark Lam.
274
275         * stress/StringObject-define-length-getter-rope-string-oom.js: Added.
276
277 2018-12-13  Mark Lam  <mark.lam@apple.com>
278
279         Add a missing exception check.
280         https://bugs.webkit.org/show_bug.cgi?id=192626
281         <rdar://problem/46662163>
282
283         Reviewed by Keith Miller.
284
285         * stress/regress-192626.js: Added.
286
287 2018-12-13  Caio Lima  <ticaiolima@gmail.com>
288
289         [BigInt] Add ValueDiv into DFG
290         https://bugs.webkit.org/show_bug.cgi?id=186178
291
292         Reviewed by Yusuke Suzuki.
293
294         * stress/big-int-div-jit-osr.js: Added.
295         * stress/big-int-div-jit-untyped.js: Added.
296         * stress/value-div-fixup-int32-big-int.js: Added.
297
298 2018-12-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
299
300         [JSC] Optimize Object.keys by caching own keys results in StructureRareData
301         https://bugs.webkit.org/show_bug.cgi?id=190047
302
303         Reviewed by Keith Miller.
304
305         * stress/object-keys-cached-zero.js: Added.
306         (shouldBe):
307         (test):
308         * stress/object-keys-changed-attribute.js: Added.
309         (shouldBe):
310         (test):
311         * stress/object-keys-changed-index.js: Added.
312         (shouldBe):
313         (test):
314         * stress/object-keys-changed.js: Added.
315         (shouldBe):
316         (test):
317         * stress/object-keys-indexed-non-cache.js: Added.
318         (shouldBe):
319         (test):
320         * stress/object-keys-overrides-get-property-names.js: Added.
321         (shouldBe):
322         (test):
323         (noInline):
324
325 2018-12-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
326
327         [DFG][FTL] Add NewSymbol
328         https://bugs.webkit.org/show_bug.cgi?id=192620
329
330         Reviewed by Saam Barati.
331
332         * microbenchmarks/symbol-creation.js: Added.
333         (test):
334         * stress/symbol-description-identity.js: Added.
335         (shouldBe):
336         (test):
337         * stress/symbol-identity.js: Added.
338         (shouldBe):
339         (test):
340         * stress/symbol-with-description-throw-error.js: Added.
341         (shouldBe):
342         (shouldThrow):
343         (test):
344         (object.toString):
345
346 2018-12-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
347
348         [BigInt] Implement DFG/FTL typeof for BigInt
349         https://bugs.webkit.org/show_bug.cgi?id=192619
350
351         Reviewed by Keith Miller.
352
353         * stress/big-int-boolean-proven-type.js: Added.
354         (assert):
355         (bool):
356         * stress/big-int-type-of-proven-type-non-constant-including-symbol.js: Added.
357         (assert):
358         (typeOf):
359         (i.switch):
360         * stress/big-int-type-of-proven-type-non-constant.js: Added.
361         (assert):
362         (typeOf):
363         * stress/big-int-type-of.js:
364         (typeOf):
365         (func):
366
367 2018-12-10  Mark Lam  <mark.lam@apple.com>
368
369         PropertyAttribute needs a CustomValue bit.
370         https://bugs.webkit.org/show_bug.cgi?id=191993
371         <rdar://problem/46264467>
372
373         Reviewed by Saam Barati.
374
375         * stress/regress-191993.js: Added.
376
377 2018-12-10  Caio Lima  <ticaiolima@gmail.com>
378
379         [BigInt] Add ValueMul into DFG
380         https://bugs.webkit.org/show_bug.cgi?id=186175
381
382         Reviewed by Yusuke Suzuki.
383
384         * stress/big-int-mul-jit-osr.js: Added.
385         * stress/big-int-mul-jit-untyped.js: Added.
386         * stress/value-mul-fixup-int32-big-int.js: Added.
387
388 2018-12-06  Keith Miller  <keith_miller@apple.com>
389
390         stress/big-wasm-memory tests failing on 32-bit JSC bot
391         https://bugs.webkit.org/show_bug.cgi?id=192020
392
393         Reviewed by Saam Barati.
394
395         Not every platform has WebAssembly, e.g. 32-bit, so we should exit
396         the wasm stress tests if the WebAssembly object does not exist.
397
398         * stress/big-wasm-memory-grow-no-max.js:
399         (test.foo):
400         (test):
401         (foo): Deleted.
402         (catch): Deleted.
403         * stress/big-wasm-memory-grow.js:
404         (test.foo):
405         (test):
406         (foo): Deleted.
407         (catch): Deleted.
408         * stress/big-wasm-memory.js:
409         (test.foo):
410         (test):
411         (foo): Deleted.
412         (catch): Deleted.
413
414 2018-12-05  Mark Lam  <mark.lam@apple.com>
415
416         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
417         https://bugs.webkit.org/show_bug.cgi?id=192441
418         <rdar://problem/46480355>
419
420         Reviewed by Saam Barati.
421
422         * stress/regress-192441.js: Added.
423
424 2018-12-04  Mark Lam  <mark.lam@apple.com>
425
426         DFG's StrengthReduction phase should not reduce Construct into DirectContruct when the executable does not have constructAbility.
427         https://bugs.webkit.org/show_bug.cgi?id=192386
428         <rdar://problem/46445516>
429
430         Reviewed by Saam Barati.
431
432         * stress/regress-192386.js: Added.
433
434 2018-12-04  Caio Lima  <ticaiolima@gmail.com>
435
436         [ESNext][BigInt] Support logic operations
437         https://bugs.webkit.org/show_bug.cgi?id=179903
438
439         Reviewed by Yusuke Suzuki.
440
441         * stress/big-int-branch-usage.js: Added.
442         * stress/big-int-logical-and.js: Added.
443         * stress/big-int-logical-not.js: Added.
444         * stress/big-int-logical-or.js: Added.
445
446 2018-12-03  Ryan Haddad  <ryanhaddad@apple.com>
447
448         Unreviewed, rolling out r238833.
449
450         Breaks macOS and iOS debug builds.
451
452         Reverted changeset:
453
454         "[ESNext][BigInt] Support logic operations"
455         https://bugs.webkit.org/show_bug.cgi?id=179903
456         https://trac.webkit.org/changeset/238833
457
458 2018-12-03  Caio Lima  <ticaiolima@gmail.com>
459
460         [ESNext][BigInt] Support logic operations
461         https://bugs.webkit.org/show_bug.cgi?id=179903
462
463         Reviewed by Yusuke Suzuki.
464
465         * stress/big-int-branch-usage.js: Added.
466         * stress/big-int-logical-and.js: Added.
467         * stress/big-int-logical-not.js: Added.
468         * stress/big-int-logical-or.js: Added.
469
470 2018-12-02  Caio Lima  <ticaiolima@gmail.com>
471
472         [ESNext][BigInt] Implement support for "<<" and ">>"
473         https://bugs.webkit.org/show_bug.cgi?id=186233
474
475         Reviewed by Yusuke Suzuki.
476
477         * stress/big-int-left-shift-general.js: Added.
478         * stress/big-int-left-shift-range-error.js: Added.
479         * stress/big-int-left-shift-type-error.js: Added.
480         * stress/big-int-left-shift-wrapped-value.js: Added.
481         * stress/big-int-right-shift-general.js: Added.
482         * stress/big-int-right-shift-type-error.js: Added.
483         * stress/big-int-right-shift-wrapped-value.js: Added.
484         * stress/left-shift-to-primitive-precedence.js: Added.
485         * stress/right-shift-to-primitive-precedence.js: Added.
486
487 2018-11-30  Dean Jackson  <dino@apple.com>
488
489         Add first-class support for .mjs files in jsc binary
490         https://bugs.webkit.org/show_bug.cgi?id=192190
491         <rdar://problem/46375715>
492
493         Reviewed by Keith Miller.
494
495         * stress/simple-module.mjs: Added.
496         * stress/simple-script.js: Added.
497
498 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
499
500         [BigInt] Implement ValueBitXor into DFG
501         https://bugs.webkit.org/show_bug.cgi?id=190264
502
503         Reviewed by Yusuke Suzuki.
504
505         * stress/big-int-bitwise-xor-jit.js: Added.
506         * stress/big-int-bitwise-xor-memory-stress.js: Added.
507         * stress/big-int-bitwise-xor-untyped.js: Added.
508
509 2018-11-27  Saam barati  <sbarati@apple.com>
510
511         r238510 broke scopes of size zero
512         https://bugs.webkit.org/show_bug.cgi?id=192033
513         <rdar://problem/46281734>
514
515         Reviewed by Keith Miller.
516
517         * stress/r238510-bad-loop.js: Added.
518         (foo):
519
520 2018-11-27  Mark Lam  <mark.lam@apple.com>
521
522         [Re-landing] NaNs read from Wasm code needs to be be purified.
523         https://bugs.webkit.org/show_bug.cgi?id=191056
524         <rdar://problem/45660341>
525
526         Reviewed by Filip Pizlo.
527
528         * wasm/regress/regress-191056.js: Added.
529
530 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
531
532         Unreviewed, rolling out r238509.
533
534         Causes JSC tests to fail on iOS.
535
536         Reverted changeset:
537
538         "NaNs read from Wasm code needs to be be purified."
539         https://bugs.webkit.org/show_bug.cgi?id=191056
540         https://trac.webkit.org/changeset/238509
541
542 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
543
544         Re-introduce op_bitnot
545         https://bugs.webkit.org/show_bug.cgi?id=190923
546
547         Reviewed by Yusuke Suzuki.
548
549         * stress/bit-not-must-generate.js: Added.
550         * stress/bitwise-not-no-int32.js: Added.
551
552 2018-11-26  Saam barati  <sbarati@apple.com>
553
554         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
555         https://bugs.webkit.org/show_bug.cgi?id=191956
556         <rdar://problem/45665806>
557
558         Reviewed by Yusuke Suzuki.
559
560         * stress/end-basic-block-set-local-should-filter-type.js: Added.
561         (bar):
562         (foo):
563
564 2018-11-26  Saam barati  <sbarati@apple.com>
565
566         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
567         https://bugs.webkit.org/show_bug.cgi?id=191958
568         <rdar://problem/46221877>
569
570         Reviewed by Yusuke Suzuki.
571
572         * stress/object-allocation-sinking-phase-needs-to-write-to-each-scope-offset.js: Added.
573         (x):
574         (foo):
575
576 2018-11-26  Mark Lam  <mark.lam@apple.com>
577
578         NaNs read from Wasm code needs to be be purified.
579         https://bugs.webkit.org/show_bug.cgi?id=191056
580         <rdar://problem/45660341>
581
582         Reviewed by Filip Pizlo.
583
584         * wasm/regress/regress-191056.js: Added.
585
586 2018-11-26  Michael Saboff  <msaboff@apple.com>
587
588         32-bit JSC test failure: stress/regexp-compile-oom.js
589         https://bugs.webkit.org/show_bug.cgi?id=191375
590
591         Reviewed by Mark Lam.
592
593         Disabled the test for 32 bit platforms.
594
595         * stress/regexp-compile-oom.js:
596
597 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
598
599         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
600         https://bugs.webkit.org/show_bug.cgi?id=191716
601         <rdar://problem/45723878>
602
603         Reviewed by Saam Barati.
604
605         * stress/regress-187373.js: Added.
606         (async.fn):
607
608 2018-11-21  Saam barati  <sbarati@apple.com>
609
610         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
611         https://bugs.webkit.org/show_bug.cgi?id=191897
612         <rdar://problem/45871998>
613
614         Reviewed by Mark Lam.
615
616         * stress/exitok-is-not-the-same-as-mayExit.js: Added.
617         (bar):
618         (foo):
619
620 2018-11-21  Saam barati  <sbarati@apple.com>
621
622         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
623         https://bugs.webkit.org/show_bug.cgi?id=191895
624         <rdar://problem/46167406>
625
626         Reviewed by Mark Lam.
627
628         * stress/known-cell-use-needs-type-check-assertion.js: Added.
629         (foo):
630         (bar):
631
632 2018-11-21  Mark Lam  <mark.lam@apple.com>
633
634         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
635         https://bugs.webkit.org/show_bug.cgi?id=191776
636         <rdar://problem/46152851>
637
638         Reviewed by Saam Barati.
639
640         * stress/big-wasm-memory-grow-no-max.js:
641         * stress/big-wasm-memory-grow.js:
642         * stress/big-wasm-memory.js:
643         - updated these to expect an OutOfMemoryError.
644
645         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE-2.js: Added.
646         (Binary.prototype.emit_u8):
647         (Binary.prototype.emit_u32v):
648         (Binary.prototype.emit_header):
649         (Binary.prototype.emit_section):
650         (Binary):
651         (WasmModuleBuilder):
652         (WasmModuleBuilder.prototype.addMemory):
653         (WasmModuleBuilder.prototype.toArray):
654         (WasmModuleBuilder.prototype.toBuffer):
655         (WasmModuleBuilder.prototype.instantiate):
656         (catch):
657         * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE.js: Added.
658         (catch):
659
660 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
661
662         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
663         https://bugs.webkit.org/show_bug.cgi?id=190836
664
665         Reviewed by Saam Barati and Yusuke Suzuki.
666
667         * stress/big-int-out-of-memory-tests.js: Added.
668
669 2018-11-20  Mark Lam  <mark.lam@apple.com>
670
671         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
672         https://bugs.webkit.org/show_bug.cgi?id=191856
673         <rdar://problem/46089992>
674
675         Reviewed by Yusuke Suzuki.
676
677         * stress/regress-191856.js: Added.
678         - this test is skipped for now until we have a fix for webkit.org/b/191855.
679
680 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
681
682         Enable JIT on ARM/Linux
683         https://bugs.webkit.org/show_bug.cgi?id=191548
684
685         Reviewed by Yusuke Suzuki.
686
687         Disable test on system with limited memory. Program was killed by
688         the OS before the exception was thrown.
689
690         * slowMicrobenchmarks/function-constructor-with-huge-strings.js:
691
692 2018-11-20  Saam barati  <sbarati@apple.com>
693
694         Merging an IC variant may lead to the IC status containing overlapping structure sets
695         https://bugs.webkit.org/show_bug.cgi?id=191869
696         <rdar://problem/45403453>
697
698         Reviewed by Mark Lam.
699
700         * stress/merging-ic-variants-should-bail-if-structures-overlap.js: Added.
701
702 2018-11-19  Mark Lam  <mark.lam@apple.com>
703
704         globalFuncImportModule() should return a promise when it clears exceptions.
705         https://bugs.webkit.org/show_bug.cgi?id=191792
706         <rdar://problem/46090763>
707
708         Reviewed by Michael Saboff.
709
710         * stress/global-import-function-should-return-a-promise-when-clearing-exceptions.js: Added.
711
712 2018-11-19  Guillaume Emont  <guijemont@igalia.com>
713
714         Skip new memory-hungry tests on memory limited devices
715
716         Unreviewed gardening.
717
718         * stress/big-wasm-memory-grow-no-max.js:
719         * stress/big-wasm-memory-grow.js:
720         * stress/big-wasm-memory.js:
721
722 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
723
724         Unreviewed, rolling in the rest of r237254
725         https://bugs.webkit.org/show_bug.cgi?id=190340
726
727         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
728         * stress/function-cache-with-parameters-end-position.js: Added.
729         (shouldBe):
730         (shouldThrow):
731         (i.anonymous):
732         * stress/function-constructor-name.js: Added.
733         (shouldBe):
734         (GeneratorFunction):
735         (AsyncFunction.async):
736         (AsyncGeneratorFunction.async):
737         (anonymous):
738         (async.anonymous):
739         * test262/expectations.yaml:
740
741 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
742
743         All users of ArrayBuffer should agree on the same max size
744         https://bugs.webkit.org/show_bug.cgi?id=191771
745
746         Reviewed by Mark Lam.
747
748         * stress/big-wasm-memory-grow-no-max.js: Added.
749         (foo):
750         (catch):
751         * stress/big-wasm-memory-grow.js: Added.
752         (foo):
753         (catch):
754         * stress/big-wasm-memory.js: Added.
755         (foo):
756         (catch):
757
758 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
759
760         Unreviewed, make some more tests not crash my computer by only running on instance of it. These tests do not need to
761         run for each JSC config since they're regression tests for runtime bugs.
762
763         * stress/json-stringified-overflow-2.js:
764         * stress/json-stringified-overflow.js:
765
766 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
767
768         Unreviewed, make some tests not crash my computer by only running on instance of it. These tests do not need to run for each JSC
769         config since they're regression tests for runtime bugs.
770
771         * stress/large-unshift-splice.js:
772         * stress/regress-185888.js:
773
774 2018-11-16  Saam Barati  <sbarati@apple.com>
775
776         KnownCellUse should also have SpecCellCheck as its type filter
777         https://bugs.webkit.org/show_bug.cgi?id=191729
778         <rdar://problem/45872852>
779
780         Reviewed by Filip Pizlo.
781
782         * stress/known-cell-type-check-should-allow-empty-value-to-flow-through.js: Added.
783         (C):
784
785 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
786
787         Fix assertion failure on BytecodeGenerator::recordOpcode
788         https://bugs.webkit.org/show_bug.cgi?id=191724
789         <rdar://problem/45724395>
790
791         Reviewed by Saam Barati.
792
793         * stress/regress-187373-2.js: Added.
794         (foo):
795
796 2018-11-15  Mark Lam  <mark.lam@apple.com>
797
798         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
799         https://bugs.webkit.org/show_bug.cgi?id=191730
800         <rdar://problem/46048517>
801
802         Reviewed by Saam Barati.
803
804         * stress/regress-187006.js: Removed.
805           - this test is invalid because its sole purpose is to test for the non-spec
806             compliant behavior that we just fixed.
807
808         * stress/regress-191730.js: Added.
809
810 2018-11-15  Mark Lam  <mark.lam@apple.com>
811
812         RegExp operations should not take fast patch if lastIndex is not numeric.
813         https://bugs.webkit.org/show_bug.cgi?id=191731
814         <rdar://problem/46017305>
815
816         Reviewed by Saam Barati.
817
818         * stress/regress-191731.js: Added.
819
820 2018-11-13  Saam Barati  <sbarati@apple.com>
821
822         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
823         https://bugs.webkit.org/show_bug.cgi?id=191600
824
825         Reviewed by Mark Lam.
826
827         * stress/type-profiler-log-should-defer-pending-exceptions.js: Added.
828         (foo):
829         (test):
830         (bar):
831
832 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
833
834         Unreviewed, rolling out r238132.
835
836         The test added with this change is timing out on Debug JSC
837         bots.
838
839         Reverted changeset:
840
841         "[BigInt] JSBigInt::createWithLength should throw when length
842         is greater than JSBigInt::maxLength"
843         https://bugs.webkit.org/show_bug.cgi?id=190836
844         https://trac.webkit.org/changeset/238132
845
846 2018-11-13  Mark Lam  <mark.lam@apple.com>
847
848         Add OOM detection to StringPrototype's substituteBackreferences().
849         https://bugs.webkit.org/show_bug.cgi?id=191563
850         <rdar://problem/45720428>
851
852         Reviewed by Saam Barati.
853
854         * stress/regress-191563.js: Added.
855
856 2018-11-13  Mark Lam  <mark.lam@apple.com>
857
858         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
859         https://bugs.webkit.org/show_bug.cgi?id=191579
860         <rdar://problem/45942472>
861
862         Reviewed by Saam Barati.
863
864         * stress/regress-191579.js: Added.
865
866 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
867
868         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
869         https://bugs.webkit.org/show_bug.cgi?id=190836
870
871         Reviewed by Saam Barati.
872
873         * stress/big-int-out-of-memory-tests.js: Added.
874
875 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
876
877         U+180E is no longer a whitespace character
878         https://bugs.webkit.org/show_bug.cgi?id=191415
879
880         Reviewed by Saam Barati.
881
882         * ChakraCore/test/es5/regexSpace.baseline:
883         * ChakraCore/test/es6/unicode_whitespace.js:
884         Update tests to latest version.
885         (See https://github.com/Microsoft/ChakraCore/commit/7c097b698de1e400286f9b957597b2a81fc6f80b.)
886
887         * test262.yaml:
888         * test262/config.yaml:
889         * test262/expectations.yaml:
890         Update expectations.
891
892 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
893
894         [BigInt] Add support to BigInt into ValueAdd
895         https://bugs.webkit.org/show_bug.cgi?id=186177
896
897         Reviewed by Keith Miller.
898
899         * stress/big-int-negate-jit.js:
900         * stress/value-add-big-int-and-string.js: Added.
901         * stress/value-add-big-int-prediction-propagation.js: Added.
902         * stress/value-add-big-int-untyped.js: Added.
903
904 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
905
906         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
907         https://bugs.webkit.org/show_bug.cgi?id=191184
908
909         Reviewed by Saam Barati.
910
911         Most tests were failing due to timeouts, since they are too slow to
912         run on CLoop. The exceptions are:
913
914         proxy-get-set-correct-receiver.js: Had to reduce the recursion depth not to overflow on CLoop
915         dont-crash-on-stack-overflow-when-parsing-builtin.js and
916         dont-crash-on-stack-overflow-when-parsing-default-constructor.js: had
917         to change the stack size since CLoop requires it to be page aligned.
918
919         * microbenchmarks/array-push-1.js:
920         * microbenchmarks/array-push-2.js:
921         * microbenchmarks/elidable-new-object-dag.js:
922         * microbenchmarks/elidable-new-object-roflcopter.js:
923         * microbenchmarks/elidable-new-object-tree.js:
924         * microbenchmarks/getter-richards.js:
925         * microbenchmarks/sinkable-new-object-dag.js:
926         * microbenchmarks/string-concat-long-convert.js:
927         * microbenchmarks/typed-array-get-set-by-val-profiling.js:
928         * slowMicrobenchmarks/array-push-3.js:
929         * slowMicrobenchmarks/large-map-iteration-with-additions.js:
930         * slowMicrobenchmarks/spread-small-array.js:
931         * slowMicrobenchmarks/undefined-property-access.js:
932         * stress/activation-sink-default-value-tdz-error.js:
933         * stress/activation-sink-default-value.js:
934         * stress/activation-sink-osrexit-default-value-tdz-error.js:
935         * stress/activation-sink-osrexit-default-value.js:
936         * stress/activation-sink-osrexit.js:
937         * stress/activation-sink.js:
938         * stress/allow-math-ic-b3-code-duplication.js:
939         * stress/array-push-multiple-int32.js:
940         * stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js:
941         * stress/arrowfunction-lexical-this-activation-sink-osrexit.js:
942         * stress/arrowfunction-lexical-this-activation-sink.js:
943         * stress/dont-crash-on-stack-overflow-when-parsing-builtin.js:
944         * stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js:
945         * stress/elide-new-object-dag-then-exit.js:
946         * stress/materialize-regexp-cyclic.js:
947         * stress/new-regex-inline.js:
948         * stress/op_add.js:
949         * stress/op_bitand.js:
950         * stress/op_bitor.js:
951         * stress/op_bitxor.js:
952         * stress/op_div-ConstVar.js:
953         * stress/op_div-VarConst.js:
954         * stress/op_div-VarVar.js:
955         * stress/op_lshift-ConstVar.js:
956         * stress/op_lshift-VarConst.js:
957         * stress/op_lshift-VarVar.js:
958         * stress/op_mod-ConstVar.js:
959         * stress/op_mod-VarConst.js:
960         * stress/op_mod-VarVar.js:
961         * stress/op_mul-ConstVar.js:
962         * stress/op_mul-VarConst.js:
963         * stress/op_mul-VarVar.js:
964         * stress/op_rshift-ConstVar.js:
965         * stress/op_rshift-VarConst.js:
966         * stress/op_rshift-VarVar.js:
967         * stress/op_sub-ConstVar.js:
968         * stress/op_sub-VarConst.js:
969         * stress/op_sub-VarVar.js:
970         * stress/op_urshift-ConstVar.js:
971         * stress/op_urshift-VarConst.js:
972         * stress/op_urshift-VarVar.js:
973         * stress/proxy-get-set-correct-receiver.js:
974         * stress/regress-179562.js:
975         * stress/rest-parameter-many-arguments.js:
976         * stress/sampling-profiler-richards.js:
977         * stress/splay-flash-access-1ms.js:
978         * stress/tailCallForwardArguments.js:
979         * stress/typed-array-get-by-val-profiling.js:
980         * typeProfiler/getter-richards.js:
981
982 2018-11-06  Michael Saboff  <msaboff@apple.com>
983
984         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
985         https://bugs.webkit.org/show_bug.cgi?id=191271
986
987         Reviewed by Saam Barati.
988
989         Added more test cases and made all test cases run with the same deeply recursive stack
990         instead of finding that same point for each test case.
991
992         * stress/regexp-compile-oom.js:
993         (prototype.runTest):
994         (recurseAndTest):
995         (testList.push.new.TestAndExpectedException):
996
997 2018-11-05  Michael Saboff  <msaboff@apple.com>
998
999         Unreviewed build fix for linux.
1000
1001         * stress/regexp-compile-oom.js: Disabled for non-darwin OSes.
1002
1003 2018-11-02  Michael Saboff  <msaboff@apple.com>
1004
1005         Rolling in r237753 with unreviewed build fix.
1006
1007         Fixed issues with DECLARE_THROW_SCOPE placement.
1008
1009 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
1010
1011         Unreviewed, rolling out r237753.
1012
1013         Introduced JSC test failures
1014
1015         Reverted changeset:
1016
1017         "Running out of stack space not properly handled in
1018         RegExp::compile() and its callers"
1019         https://bugs.webkit.org/show_bug.cgi?id=191206
1020         https://trac.webkit.org/changeset/237753
1021
1022 2018-11-02  Michael Saboff  <msaboff@apple.com>
1023
1024         Running out of stack space not properly handled in RegExp::compile() and its callers
1025         https://bugs.webkit.org/show_bug.cgi?id=191206
1026
1027         Reviewed by Filip Pizlo.
1028
1029         New regression test.
1030
1031         * stress/regexp-compile-oom.js: Added.
1032         (recurseAndTest):
1033
1034 2018-11-01  Guillaume Emont  <guijemont@igalia.com>
1035
1036         Skip tests on arm/mips that time out now we're running on CLoop
1037
1038         Unreviewed gardening.
1039
1040         Since the JIT is temporarily disabled on 32-bit platforms, these tests
1041         time out on the bots and need to be disabled. There's more tests
1042         disabled on arm because the timeout is longer on the mips bot (as the
1043         device is slower to start with), so many of the tests don't time out
1044         there.
1045
1046         * microbenchmarks/getter-richards.js: disable on arm and mips.
1047         * stress/op_add.js: disable on arm.
1048         * stress/op_bitand.js: disable on arm.
1049         * stress/op_bitor.js: disable on arm.
1050         * stress/op_bitxor.js: disable on arm.
1051         * stress/op_lshift-ConstVar.js: disable on arm.
1052         * stress/op_lshift-VarConst.js: disable on arm.
1053         * stress/op_lshift-VarVar.js: disable on arm.
1054         * stress/op_mod-ConstVar.js: disable on arm.
1055         * stress/op_mod-VarConst.js: disable on arm.
1056         * stress/op_mod-VarVar.js: disable on arm.
1057         * stress/op_mul-ConstVar.js: disable on arm.
1058         * stress/op_mul-VarConst.js: disable on arm.
1059         * stress/op_mul-VarVar.js: disable on arm.
1060         * stress/op_rshift-ConstVar.js: disable on arm.
1061         * stress/op_rshift-VarConst.js: disable on arm.
1062         * stress/op_rshift-VarVar.js: disable on arm.
1063         * stress/op_sub-ConstVar.js: disable on arm.
1064         * stress/op_sub-VarConst.js: disable on arm.
1065         * stress/op_sub-VarVar.js: disable on arm.
1066         * stress/op_urshift-ConstVar.js: disable on arm.
1067         * stress/op_urshift-VarConst.js: disable on arm.
1068         * stress/op_urshift-VarVar.js: disable on arm.
1069         * stress/spread-forward-call-varargs-stack-overflow.js: disable on arm.
1070         * stress/value-to-boolean.js: disable on arm and mips.
1071
1072 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1073
1074         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1075         https://bugs.webkit.org/show_bug.cgi?id=191108
1076         <rdar://problem/45690700>
1077
1078         Reviewed by Saam Barati.
1079
1080         * stress/wide-op_catch.js: Added.
1081         (catch):
1082
1083 2018-10-29  Mark Lam  <mark.lam@apple.com>
1084
1085         Correctly detect string overflow when using the 'Function' constructor.
1086         https://bugs.webkit.org/show_bug.cgi?id=184883
1087         <rdar://problem/36320331>
1088
1089         Reviewed by Saam Barati.
1090
1091         I've verified that this passes on 32-bit as well.
1092
1093         * slowMicrobenchmarks/function-constructor-with-huge-strings.js: Added.
1094
1095 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1096
1097         Add support for GetStack FlushedDouble
1098         https://bugs.webkit.org/show_bug.cgi?id=191012
1099         <rdar://problem/45265141>
1100
1101         Reviewed by Saam Barati.
1102
1103         * stress/get-stack-double.js: Added.
1104         (bar):
1105         (noInline):
1106
1107 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1108
1109         New bytecode format for JSC
1110         https://bugs.webkit.org/show_bug.cgi?id=187373
1111         <rdar://problem/44186758>
1112
1113         Reviewed by Filip Pizlo.
1114
1115         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
1116
1117         * stress/maximum-inline-capacity.js: Added.
1118         (test1):
1119         (test3.Foo):
1120         (test3):
1121
1122 2018-10-26  Commit Queue  <commit-queue@webkit.org>
1123
1124         Unreviewed, rolling out r237479 and r237484.
1125         https://bugs.webkit.org/show_bug.cgi?id=190978
1126
1127         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
1128
1129         Reverted changesets:
1130
1131         "New bytecode format for JSC"
1132         https://bugs.webkit.org/show_bug.cgi?id=187373
1133         https://trac.webkit.org/changeset/237479
1134
1135         "Gardening: Build fix after r237479."
1136         https://bugs.webkit.org/show_bug.cgi?id=187373
1137         https://trac.webkit.org/changeset/237484
1138
1139 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
1140
1141         New bytecode format for JSC
1142         https://bugs.webkit.org/show_bug.cgi?id=187373
1143         <rdar://problem/44186758>
1144
1145         Reviewed by Filip Pizlo.
1146
1147         Add tests to ensure that the inferred inline capacity for a narrow op_new_object will be capped at 255.
1148
1149         * stress/maximum-inline-capacity.js: Added.
1150         (test1):
1151         (test3.Foo):
1152         (test3):
1153
1154 2018-10-26  Mark Lam  <mark.lam@apple.com>
1155
1156         Fix missing edge cases with JSGlobalObjects having a bad time.
1157         https://bugs.webkit.org/show_bug.cgi?id=189028
1158         <rdar://problem/45204939>
1159
1160         Reviewed by Saam Barati.
1161
1162         * stress/regress-189028.js: Added.
1163
1164 2018-10-22  Mark Lam  <mark.lam@apple.com>
1165
1166         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
1167         https://bugs.webkit.org/show_bug.cgi?id=190515
1168         <rdar://problem/45222379>
1169
1170         Rubber-stamped by Saam Barati.
1171
1172         Adding another test.
1173
1174         * stress/regress-190515-2.js: Added.
1175
1176 2018-10-22  Mark Lam  <mark.lam@apple.com>
1177
1178         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
1179         https://bugs.webkit.org/show_bug.cgi?id=190515
1180         <rdar://problem/45222379>
1181
1182         Reviewed by Saam Barati.
1183
1184         * stress/regress-190515.js: Added.
1185
1186 2018-10-19  Commit Queue  <commit-queue@webkit.org>
1187
1188         Unreviewed, rolling out r237254.
1189         https://bugs.webkit.org/show_bug.cgi?id=190760
1190
1191         "It regresses JetStream 2 by 5% on some iOS devices"
1192         (Requested by saamyjoon on #webkit).
1193
1194         Reverted changeset:
1195
1196         "[JSC] JSC should have "parseFunction" to optimize Function
1197         constructor"
1198         https://bugs.webkit.org/show_bug.cgi?id=190340
1199         https://trac.webkit.org/changeset/237254
1200
1201 2018-10-19  Saam Barati  <sbarati@apple.com>
1202
1203         vmCall should check if we exit before emitting an OSR exit due to exceptions
1204         https://bugs.webkit.org/show_bug.cgi?id=190740
1205         <rdar://problem/45220139>
1206
1207         Reviewed by Mark Lam.
1208
1209         * stress/dont-emit-osr-exits-for-every-call-ftl.js: Added.
1210         (foo):
1211
1212 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
1213
1214         [ESNext][BigInt] Implement support for "^"
1215         https://bugs.webkit.org/show_bug.cgi?id=186235
1216
1217         Reviewed by Yusuke Suzuki.
1218
1219         * stress/big-int-bitwise-xor-general.js: Added.
1220         * stress/big-int-bitwise-xor-to-primitive-precedence.js: Added.
1221         * stress/big-int-bitwise-xor-type-error.js: Added.
1222         * stress/big-int-bitwise-xor-wrapped-value.js: Added.
1223
1224 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
1225
1226         [BigInt] Add ValueSub into DFG
1227         https://bugs.webkit.org/show_bug.cgi?id=186176
1228
1229         Reviewed by Yusuke Suzuki.
1230
1231         * stress/big-int-subtraction-jit.js:
1232         * stress/value-sub-big-int-prediction-propagation.js: Added.
1233         * stress/value-sub-big-int-untyped.js: Added.
1234         * stress/value-sub-spec-none-case.js: Added.
1235
1236 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1237
1238         [JSC] JSC should have "parseFunction" to optimize Function constructor
1239         https://bugs.webkit.org/show_bug.cgi?id=190340
1240
1241         Reviewed by Mark Lam.
1242
1243         This patch fixes the line number of syntax errors raised by the Function constructor,
1244         since we now parse the final code only once. And we no longer use block statement
1245         for Function constructor's parsing.
1246
1247         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1248         * stress/function-cache-with-parameters-end-position.js: Added.
1249         (shouldBe):
1250         (shouldThrow):
1251         (i.anonymous):
1252         * stress/function-constructor-name.js: Added.
1253         (shouldBe):
1254         (GeneratorFunction):
1255         (AsyncFunction.async):
1256         (AsyncGeneratorFunction.async):
1257         (anonymous):
1258         (async.anonymous):
1259         * test262/expectations.yaml:
1260
1261 2018-10-18  Commit Queue  <commit-queue@webkit.org>
1262
1263         Unreviewed, rolling out r237242.
1264         https://bugs.webkit.org/show_bug.cgi?id=190701
1265
1266         it breaks "stress/sampling-profiler-basic.js" (Requested by
1267         caiolima on #webkit).
1268
1269         Reverted changeset:
1270
1271         "[BigInt] Add ValueSub into DFG"
1272         https://bugs.webkit.org/show_bug.cgi?id=186176
1273         https://trac.webkit.org/changeset/237242
1274
1275 2018-10-17  Keith Miller  <keith_miller@apple.com>
1276
1277         AI does not clear Phantom allocation nodes.
1278         https://bugs.webkit.org/show_bug.cgi?id=190694
1279
1280         Reviewed by Saam Barati.
1281
1282         * stress/ftl-ai-filter-phantoms-should-clear-clear-value.js: Added.
1283         (Day):
1284         (DaysInYear):
1285         (TimeInYear):
1286         (TimeFromYear):
1287         (DayFromYear):
1288         (InLeapYear):
1289         (YearFromTime):
1290         (WeekDay):
1291         (DaylightSavingTA):
1292         (GetSecondSundayInMarch):
1293         (TimeInMonth):
1294
1295 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
1296
1297         [BigInt] Add ValueSub into DFG
1298         https://bugs.webkit.org/show_bug.cgi?id=186176
1299
1300         Reviewed by Yusuke Suzuki.
1301
1302         * stress/big-int-subtraction-jit.js:
1303         * stress/value-sub-big-int-prediction-propagation.js: Added.
1304         * stress/value-sub-big-int-untyped.js: Added.
1305
1306 2018-10-16  Dominik Infuehr  <dinfuehr@igalia.com>
1307
1308         [JSC] stress/array-prototype-concat-of-long-spliced-arrays2.js times out on arm and mips
1309         https://bugs.webkit.org/show_bug.cgi?id=190611
1310
1311         Reviewed by Saam Barati.
1312
1313         Reduce array length just like in array-prototype-concat-of-long-spliced-arrays.js
1314         to improve test runtime. On ARM/MIPS this test even timed out when running all
1315         tests.
1316
1317         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
1318         (test):
1319
1320 2018-10-15  Guillaume Emont  <guijemont@igalia.com>
1321
1322         Skip stress/array-prototype-concat-of-long-spliced-arrays2.js on arm and mips/linux
1323
1324         Unreviewed gardening.
1325
1326         * stress/array-prototype-concat-of-long-spliced-arrays2.js:
1327
1328 2018-10-15  Saam barati  <sbarati@apple.com>
1329
1330         Emit fjcvtzs on ARM64E on Darwin
1331         https://bugs.webkit.org/show_bug.cgi?id=184023
1332
1333         Reviewed by Yusuke Suzuki and Filip Pizlo.
1334
1335         * stress/double-to-int32-NaN.js: Added.
1336         (assert):
1337         (foo):
1338
1339 2018-10-15  Saam Barati  <sbarati@apple.com>
1340
1341         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
1342         https://bugs.webkit.org/show_bug.cgi?id=190262
1343         <rdar://problem/44986241>
1344
1345         Reviewed by Mark Lam.
1346
1347         * stress/array-prototype-concat-of-long-spliced-arrays.js:
1348         (test):
1349         * stress/slice-array-storage-with-holes.js: Added.
1350         (main):
1351
1352 2018-10-15  Commit Queue  <commit-queue@webkit.org>
1353
1354         Unreviewed, rolling out r237054.
1355         https://bugs.webkit.org/show_bug.cgi?id=190593
1356
1357         "this regressed JetStream 2 by 6% on iOS" (Requested by
1358         saamyjoon on #webkit).
1359
1360         Reverted changeset:
1361
1362         "[JSC] JSC should have "parseFunction" to optimize Function
1363         constructor"
1364         https://bugs.webkit.org/show_bug.cgi?id=190340
1365         https://trac.webkit.org/changeset/237054
1366
1367 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1368
1369         [JSC] JSON.stringify can accept call-with-no-arguments
1370         https://bugs.webkit.org/show_bug.cgi?id=190343
1371
1372         Reviewed by Mark Lam.
1373
1374         * stress/json-stringify-no-arguments.js: Added.
1375         (shouldBe):
1376
1377 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1378
1379         [JSC] JSC should have "parseFunction" to optimize Function constructor
1380         https://bugs.webkit.org/show_bug.cgi?id=190340
1381
1382         Reviewed by Mark Lam.
1383
1384         This patch fixes the line number of syntax errors raised by the Function constructor,
1385         since we now parse the final code only once. And we no longer use block statement
1386         for Function constructor's parsing.
1387
1388         * ChakraCore/test/Function/FuncBodyES5.baseline-jsc:
1389         * stress/function-cache-with-parameters-end-position.js: Added.
1390         (shouldBe):
1391         (shouldThrow):
1392         (i.anonymous):
1393         * stress/function-constructor-name.js: Added.
1394         (shouldBe):
1395         (GeneratorFunction):
1396         (AsyncFunction.async):
1397         (AsyncGeneratorFunction.async):
1398         (anonymous):
1399         (async.anonymous):
1400         * test262/expectations.yaml:
1401
1402 2018-10-10  Guillaume Emont  <guijemont@igalia.com>
1403
1404         Skip JSC test stress/sampling-profiler-richards.js on armv7/linux
1405         https://bugs.webkit.org/show_bug.cgi?id=190426
1406
1407         Unreviewed gardening.
1408
1409         * stress/sampling-profiler-richards.js:
1410
1411 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
1412
1413         [ESNext][BigInt] Implement support for "|"
1414         https://bugs.webkit.org/show_bug.cgi?id=186229
1415
1416         Reviewed by Yusuke Suzuki.
1417
1418         * stress/big-int-bitwise-and-jit.js:
1419         * stress/big-int-bitwise-or-general.js: Added.
1420         * stress/big-int-bitwise-or-jit-untyped.js: Added.
1421         * stress/big-int-bitwise-or-jit.js: Added.
1422         * stress/big-int-bitwise-or-memory-stress.js: Added.
1423         * stress/big-int-bitwise-or-to-primitive-precedence.js: Added.
1424         * stress/big-int-bitwise-or-type-error.js: Added.
1425         * stress/big-int-bitwise-or-wrapped-value.js: Added.
1426
1427 2018-10-05  Dominik Infuehr  <dominik.infuehr@gmail.com>
1428
1429         Skip test on systems with limited memory
1430         https://bugs.webkit.org/show_bug.cgi?id=190310
1431
1432         Invoking runDefault adds test to runlist, skipping the test in the next
1433         line does not prevent the test from executing. Change order of lines such
1434         that runDefault is only executed if test is not executed.
1435
1436         Reviewed by Mark Lam.
1437
1438         * stress/regress-190187.js:
1439
1440 2018-10-03  Saam barati  <sbarati@apple.com>
1441
1442         lowXYZ in FTLLower should always filter the type of the incoming edge
1443         https://bugs.webkit.org/show_bug.cgi?id=189939
1444         <rdar://problem/44407030>
1445
1446         Reviewed by Michael Saboff.
1447
1448         * stress/ftl-should-always-filter-for-low-type-check-functions.js: Added.
1449         (foo):
1450         (test):
1451
1452 2018-10-03  Mark Lam  <mark.lam@apple.com>
1453
1454         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
1455         https://bugs.webkit.org/show_bug.cgi?id=190187
1456         <rdar://problem/42512909>
1457
1458         Reviewed by Michael Saboff.
1459
1460         * stress/regress-190187.js: Added.
1461
1462 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
1463
1464         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1465         https://bugs.webkit.org/show_bug.cgi?id=190033
1466
1467         Reviewed by Yusuke Suzuki.
1468
1469         * stress/big-int-to-string.js:
1470
1471 2018-10-01  Mark Lam  <mark.lam@apple.com>
1472
1473         Function.toString() should also copy the source code Functions that are class definitions.
1474         https://bugs.webkit.org/show_bug.cgi?id=190186
1475         <rdar://problem/44733360>
1476
1477         Reviewed by Saam Barati.
1478
1479         * stress/regress-190186.js: Added.
1480
1481 2018-10-01  Dominik Infuehr  <dinfuehr@igalia.com>
1482
1483         Split NaN-check into separate test
1484         https://bugs.webkit.org/show_bug.cgi?id=190010
1485
1486         Reviewed by Saam Barati.
1487
1488         DataView exposes NaN-representation, which is not necessarily the same on each
1489         architecture. Therefore move the check of the NaN-representation into its own
1490         file such that we can disable this test on MIPS where NaN-representation can be
1491         different on older CPUs.
1492
1493         * stress/dataview-jit-set-nan.js: Added.
1494         (assert):
1495         (test.storeLittleEndian):
1496         (test.storeBigEndian):
1497         (test.store):
1498         (test):
1499         * stress/dataview-jit-set.js:
1500         (test5):
1501
1502 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1503
1504         Unreviewed, rolling out r236647.
1505         https://bugs.webkit.org/show_bug.cgi?id=190124
1506
1507         Breaking test stress/big-int-to-string.js (Requested by
1508         caiolima_ on #webkit).
1509
1510         Reverted changeset:
1511
1512         "[BigInt] BigInt.proptotype.toString is broken when radix is
1513         power of 2"
1514         https://bugs.webkit.org/show_bug.cgi?id=190033
1515         https://trac.webkit.org/changeset/236647
1516
1517 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1518
1519         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1520         https://bugs.webkit.org/show_bug.cgi?id=190033
1521
1522         Reviewed by Yusuke Suzuki.
1523
1524         * stress/big-int-to-string.js:
1525
1526 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1527
1528         [ESNext][BigInt] Implement support for "&"
1529         https://bugs.webkit.org/show_bug.cgi?id=186228
1530
1531         Reviewed by Yusuke Suzuki.
1532
1533         * stress/big-int-bitwise-and-general.js: Added.
1534         (assert):
1535         (assert.sameValue):
1536         * stress/big-int-bitwise-and-jit.js: Added.
1537         (let.assert.sameValue):
1538         (bigIntBitAnd):
1539         * stress/big-int-bitwise-and-memory-stress.js: Added.
1540         (assert):
1541         * stress/big-int-bitwise-and-to-primitive-precedence.js: Added.
1542         (assert.sameValue):
1543         (let.o.Symbol.toPrimitive):
1544         (catch):
1545         * stress/big-int-bitwise-and-type-error.js: Added.
1546         (assert):
1547         (assertThrowTypeError):
1548         (let.o.valueOf):
1549         (o.valueOf):
1550         (o.toString):
1551         (o.Symbol.toPrimitive):
1552         * stress/big-int-bitwise-and-wrapped-value.js: Added.
1553         (assert.sameValue):
1554         (testBitAnd):
1555         (let.o.Symbol.toPrimitive):
1556         (o.valueOf):
1557         (o.toString):
1558
1559 2018-09-28  Ross Kirsling  <ross.kirsling@sony.com>
1560
1561         JSC test stress/jsc-read.js doesn't support CRLF
1562         https://bugs.webkit.org/show_bug.cgi?id=190063
1563
1564         Reviewed by Yusuke Suzuki.
1565
1566         In order to run this test via Windows command prompt, we can't assume that the final newline will be LF.
1567
1568         * stress/jsc-read.js:
1569         (test):
1570
1571 2018-09-27  Saam barati  <sbarati@apple.com>
1572
1573         Verify the contents of AssemblerBuffer on arm64e
1574         https://bugs.webkit.org/show_bug.cgi?id=190057
1575         <rdar://problem/38916630>
1576
1577         Reviewed by Mark Lam.
1578
1579         * stress/regress-189132.js:
1580
1581 2018-09-27  Dominik Infuehr  <dinfuehr@igalia.com>
1582
1583         Disable test without LLInt on ARMv7
1584         https://bugs.webkit.org/show_bug.cgi?id=190037
1585
1586         Reviewed by Mark Lam.
1587
1588         Test runs out of executable memory on ARMv7, do not run
1589         this test without LLInt enabled.
1590
1591         * stress/regress-169445.js:
1592
1593 2018-09-26  Keith Miller  <keith_miller@apple.com>
1594
1595         We should zero unused property storage when rebalancing array storage.
1596         https://bugs.webkit.org/show_bug.cgi?id=188151
1597
1598         Reviewed by Michael Saboff.
1599
1600         * stress/splice-should-zero-property-storage-when-rebalancing.js: Added.
1601
1602 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1603
1604         [JSC] Optimize Array#lastIndexOf
1605         https://bugs.webkit.org/show_bug.cgi?id=189780
1606
1607         Reviewed by Saam Barati.
1608
1609         * stress/array-lastindexof-array-prototype-trap.js: Added.
1610         (shouldBe):
1611         (AncestorArray.prototype.get 2):
1612         (AncestorArray):
1613         * stress/array-lastindexof-have-a-bad-time-c-runtime.js: Added.
1614         (shouldBe):
1615         * stress/array-lastindexof-hole-nan.js: Added.
1616         (shouldBe):
1617         (throw.new.Error):
1618         * stress/array-lastindexof-infinity.js: Added.
1619         (shouldBe):
1620         (throw.new.Error):
1621         * stress/array-lastindexof-negative-zero.js: Added.
1622         (shouldBe):
1623         (throw.new.Error):
1624         * stress/array-lastindexof-own-getter.js: Added.
1625         (shouldBe):
1626         (throw.new.Error.get array):
1627         (get array):
1628         * stress/array-lastindexof-prototype-trap.js: Added.
1629         (shouldBe):
1630         (DerivedArray.prototype.get 2):
1631         (DerivedArray):
1632
1633 2018-09-25  Saam Barati  <sbarati@apple.com>
1634
1635         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1636         https://bugs.webkit.org/show_bug.cgi?id=189940
1637         <rdar://problem/43640987>
1638
1639         Reviewed by Mark Lam.
1640
1641         * stress/use-baseline-codeblock-materialize-osr-exit.js: Added.
1642
1643 2018-09-24  Saam Barati  <sbarati@apple.com>
1644
1645         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1646         https://bugs.webkit.org/show_bug.cgi?id=189922
1647         <rdar://problem/44651275>
1648
1649         Reviewed by Mark Lam.
1650
1651         * stress/array-indexof-fast-path-effects.js: Added.
1652         * stress/array-indexof-cached-length.js: Added.
1653
1654 2018-09-24  Saam barati  <sbarati@apple.com>
1655
1656         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1657         https://bugs.webkit.org/show_bug.cgi?id=189682
1658         <rdar://problem/43557315>
1659
1660         Reviewed by Mark Lam.
1661
1662         * stress/arguments-elimination-will-generate-edge-without-result.js: Added.
1663         (foo):
1664
1665 2018-09-22  Saam barati  <sbarati@apple.com>
1666
1667         The sampling should not use Strong<CodeBlock> in its machineLocation field
1668         https://bugs.webkit.org/show_bug.cgi?id=189319
1669
1670         Reviewed by Filip Pizlo.
1671
1672         * stress/sampling-profiler-richards.js: Added.
1673
1674 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1675
1676         [JSC] Optimize Array#indexOf in C++ runtime
1677         https://bugs.webkit.org/show_bug.cgi?id=189507
1678
1679         Reviewed by Saam Barati.
1680
1681         * stress/array-indexof-array-prototype-trap.js: Added.
1682         (shouldBe):
1683         (AncestorArray.prototype.get 2):
1684         (AncestorArray):
1685         * stress/array-indexof-have-a-bad-time-c-runtime.js: Added.
1686         (shouldBe):
1687         * stress/array-indexof-hole-nan.js: Added.
1688         (shouldBe):
1689         (throw.new.Error):
1690         * stress/array-indexof-infinity.js: Added.
1691         (shouldBe):
1692         (throw.new.Error):
1693         * stress/array-indexof-negative-zero.js: Added.
1694         (shouldBe):
1695         (throw.new.Error):
1696         * stress/array-indexof-own-getter.js: Added.
1697         (shouldBe):
1698         (throw.new.Error.get array):
1699         (get array):
1700         * stress/array-indexof-prototype-trap.js: Added.
1701         (shouldBe):
1702         (DerivedArray.prototype.get 2):
1703         (DerivedArray):
1704
1705 2018-09-19  Saam barati  <sbarati@apple.com>
1706
1707         AI rule for MultiPutByOffset executes its effects in the wrong order
1708         https://bugs.webkit.org/show_bug.cgi?id=189757
1709         <rdar://problem/43535257>
1710
1711         Reviewed by Michael Saboff.
1712
1713         * stress/multi-put-by-offset-must-filter-value-before-filtering-base.js: Added.
1714         (foo):
1715         (Foo):
1716         (g):
1717
1718 2018-09-17  Mark Lam  <mark.lam@apple.com>
1719
1720         Ensure that ForInContexts are invalidated if their loop local is over-written.
1721         https://bugs.webkit.org/show_bug.cgi?id=189571
1722         <rdar://problem/44402277>
1723
1724         Reviewed by Saam Barati.
1725
1726         * stress/regress-189571.js: Added.
1727
1728 2018-09-17  Saam barati  <sbarati@apple.com>
1729
1730         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
1731         https://bugs.webkit.org/show_bug.cgi?id=189676
1732         <rdar://problem/39682897>
1733
1734         Reviewed by Michael Saboff.
1735
1736         * typeProfiler/check-structure-or-empty-in-fixup.js: Added.
1737         (A):
1738         (K):
1739         (i.catch):
1740
1741 2018-09-14  Saam barati  <sbarati@apple.com>
1742
1743         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1744         https://bugs.webkit.org/show_bug.cgi?id=189628
1745         <rdar://problem/39481690>
1746
1747         Reviewed by Mark Lam.
1748
1749         * stress/verbose-failure-dont-graph-dump-availability-already-freed.js: Added.
1750         (foo):
1751
1752 2018-09-11  Mark Lam  <mark.lam@apple.com>
1753
1754         Test for array initialization in arrayProtoFuncSplice.
1755         https://bugs.webkit.org/show_bug.cgi?id=170253
1756         <rdar://problem/31328773>
1757
1758         Rubber-stamped by Saam Barati.
1759
1760         * stress/regress-170253.js: Added.
1761
1762 2018-09-11  Mark Lam  <mark.lam@apple.com>
1763
1764         Test for IntlObject initialization.
1765         https://bugs.webkit.org/show_bug.cgi?id=170251
1766         <rdar://problem/31328419>
1767
1768         Rubber-stamped by Saam Barati.
1769
1770         * stress/regress-170251.js: Added.
1771
1772 2018-09-11  Mark Lam  <mark.lam@apple.com>
1773
1774         Test for array memcpy'ing when JSGlobalObject::haveABadTime.
1775         https://bugs.webkit.org/show_bug.cgi?id=169889
1776         <rdar://problem/31155607>
1777
1778         Reviewed by Saam Barati.
1779
1780         * stress/regress-169889-array-concat.js: Added.
1781         * stress/regress-169889-array-concat1.js: Added.
1782         * stress/regress-169889-array-slice.js: Added.
1783
1784 2018-09-11  Mark Lam  <mark.lam@apple.com>
1785
1786         Test for incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope.
1787         https://bugs.webkit.org/show_bug.cgi?id=169445
1788         <rdar://problem/30957435>
1789
1790         Reviewed by Saam Barati.
1791
1792         * stress/regress-169445.js: Added.
1793         (let.gun.eval.A):
1794         (let.gun.eval.B.C):
1795         (let.gun.eval.B.C.prototype.trigger):
1796         (let.gun.eval.B.C.prototype.triggerWithRestParameters):
1797         (let.gun.eval.B):
1798         (let.gun.eval):
1799
1800 == Rolled over to ChangeLog-2018-09-11 ==