JSC should have InstanceOf inline caching
[WebKit-https.git] / JSTests / ChangeLog
1 2018-05-16  Filip Pizlo  <fpizlo@apple.com>
2
3         JSC should have InstanceOf inline caching
4         https://bugs.webkit.org/show_bug.cgi?id=185652
5
6         Reviewed by Saam Barati.
7
8         * microbenchmarks/instanceof-always-hit-one.js: Added.
9         * microbenchmarks/instanceof-always-hit-two.js: Added.
10         * microbenchmarks/instanceof-dynamic.js: Added.
11         * microbenchmarks/instanceof-sometimes-hit.js: Added.
12         * stress/instanceof-dynamic-proxy-check-structure.js: Added.
13         * stress/instanceof-dynamic-proxy-loop.js: Added.
14         * stress/instanceof-dynamic-proxy.js: Added.
15         * stress/instanceof-hit-one-object-then-another.js: Added.
16         * stress/instanceof-hit-two-objects-then-another.js: Added.
17         * stress/instanceof-prototype-change.js: Added.
18         * stress/instanceof-prototype-change-to-hit.js: Added.
19         * stress/instanceof-prototype-change-to-null.js: Added.
20         * stress/instanceof-prototype-change-watchpointable.js: Added.
21
22 2018-05-17  Michael Saboff  <msaboff@apple.com>
23
24         We don't throw SyntaxErrors for runtime generated regular expressions with errors
25         https://bugs.webkit.org/show_bug.cgi?id=185755
26
27         Reviewed by Keith Miller.
28
29         New regression test.
30
31         * stress/regexp-with-runtime-syntax-errors.js: Added.
32         (testThrowsSyntaxtError):
33         (fromExecWithBadUnicodeEscape):
34         (fromTestWithBadUnicodeProperty):
35         (fromSplitWithBadUnicodeIdentity):
36         (fromMatchWithBadUnicodeBackReference):
37         (fromReplaceWithBadUnicodeEscape):
38         (fromSearchWithBadUnicodeEscape):
39
40 2018-05-16  Caio Lima  <ticaiolima@gmail.com>
41
42         [ESNext][BigInt] Implement support for "/" operation
43         https://bugs.webkit.org/show_bug.cgi?id=183996
44
45         Reviewed by Yusuke Suzuki.
46
47         * bigIntTests.yaml:
48         * stress/big-int-div-jit.js: Added.
49         * stress/big-int-div-memory-stress.js: Added.
50         * stress/big-int-div-to-primitive-precedence.js: Added.
51         * stress/big-int-div-to-primitive.js: Added.
52         * stress/big-int-div-type-error.js: Added.
53         * stress/big-int-div-wrapped-value.js: Added.
54         * stress/big-int-division.js: Added.
55
56 2018-05-16  Saam Barati  <sbarati@apple.com>
57
58         Constant fold CheckTypeInfoFlags on ImplementsDefaultHasInstance
59         https://bugs.webkit.org/show_bug.cgi?id=185670
60
61         Reviewed by Yusuke Suzuki.
62
63         * microbenchmarks/constant-fold-check-type-info-flags.js: Added.
64         * stress/dont-constant-fold-check-type-info-on-bound-function.js: Added.
65
66 2018-05-16  Commit Queue  <commit-queue@webkit.org>
67
68         Unreviewed, rolling out r231845.
69         https://bugs.webkit.org/show_bug.cgi?id=185702
70
71         it is breaking Apple High Sierra 32-bit JSC bot (Requested by
72         caiolima on #webkit).
73
74         Reverted changeset:
75
76         "[ESNext][BigInt] Implement support for "/" operation"
77         https://bugs.webkit.org/show_bug.cgi?id=183996
78         https://trac.webkit.org/changeset/231845
79
80 2018-05-16  Filip Pizlo  <fpizlo@apple.com>
81
82         DFG models InstanceOf incorrectly
83         https://bugs.webkit.org/show_bug.cgi?id=185694
84
85         Reviewed by Keith Miller.
86
87         * stress/instanceof-proxy-check-structure.js: Added.
88         (Foo):
89         (Bar):
90         (doBadThings):
91         (getPrototypeOf):
92         (foo):
93         (i.new.Bar):
94         (new.Bar):
95         * stress/instanceof-proxy-loop.js: Added.
96         (Foo):
97         (Bar):
98         (doBadThings):
99         (getPrototypeOf):
100         (foo):
101         * stress/instanceof-proxy.js: Added.
102         (Foo):
103         (Bar):
104         (doBadThings):
105         (getPrototypeOf):
106         (foo):
107
108 2018-05-16  Caio Lima  <ticaiolima@gmail.com>
109
110         [ESNext][BigInt] Implement support for "/" operation
111         https://bugs.webkit.org/show_bug.cgi?id=183996
112
113         Reviewed by Yusuke Suzuki.
114
115         * bigIntTests.yaml:
116         * stress/big-int-div-jit.js: Added.
117         * stress/big-int-div-memory-stress.js: Added.
118         * stress/big-int-div-to-primitive-precedence.js: Added.
119         * stress/big-int-div-to-primitive.js: Added.
120         * stress/big-int-div-type-error.js: Added.
121         * stress/big-int-div-wrapped-value.js: Added.
122         * stress/big-int-division.js: Added.
123
124 2018-05-14  Leo Balter  <leonardo.balter@gmail.com>
125
126         Fix a legacy CRLF eol from Test262
127         https://bugs.webkit.org/show_bug.cgi?id=185565
128
129         Reviewed by Yusuke Suzuki.
130
131         * test262/config.yaml:
132         * test262/test/built-ins/Math/cbrt/prop-desc.js:
133
134 2018-05-14  Yusuke Suzuki  <utatane.tea@gmail.com>
135
136         [JSC] timeClip(-0) should produce +0
137         https://bugs.webkit.org/show_bug.cgi?id=185589
138
139         Reviewed by Saam Barati.
140
141         Fix several test262 failures.
142
143         * stress/date-negative-zero.js: Added.
144         (shouldBe):
145         * test262/expectations.yaml:
146
147 2018-05-13  Caio Lima  <ticaiolima@gmail.com>
148
149         [BigInt] stress/big-int-spec-to-primitive.js test is failing
150         https://bugs.webkit.org/show_bug.cgi?id=185582
151
152         Reviewed by Yusuke Suzuki.
153
154         This patch is removing the use of ```numberOfDFGCompiles``` from 
155         stress/big-int-spec-to-primitive.js because it makes this est fail
156         sometimes.
157
158         * stress/big-int-spec-to-primitive.js:
159
160 2018-05-13  Andy VanWagoner  <andy@vanwagoner.family>
161
162         [INTL] Improve spec & test262 compliance for Intl APIs
163         https://bugs.webkit.org/show_bug.cgi?id=185578
164
165         Reviewed by Yusuke Suzuki.
166
167         Remove intl402 failures that have been fixed.
168
169         * test262/expectations.yaml:
170         * stress/regress-178385.js: toStringTag is configurable, but not writable.
171
172 2018-05-11  Caio Lima  <ticaiolima@gmail.com>
173
174         [ESNext][BigInt] Implement support for "*" operation
175         https://bugs.webkit.org/show_bug.cgi?id=183721
176
177         Reviewed by Yusuke Suzuki.
178
179         * bigIntTests.yaml:
180         * stress/big-int-mul-jit.js: Added.
181         * stress/big-int-mul-to-primitive-precedence.js: Added.
182         * stress/big-int-mul-to-primitive.js: Added.
183         * stress/big-int-mul-type-error.js: Added.
184         * stress/big-int-mul-wrapped-value.js: Added.
185         * stress/big-int-multiplication.js: Added.
186         * stress/big-int-multiply-memory-stress.js: Added.
187
188 2018-05-11  Michael Saboff  <msaboff@apple.com>
189
190         [DFG] Compiler uses incorrect output register for NumberIsInteger operation
191         https://bugs.webkit.org/show_bug.cgi?id=185328
192
193         Reviewed by Keith Miller.
194
195         New regression test.
196
197         * stress/isInteger-doesnt-overwrite-argument.js: Added.
198         (testIsInteger):
199
200 2018-05-09  Yusuke Suzuki  <utatane.tea@gmail.com>
201
202         [JSC] Object.assign for final objects should be faster
203         https://bugs.webkit.org/show_bug.cgi?id=185348
204
205         Reviewed by Saam Barati.
206
207         * stress/object-assign-fast-path.js: Added.
208         (shouldBe):
209         (checkProperty):
210
211 2018-05-10  Leo Balter  <leonardo.balter@gmail.com>
212
213         Update Test262 tests through the new import script - 20180509
214         https://bugs.webkit.org/show_bug.cgi?id=185482
215
216         Reviewed by Michael Saboff.
217
218         Also update the test262/expecatations.yaml with the recent imported files.
219
220         * test262/expectations.yaml:
221         * test262/harness/compareIterator.js: Added.
222         (assert.compareIterator):
223         * test262/harness/nativeFunctionMatcher.js:
224         (const.assertToStringOrNativeFunction):
225         (const.assertNativeFunction):
226         * test262/harness/regExpUtils.js:
227         * test262/harness/testIntl.js:
228         (getInvalidLanguageTags):
229         * test262/harness/testTypedArray.js:
230         * test262/harness/wellKnownIntrinsicObjects.js: Added.
231         (WellKnownIntrinsicObjects.forEach.wkio.catch):
232         * test262/latest-changes-summary.txt: Added.
233         * test262/test/annexB/language/eval-code/direct/block-decl-nostrict.js: Copied from JSTests/test262/test/language/eval-code/direct/block-decl-strict-caller.js.
234         (catch):
235         * test262/test/annexB/language/eval-code/direct/switch-case-decl-nostrict.js: Copied from JSTests/test262/test/language/eval-code/direct/switch-case-decl-strict-source.js.
236         (catch):
237         * test262/test/annexB/language/eval-code/direct/switch-dflt-decl-nostrict.js: Copied from JSTests/test262/test/language/eval-code/direct/switch-dflt-decl-strict-caller.js.
238         (catch):
239         * test262/test/annexB/language/function-code/block-decl-nested-blocks-with-fun-decl.js: Added.
240         (g.f):
241         (g):
242         * test262/test/annexB/language/function-code/block-decl-nostrict.js: Copied from JSTests/test262/test/language/function-code/block-decl-strict.js.
243         (catch):
244         (f):
245         * test262/test/annexB/language/function-code/switch-case-decl-nostrict.js: Copied from JSTests/test262/test/language/function-code/switch-case-decl-strict.js.
246         (catch):
247         (switch.case.1):
248         (switch):
249         * test262/test/annexB/language/function-code/switch-dflt-decl-nostrict.js: Copied from JSTests/test262/test/language/function-code/switch-dflt-decl-strict.js.
250         (catch):
251         (switch.default):
252         (switch):
253         * test262/test/built-ins/Array/prototype/filter/target-array-with-non-writable-property.js: Added.
254         (a.Symbol.species):
255         (r.a.filter):
256         * test262/test/built-ins/Array/prototype/indexOf/calls-only-has-on-prototype-after-length-zeroed.js: Added.
257         (allowProxyTraps.has):
258         (fromIndex.valueOf):
259         * test262/test/built-ins/Array/prototype/lastIndexOf/calls-only-has-on-prototype-after-length-zeroed.js: Added.
260         (allowProxyTraps.has):
261         (fromIndex.valueOf):
262         * test262/test/built-ins/Array/prototype/map/target-array-with-non-writable-property.js: Added.
263         (a.Symbol.species):
264         (r.a.map):
265         * test262/test/built-ins/Array/prototype/slice/target-array-with-non-writable-property.js: Added.
266         (a.Symbol.species):
267         * test262/test/built-ins/Array/prototype/splice/property-traps-order-with-species.js: Added.
268         (a.Symbol.species):
269         * test262/test/built-ins/Array/prototype/splice/target-array-with-non-writable-property.js: Added.
270         (a.Symbol.species):
271         * test262/test/built-ins/Atomics/Symbol.toStringTag.js:
272         * test262/test/built-ins/Atomics/add/bad-range.js:
273         (testWithTypedArrayConstructors):
274         * test262/test/built-ins/Atomics/add/good-views.js:
275         (testWithTypedArrayConstructors):
276         * test262/test/built-ins/Atomics/add/non-views.js:
277         * test262/test/built-ins/Atomics/add/nonshared-int-views.js:
278         (testWithTypedArrayConstructors):
279         * test262/test/built-ins/Atomics/add/shared-nonint-views.js:
280         (testWithTypedArrayConstructors):
281         * test262/test/built-ins/Atomics/and/bad-range.js:
282         (testWithTypedArrayConstructors):
283         * test262/test/built-ins/Atomics/and/good-views.js:
284         (testWithTypedArrayConstructors):
285         * test262/test/built-ins/Atomics/and/non-views.js:
286         * test262/test/built-ins/Atomics/and/nonshared-int-views.js:
287         (testWithTypedArrayConstructors):
288         * test262/test/built-ins/Atomics/and/shared-nonint-views.js:
289         (testWithTypedArrayConstructors):
290         * test262/test/built-ins/Atomics/compareExchange/bad-range.js:
291         (testWithTypedArrayConstructors):
292         * test262/test/built-ins/Atomics/compareExchange/good-views.js:
293         (testWithTypedArrayConstructors):
294         (view): Deleted.
295         * test262/test/built-ins/Atomics/compareExchange/non-views.js:
296         * test262/test/built-ins/Atomics/compareExchange/nonshared-int-views.js:
297         (testWithTypedArrayConstructors):
298         * test262/test/built-ins/Atomics/compareExchange/shared-nonint-views.js:
299         (testWithTypedArrayConstructors):
300         * test262/test/built-ins/Atomics/exchange/bad-range.js:
301         (testWithTypedArrayConstructors):
302         * test262/test/built-ins/Atomics/exchange/good-views.js:
303         (testWithTypedArrayConstructors):
304         * test262/test/built-ins/Atomics/exchange/non-views.js:
305         * test262/test/built-ins/Atomics/exchange/nonshared-int-views.js:
306         (testWithTypedArrayConstructors):
307         * test262/test/built-ins/Atomics/exchange/shared-nonint-views.js:
308         (testWithTypedArrayConstructors):
309         * test262/test/built-ins/Atomics/isLockFree/corner-cases.js:
310         (hide):
311         * test262/test/built-ins/Atomics/isLockFree/value.js:
312         (testIsLockFree): Deleted.
313         * test262/test/built-ins/Atomics/load/bad-range.js:
314         (testWithTypedArrayConstructors):
315         * test262/test/built-ins/Atomics/load/good-views.js:
316         (testWithTypedArrayConstructors):
317         * test262/test/built-ins/Atomics/load/non-views.js:
318         * test262/test/built-ins/Atomics/load/nonshared-int-views.js:
319         (testWithTypedArrayConstructors):
320         * test262/test/built-ins/Atomics/load/shared-nonint-views.js:
321         (testWithTypedArrayConstructors):
322         * test262/test/built-ins/Atomics/or/bad-range.js:
323         (testWithTypedArrayConstructors):
324         * test262/test/built-ins/Atomics/or/good-views.js:
325         (testWithTypedArrayConstructors):
326         * test262/test/built-ins/Atomics/or/non-views.js:
327         * test262/test/built-ins/Atomics/or/nonshared-int-views.js:
328         (testWithTypedArrayConstructors):
329         * test262/test/built-ins/Atomics/or/shared-nonint-views.js:
330         (testWithTypedArrayConstructors):
331         * test262/test/built-ins/Atomics/prop-desc.js:
332         * test262/test/built-ins/Atomics/proto.js:
333         * test262/test/built-ins/Atomics/store/bad-range.js:
334         (testWithTypedArrayConstructors):
335         * test262/test/built-ins/Atomics/store/good-views.js:
336         (testWithTypedArrayConstructors):
337         (ToInteger):
338         * test262/test/built-ins/Atomics/store/non-views.js:
339         * test262/test/built-ins/Atomics/store/nonshared-int-views.js:
340         (testWithTypedArrayConstructors):
341         * test262/test/built-ins/Atomics/store/shared-nonint-views.js:
342         (testWithTypedArrayConstructors):
343         * test262/test/built-ins/Atomics/sub/bad-range.js:
344         (testWithTypedArrayConstructors):
345         * test262/test/built-ins/Atomics/sub/good-views.js:
346         (testWithTypedArrayConstructors):
347         * test262/test/built-ins/Atomics/sub/non-views.js:
348         * test262/test/built-ins/Atomics/sub/nonshared-int-views.js:
349         (testWithTypedArrayConstructors):
350         * test262/test/built-ins/Atomics/sub/shared-nonint-views.js:
351         (testWithTypedArrayConstructors):
352         * test262/test/built-ins/Atomics/wait/bad-range.js: Copied from JSTests/test262/test/built-ins/Atomics/wake/bad-range.js.
353         (testWithTypedArrayConstructors):
354         * test262/test/built-ins/Atomics/wait/cannot-suspend-throws.js:
355         * test262/test/built-ins/Atomics/wait/did-timeout.js:
356         (getReport):
357         * test262/test/built-ins/Atomics/wait/false-for-timeout-agent.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/false-for-timeout.js.
358         (getReport):
359         (262.agent.start.valueOf.valueOf):
360         (toPrimitive.Symbol.toPrimitive):
361         (262.agent.receiveBroadcast):
362         * test262/test/built-ins/Atomics/wait/false-for-timeout.js:
363         (valueOf.valueOf):
364         (toPrimitive.Symbol.toPrimitive):
365         (getReport): Deleted.
366         (262.agent.start.262.agent.receiveBroadcast): Deleted.
367         * test262/test/built-ins/Atomics/wait/good-views.js:
368         (r.getReport):
369         (getReport):
370         * test262/test/built-ins/Atomics/wait/nan-for-timeout.js:
371         (getReport):
372         * test262/test/built-ins/Atomics/wait/negative-index-throws.js:
373         * test262/test/built-ins/Atomics/wait/negative-timeout-agent.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/negative-timeout.js.
374         (getReport):
375         (262.agent.start.262.agent.receiveBroadcast):
376         * test262/test/built-ins/Atomics/wait/negative-timeout.js:
377         (262.agent.start.262.agent.receiveBroadcast): Deleted.
378         (getReport): Deleted.
379         * test262/test/built-ins/Atomics/wait/no-spurious-wakeup.js:
380         (getReport):
381         * test262/test/built-ins/Atomics/wait/non-int32-typedarray-throws.js:
382         * test262/test/built-ins/Atomics/wait/non-shared-bufferdata-throws.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/nonshared-bufferdata-throws.js.
383         * test262/test/built-ins/Atomics/wait/not-a-typedarray-throws.js:
384         * test262/test/built-ins/Atomics/wait/not-an-object-throws.js:
385         * test262/test/built-ins/Atomics/wait/null-bufferdata-throws.js:
386         * test262/test/built-ins/Atomics/wait/null-for-timeout-agent.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/false-for-timeout.js.
387         (getReport):
388         (262.agent.start.valueOf.valueOf):
389         (toPrimitive.Symbol.toPrimitive):
390         (262.agent.receiveBroadcast):
391         * test262/test/built-ins/Atomics/wait/null-for-timeout.js:
392         (valueOf.valueOf):
393         (toPrimitive.Symbol.toPrimitive):
394         (getReport): Deleted.
395         (262.agent.start.262.agent.receiveBroadcast): Deleted.
396         * test262/test/built-ins/Atomics/wait/object-for-timeout-agent.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/false-for-timeout.js.
397         (getReport):
398         (262.agent.start.valueOf.valueOf):
399         (toString.toString):
400         (toPrimitive.Symbol.toPrimitive):
401         (262.agent.receiveBroadcast):
402         * test262/test/built-ins/Atomics/wait/object-for-timeout.js:
403         (valueOf.valueOf):
404         (toString.toString):
405         (toPrimitive.Symbol.toPrimitive):
406         (getReport): Deleted.
407         (262.agent.start.262.agent.receiveBroadcast): Deleted.
408         * test262/test/built-ins/Atomics/wait/out-of-range-index-throws.js:
409         * test262/test/built-ins/Atomics/wait/poisoned-object-for-timeout-throws-agent.js: Added.
410         (getReport):
411         (262.agent.start.poisonedValueOf.valueOf):
412         (poisonedToPrimitive.Symbol.toPrimitive):
413         (262.agent.receiveBroadcast):
414         * test262/test/built-ins/Atomics/wait/poisoned-object-for-timeout-throws.js:
415         (poisonedValueOf.valueOf):
416         (poisonedToPrimitive.Symbol.toPrimitive):
417         (getReport): Deleted.
418         (262.agent.start.262.agent.receiveBroadcast): Deleted.
419         * test262/test/built-ins/Atomics/wait/symbol-for-index-throws-agent.js: Added.
420         (getReport):
421         (262.agent.start.poisonedValueOf.valueOf):
422         (poisonedToPrimitive.Symbol.toPrimitive):
423         (262.agent.receiveBroadcast):
424         * test262/test/built-ins/Atomics/wait/symbol-for-index-throws.js:
425         (poisonedToPrimitive.Symbol.toPrimitive):
426         (poisoned.valueOf): Deleted.
427         (poisonedWithString.get valueOf): Deleted.
428         (poisonedToPrimitive.get Symbol): Deleted.
429         * test262/test/built-ins/Atomics/wait/symbol-for-timeout-throws-agent.js: Added.
430         (getReport):
431         (262.agent.start.262.agent.receiveBroadcast):
432         * test262/test/built-ins/Atomics/wait/symbol-for-timeout-throws.js:
433         (poisonedValueOf.valueOf):
434         (poisonedToPrimitive.Symbol.toPrimitive):
435         (getReport): Deleted.
436         (262.agent.start.262.agent.receiveBroadcast): Deleted.
437         * test262/test/built-ins/Atomics/wait/symbol-for-value-throws-agent.js: Added.
438         (getReport):
439         (262.agent.start.poisonedValueOf.valueOf):
440         (poisonedToPrimitive.Symbol.toPrimitive):
441         (262.agent.receiveBroadcast):
442         * test262/test/built-ins/Atomics/wait/symbol-for-value-throws.js: Added.
443         (poisonedValueOf.valueOf):
444         (poisonedToPrimitive.Symbol.toPrimitive):
445         * test262/test/built-ins/Atomics/wait/true-for-timeout-agent.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/null-for-timeout.js.
446         (getReport):
447         (262.agent.start.valueOf.valueOf):
448         (toPrimitive.Symbol.toPrimitive):
449         (262.agent.receiveBroadcast):
450         * test262/test/built-ins/Atomics/wait/true-for-timeout.js:
451         (valueOf.valueOf):
452         (toPrimitive.Symbol.toPrimitive):
453         (getReport): Deleted.
454         (262.agent.start.262.agent.receiveBroadcast): Deleted.
455         * test262/test/built-ins/Atomics/wait/undefined-for-timeout.js:
456         (getReport):
457         * test262/test/built-ins/Atomics/wait/undefined-index-defaults-to-zero.js:
458         (262.agent.start.262.agent.receiveBroadcast):
459         (getReport):
460         * test262/test/built-ins/Atomics/wait/value-not-equal.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/wait-index-value-not-equal.js.
461         (getReport):
462         (262.agent.start.262.agent.receiveBroadcast):
463         * test262/test/built-ins/Atomics/wait/wait-index-value-not-equal.js:
464         (262.agent.start.262.agent.receiveBroadcast):
465         * test262/test/built-ins/Atomics/wait/waiterlist-block-indexedposition-wake.js: Added.
466         (getReport):
467         (262.agent.start.262.agent.receiveBroadcast):
468         * test262/test/built-ins/Atomics/wait/waiterlist-order-of-operations-is-fifo.js: Added.
469         (getReport):
470         (262.agent.start.262.agent.receiveBroadcast):
471         * test262/test/built-ins/Atomics/wait/was-woken-before-timeout.js:
472         (getReport):
473         (262.agent.start.262.agent.receiveBroadcast):
474         * test262/test/built-ins/Atomics/wait/was-woken.js:
475         (getReport):
476         (262.agent.start.262.agent.receiveBroadcast):
477         * test262/test/built-ins/Atomics/wake/bad-range.js:
478         (testWithTypedArrayConstructors):
479         * test262/test/built-ins/Atomics/wake/count-boundary-cases.js: Renamed from JSTests/test262/test/built-ins/Atomics/wake/counts.js.
480         * test262/test/built-ins/Atomics/wake/count-defaults-to-infinity-missing.js: Added.
481         (getReport):
482         (262.agent.start.262.agent.receiveBroadcast):
483         * test262/test/built-ins/Atomics/wake/count-defaults-to-infinity-undefined.js: Added.
484         (getReport):
485         (262.agent.start.262.agent.receiveBroadcast):
486         * test262/test/built-ins/Atomics/wake/count-from-nans.js: Added.
487         * test262/test/built-ins/Atomics/wake/count-symbol-throws.js: Added.
488         * test262/test/built-ins/Atomics/wake/count-tointeger-throws-then-wake-throws.js: Added.
489         (poisoned.valueOf):
490         * test262/test/built-ins/Atomics/wake/good-views.js:
491         * test262/test/built-ins/Atomics/wake/negative-count.js: Renamed from JSTests/test262/test/built-ins/Atomics/wake/wake-negative.js.
492         * test262/test/built-ins/Atomics/wake/negative-index-throws.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/negative-index-throws.js.
493         (poisoned.valueOf):
494         * test262/test/built-ins/Atomics/wake/non-int32-typedarray-throws.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/non-int32-typedarray-throws.js.
495         (poisoned.valueOf):
496         * test262/test/built-ins/Atomics/wake/non-shared-bufferdata-throws.js: Renamed from JSTests/test262/test/built-ins/Atomics/wait/nonshared-bufferdata-throws.js.
497         (poisoned.valueOf):
498         * test262/test/built-ins/Atomics/wake/non-views.js:
499         * test262/test/built-ins/Atomics/wake/nonshared-int-views.js:
500         (testWithTypedArrayConstructors):
501         * test262/test/built-ins/Atomics/wake/not-a-typedarray-throws.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/not-a-typedarray-throws.js.
502         (poisoned.valueOf):
503         * test262/test/built-ins/Atomics/wake/not-an-object-throws.js: Added.
504         (poisoned.valueOf):
505         * test262/test/built-ins/Atomics/wake/null-bufferdata-throws.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/null-bufferdata-throws.js.
506         (poisoned.valueOf):
507         * test262/test/built-ins/Atomics/wake/out-of-range-index-throws.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/out-of-range-index-throws.js.
508         (poisoned.valueOf):
509         * test262/test/built-ins/Atomics/wake/shared-nonint-views.js:
510         (testWithTypedArrayConstructors):
511         * test262/test/built-ins/Atomics/wake/symbol-for-index-throws.js: Added.
512         (poisonedValueOf.valueOf):
513         (poisonedToPrimitive.Symbol.toPrimitive):
514         * test262/test/built-ins/Atomics/wake/undefined-index-defaults-to-zero.js: Copied from JSTests/test262/test/built-ins/Atomics/wait/undefined-index-defaults-to-zero.js.
515         (262.agent.start.262.agent.receiveBroadcast):
516         (getReport):
517         * test262/test/built-ins/Atomics/wake/wake-all-on-loc.js:
518         (262.agent.start.262.agent.receiveBroadcast):
519         (getReport):
520         (waitUntil):
521         * test262/test/built-ins/Atomics/wake/wake-all.js:
522         (262.agent.start.262.agent.receiveBroadcast):
523         (getReport):
524         (waitUntil):
525         * test262/test/built-ins/Atomics/wake/wake-in-order.js:
526         (getReport):
527         (waitUntil):
528         * test262/test/built-ins/Atomics/wake/wake-nan.js:
529         (getReport):
530         * test262/test/built-ins/Atomics/wake/wake-one.js:
531         (getReport):
532         (waitUntil):
533         * test262/test/built-ins/Atomics/wake/wake-rewake-noop.js: Added.
534         (getReport):
535         (waitUntil):
536         (262.agent.start.262.agent.receiveBroadcast):
537         * test262/test/built-ins/Atomics/wake/wake-two.js:
538         (getReport):
539         * test262/test/built-ins/Atomics/wake/wake-with-no-agents-waiting.js: Added.
540         (262.agent.start.262.agent.receiveBroadcast):
541         (waitUntil):
542         * test262/test/built-ins/Atomics/wake/wake-with-no-matching-agents-waiting.js: Added.
543         (262.agent.start.262.agent.receiveBroadcast):
544         (waitUntil):
545         * test262/test/built-ins/Atomics/wake/wake-zero.js:
546         (i.262.agent.start.262.agent.receiveBroadcast):
547         (getReport):
548         (waitUntil):
549         * test262/test/built-ins/Atomics/xor/bad-range.js:
550         (testWithTypedArrayConstructors):
551         * test262/test/built-ins/Atomics/xor/good-views.js:
552         (testWithTypedArrayConstructors):
553         * test262/test/built-ins/Atomics/xor/non-views.js:
554         * test262/test/built-ins/Atomics/xor/nonshared-int-views.js:
555         (testWithTypedArrayConstructors):
556         * test262/test/built-ins/Atomics/xor/shared-nonint-views.js:
557         (testWithTypedArrayConstructors):
558         * test262/test/built-ins/BigInt/asIntN/bigint-tobigint-errors.js:
559         * test262/test/built-ins/BigInt/asIntN/bigint-tobigint-toprimitive.js:
560         * test262/test/built-ins/BigInt/asIntN/bigint-tobigint-wrapped-values.js:
561         * test262/test/built-ins/BigInt/asIntN/bits-toindex-errors.js:
562         * test262/test/built-ins/BigInt/asIntN/bits-toindex-toprimitive.js:
563         * test262/test/built-ins/BigInt/asIntN/bits-toindex-wrapped-values.js:
564         * test262/test/built-ins/BigInt/asUintN/bigint-tobigint-errors.js:
565         * test262/test/built-ins/BigInt/asUintN/bigint-tobigint-toprimitive.js:
566         * test262/test/built-ins/BigInt/asUintN/bigint-tobigint-wrapped-values.js:
567         * test262/test/built-ins/BigInt/asUintN/bits-toindex-errors.js:
568         * test262/test/built-ins/BigInt/asUintN/bits-toindex-toprimitive.js:
569         * test262/test/built-ins/BigInt/asUintN/bits-toindex-wrapped-values.js:
570         * test262/test/built-ins/BigInt/constructor-empty-string.js:
571         * test262/test/built-ins/BigInt/constructor-from-binary-string.js:
572         * test262/test/built-ins/BigInt/constructor-from-decimal-string.js:
573         * test262/test/built-ins/BigInt/constructor-from-hex-string.js:
574         * test262/test/built-ins/BigInt/constructor-from-octal-string.js:
575         * test262/test/built-ins/BigInt/constructor-from-string-syntax-errors.js:
576         * test262/test/built-ins/BigInt/constructor-integer.js: Added.
577         * test262/test/built-ins/BigInt/constructor-trailing-leading-spaces.js:
578         * test262/test/built-ins/BigInt/issafeinteger-true.js: Removed.
579         * test262/test/built-ins/BigInt/out-of-bounds-integer-rangeerror.js: Removed.
580         * test262/test/built-ins/BigInt/prototype/Symbol.toStringTag.js:
581         * test262/test/built-ins/BigInt/prototype/toString/default-radix.js: Added.
582         * test262/test/built-ins/BigInt/prototype/toString/thisbigintvalue-not-valid-throws.js:
583         * test262/test/built-ins/BigInt/prototype/valueOf/cross-realm.js: Added.
584         * test262/test/built-ins/BigInt/tostring-throws.js: Copied from JSTests/test262/test/built-ins/BigInt/value-of-throws.js.
585         * test262/test/built-ins/BigInt/valueof-throws.js: Renamed from JSTests/test262/test/built-ins/BigInt/value-of-throws.js.
586         (BigInt.valueOf):
587         * test262/test/built-ins/DataView/prototype/setBigInt64/set-values-return-undefined.js:
588         (values.forEach):
589         * test262/test/built-ins/Function/prototype/bind/length-exceeds-int32.js: Added.
590         (f):
591         * test262/test/built-ins/Function/prototype/toString/anonymous-intrinsics.js: Removed.
592         * test262/test/built-ins/Function/prototype/toString/bound-function.js:
593         (assertNativeFunction):
594         (let.f): Deleted.
595         * test262/test/built-ins/Function/prototype/toString/built-in-function-object.js: Added.
596         * test262/test/built-ins/Function/prototype/toString/intrinsics.js: Removed.
597         * test262/test/built-ins/Function/prototype/toString/proxy-arrow-function.js: Added.
598         (assertNativeFunction.new.Proxy):
599         * test262/test/built-ins/Function/prototype/toString/proxy-async-function.js: Added.
600         (assertNativeFunction.new.Proxy.async):
601         * test262/test/built-ins/Function/prototype/toString/proxy-async-generator-function.js: Added.
602         (assertNativeFunction.new.Proxy.async):
603         * test262/test/built-ins/Function/prototype/toString/proxy-async-generator-method-definition.js: Added.
604         (assertNativeFunction.new.Proxy.async.method):
605         (apply):
606         * test262/test/built-ins/Function/prototype/toString/proxy-async-method-definition.js: Added.
607         (assertNativeFunction.new.Proxy.async.method):
608         (apply):
609         * test262/test/built-ins/Function/prototype/toString/proxy-bound-function.js: Added.
610         (assertNativeFunction.new.Proxy):
611         (bind):
612         * test262/test/built-ins/Function/prototype/toString/proxy-class.js: Added.
613         (assertNativeFunction):
614         * test262/test/built-ins/Function/prototype/toString/proxy-function-expression.js: Added.
615         (assertNativeFunction.new.Proxy):
616         * test262/test/built-ins/Function/prototype/toString/proxy-generator-function.js: Added.
617         (assertNativeFunction.new.Proxy):
618         * test262/test/built-ins/Function/prototype/toString/proxy-method-definition.js: Added.
619         (assertNativeFunction.new.Proxy.method):
620         (apply):
621         * test262/test/built-ins/Function/prototype/toString/proxy-non-callable-throws.js: Added.
622         * test262/test/built-ins/Function/prototype/toString/proxy.js: Removed.
623         * test262/test/built-ins/Function/prototype/toString/well-known-intrinsic-object-functions.js: Added.
624         (WellKnownIntrinsicObjects.forEach):
625         * test262/test/built-ins/JSON/prop-desc.js: Added.
626         * test262/test/built-ins/Math/acosh/nan-returns.js:
627         * test262/test/built-ins/Math/asinh/asinh-specialVals.js:
628         * test262/test/built-ins/Math/atanh/atanh-specialVals.js:
629         * test262/test/built-ins/Math/cbrt/cbrt-specialValues.js:
630         * test262/test/built-ins/Math/cbrt/prop-desc.js:
631         * test262/test/built-ins/Math/cosh/cosh-specialVals.js:
632         * test262/test/built-ins/Math/expm1/expm1-specialVals.js:
633         * test262/test/built-ins/Math/log10/Log10-specialVals.js:
634         * test262/test/built-ins/Math/log2/log2-basicTests.js:
635         * test262/test/built-ins/Math/prop-desc.js:
636         * test262/test/built-ins/Math/sign/sign-specialVals.js:
637         * test262/test/built-ins/Math/sinh/sinh-specialVals.js:
638         * test262/test/built-ins/Math/tanh/tanh-specialVals.js:
639         * test262/test/built-ins/Math/trunc/trunc-sampleTests.js:
640         * test262/test/built-ins/Math/trunc/trunc-specialVals.js:
641         * test262/test/built-ins/Object/assign/strings-and-symbol-order.js: Added.
642         * test262/test/built-ins/Object/keys/property-traps-order-with-proxied-array.js: Added.
643         (get t):
644         * test262/test/built-ins/Reflect/Reflect.js: Removed.
645         * test262/test/built-ins/Reflect/prop-desc.js: Added.
646         * test262/test/built-ins/Reflect/properties.js: Removed.
647         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/internal-regexp-lastindex-not-zero.js: Added.
648         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/isregexp-internal-regexp-is-false.js: Added.
649         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/isregexp-internal-regexp-throws.js: Added.
650         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/isregexp-this-throws.js: Added.
651         (obj.get Symbol):
652         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/length.js: Added.
653         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/name.js: Added.
654         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/prop-desc.js: Added.
655         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/regexpcreate-this-throws.js: Added.
656         (obj.toString):
657         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-get-constructor-throws.js: Added.
658         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-get-species-throws.js: Added.
659         (regexp.get Symbol):
660         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-is-not-object-throws.js: Added.
661         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-is-undefined.js: Added.
662         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-species-is-not-constructor.js: Added.
663         (callMatchAll):
664         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-species-is-null-or-undefined.js: Added.
665         (TestWithConstructor):
666         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor-species-throws.js: Added.
667         (regexp.Symbol.species):
668         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-constructor.js: Added.
669         (regexp.Symbol.species):
670         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-regexp-get-global-throws.js: Added.
671         (regexp.Symbol.species):
672         (get assert):
673         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/species-regexp-get-unicode-throws.js: Added.
674         (regexp.Symbol.species):
675         (get assert):
676         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/string-tostring-throws.js: Added.
677         (obj.valueOf):
678         (obj.toString):
679         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/string-tostring.js: Added.
680         (obj.toString):
681         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-get-flags-throws.js: Added.
682         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-get-flags.js: Added.
683         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-lastindex-cached.js: Added.
684         (regexp.lastIndex.valueOf):
685         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-not-object-throws.js: Added.
686         (callMatchAll):
687         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-tolength-lastindex-throws.js: Added.
688         (regexp.lastIndex.valueOf):
689         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-tostring-flags-throws.js: Added.
690         (value.valueOf):
691         (value.toString):
692         * test262/test/built-ins/RegExp/prototype/Symbol.matchAll/this-tostring-flags.js: Added.
693         (value.toString):
694         * test262/test/built-ins/RegExpStringIteratorPrototype/Symbol.toStringTag.js: Added.
695         * test262/test/built-ins/RegExpStringIteratorPrototype/ancestry.js: Added.
696         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec-call-throws.js: Added.
697         (RegExp.prototype.exec):
698         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec-get-throws.js: Added.
699         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec-match-get-0-throws.js: Added.
700         (return.get string_appeared_here):
701         (RegExp.prototype.exec):
702         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec-match-get-0-tostring-throws.js: Added.
703         (return.toString):
704         (RegExp.prototype.exec):
705         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec-match-get-0-tostring.js: Added.
706         (execResult.get string_appeared_here):
707         (RegExp.prototype.exec):
708         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec-not-callable.js: Added.
709         (TestWithRegExpExec):
710         * test262/test/built-ins/RegExpStringIteratorPrototype/next/custom-regexpexec.js: Added.
711         (callNextWithExecReturnValue.RegExp.prototype.exec):
712         (callNextWithExecReturnValue):
713         * test262/test/built-ins/RegExpStringIteratorPrototype/next/length.js: Added.
714         * test262/test/built-ins/RegExpStringIteratorPrototype/next/name.js: Added.
715         * test262/test/built-ins/RegExpStringIteratorPrototype/next/next-iteration-global.js: Added.
716         * test262/test/built-ins/RegExpStringIteratorPrototype/next/next-iteration.js: Added.
717         * test262/test/built-ins/RegExpStringIteratorPrototype/next/next-missing-internal-slots.js: Added.
718         * test262/test/built-ins/RegExpStringIteratorPrototype/next/prop-desc.js: Added.
719         * test262/test/built-ins/RegExpStringIteratorPrototype/next/regexp-tolength-lastindex-throws.js: Added.
720         (RegExp.prototype.exec):
721         * test262/test/built-ins/RegExpStringIteratorPrototype/next/this-is-not-object-throws.js: Added.
722         (callNext):
723         * test262/test/built-ins/String/prototype/matchAll/length.js: Added.
724         * test262/test/built-ins/String/prototype/matchAll/name.js: Added.
725         * test262/test/built-ins/String/prototype/matchAll/prop-desc.js: Added.
726         * test262/test/built-ins/String/prototype/matchAll/regexp-get-matchAll-throws.js: Added.
727         * test262/test/built-ins/String/prototype/matchAll/regexp-is-null.js: Added.
728         * test262/test/built-ins/String/prototype/matchAll/regexp-is-undefined.js: Added.
729         * test262/test/built-ins/String/prototype/matchAll/regexp-matchAll-invocation.js: Added.
730         (obj.Symbol.matchAll):
731         * test262/test/built-ins/String/prototype/matchAll/regexp-matchAll-throws.js: Added.
732         (regexp.Symbol.matchAll):
733         * test262/test/built-ins/String/prototype/matchAll/regexp-prototype-get-matchAll-throws.js: Added.
734         * test262/test/built-ins/String/prototype/matchAll/regexp-prototype-has-no-matchAll.js: Added.
735         * test262/test/built-ins/String/prototype/matchAll/regexp-prototype-matchAll-invocation.js: Added.
736         (RegExp.prototype.Symbol.matchAll):
737         * test262/test/built-ins/String/prototype/matchAll/regexp-prototype-matchAll-throws.js: Added.
738         (RegExp.prototype.Symbol.matchAll):
739         * test262/test/built-ins/String/prototype/matchAll/this-val-non-obj-coercible.js: Added.
740         * test262/test/built-ins/Symbol/matchAll/cross-realm.js: Added.
741         * test262/test/built-ins/Symbol/matchAll/prop-desc.js: Added.
742         * test262/test/harness/testTypedArray.js:
743         * test262/test/intl402/Array/prototype/toLocaleString/calls-toLocaleString-number-elements.js: Added.
744         * test262/test/intl402/Intl/getCanonicalLocales/invalid-tags.js:
745         * test262/test/intl402/Locale/constructor-newtarget-undefined.js: Added.
746         * test262/test/intl402/Locale/constructor-options-calendar-invalid.js: Added.
747         (const.invalidCalendarOption.of.invalidCalendarOptions.new.Intl.Locale):
748         * test262/test/intl402/Locale/constructor-options-calendar-valid.js: Added.
749         * test262/test/intl402/Locale/constructor-options-language-invalid.js: Added.
750         (const.invalidLanguageOption.of.invalidLanguageOptions.new.Intl.Locale):
751         * test262/test/intl402/Locale/constructor-options-language-valid.js: Added.
752         (toString):
753         * test262/test/intl402/Locale/constructor-options-region-invalid.js: Added.
754         (const.invalidRegionOption.of.invalidRegionOptions.new.Intl.Locale):
755         * test262/test/intl402/Locale/constructor-options-region-valid.js: Added.
756         * test262/test/intl402/Locale/constructor-options-script-invalid.js: Added.
757         (const.invalidScriptOption.of.invalidScriptOptions.new.Intl.Locale):
758         * test262/test/intl402/Locale/constructor-options-script-valid.js: Added.
759         (toString):
760         * test262/test/intl402/Locale/function-prototype.js: Added.
761         * test262/test/intl402/Locale/instance-extensibility.js: Added.
762         * test262/test/intl402/Locale/instance.js: Added.
763         * test262/test/intl402/Locale/invalid-tag-throws-boolean.js: Added.
764         * test262/test/intl402/Locale/invalid-tag-throws-null.js: Added.
765         * test262/test/intl402/Locale/invalid-tag-throws-number.js: Added.
766         * test262/test/intl402/Locale/invalid-tag-throws-symbol.js: Added.
767         * test262/test/intl402/Locale/invalid-tag-throws-undefined.js: Added.
768         * test262/test/intl402/Locale/invalid-tag-throws.js: Added.
769         (const.invalidTag.of.getInvalidLanguageTags):
770         * test262/test/intl402/Locale/length.js: Added.
771         * test262/test/intl402/Locale/name.js: Added.
772         * test262/test/intl402/Locale/prop-desc.js: Added.
773         * test262/test/intl402/Locale/prototype/constructor.js: Added.
774         * test262/test/intl402/Locale/prototype/maximize/length.js: Added.
775         * test262/test/intl402/Locale/prototype/maximize/name.js: Added.
776         * test262/test/intl402/Locale/prototype/maximize/prop-desc.js: Added.
777         * test262/test/intl402/Locale/prototype/prop-desc.js: Added.
778         * test262/test/intl402/Locale/prototype/toStringTag.js: Added.
779         * test262/test/intl402/TypedArray/prototype/toLocaleString/calls-toLocaleString-number-elements.js: Added.
780         (testWithTypedArrayConstructors):
781         * test262/test/language/asi/S7.9_A11_T8.js:
782         (else.x.1): Deleted.
783         * test262/test/language/asi/S7.9_A4.js:
784         (catch):
785         * test262/test/language/asi/S7.9_A5.1_T1.js:
786         * test262/test/language/asi/S7.9_A5.3_T1.js:
787         * test262/test/language/block-scope/syntax/redeclaration/function-declaration-attempt-to-redeclare-with-var-declaration-nested-in-function.js: Added.
788         (g.f):
789         (g):
790         * test262/test/language/destructuring/binding/initialization-requires-object-coercible-null.js:
791         * test262/test/language/destructuring/binding/initialization-requires-object-coercible-undefined.js:
792         * test262/test/language/destructuring/binding/initialization-returns-normal-completion-for-empty-objects.js:
793         * test262/test/language/destructuring/binding/syntax/array-elements-with-initializer.js:
794         * test262/test/language/destructuring/binding/syntax/array-elements-with-object-patterns.js:
795         * test262/test/language/destructuring/binding/syntax/array-elements-without-initializer.js:
796         * test262/test/language/destructuring/binding/syntax/array-pattern-with-elisions.js:
797         * test262/test/language/destructuring/binding/syntax/array-pattern-with-no-elements.js:
798         * test262/test/language/destructuring/binding/syntax/array-rest-elements.js:
799         * test262/test/language/destructuring/binding/syntax/object-pattern-with-no-property-list.js:
800         * test262/test/language/destructuring/binding/syntax/property-list-bindings-elements.js:
801         * test262/test/language/destructuring/binding/syntax/property-list-followed-by-a-single-comma.js:
802         * test262/test/language/destructuring/binding/syntax/property-list-single-name-bindings.js:
803         * test262/test/language/destructuring/binding/syntax/property-list-with-property-list.js:
804         * test262/test/language/destructuring/binding/syntax/recursive-array-and-object-patterns.js:
805         * test262/test/language/eval-code/direct/block-decl-eval-source-is-strict-nostrict.js: Copied from JSTests/test262/test/language/eval-code/direct/block-decl-strict-source.js.
806         * test262/test/language/eval-code/direct/block-decl-eval-source-is-strict-onlystrict.js: Renamed from JSTests/test262/test/language/eval-code/direct/block-decl-strict-source.js.
807         (catch):
808         * test262/test/language/eval-code/direct/block-decl-onlystrict.js: Renamed from JSTests/test262/test/language/eval-code/direct/block-decl-strict-caller.js.
809         * test262/test/language/eval-code/direct/switch-case-decl-eval-source-is-strict-nostrict.js: Renamed from JSTests/test262/test/language/eval-code/direct/switch-case-decl-strict-source.js.
810         * test262/test/language/eval-code/direct/switch-case-decl-eval-source-is-strict-onlystrict.js: Copied from JSTests/test262/test/language/eval-code/direct/switch-case-decl-strict-caller.js.
811         (catch):
812         * test262/test/language/eval-code/direct/switch-case-decl-onlystrict.js: Renamed from JSTests/test262/test/language/eval-code/direct/switch-case-decl-strict-caller.js.
813         * test262/test/language/eval-code/direct/switch-dflt-decl-eval-source-is-strict-nostrict.js: Renamed from JSTests/test262/test/language/eval-code/direct/switch-dflt-decl-strict-source.js.
814         * test262/test/language/eval-code/direct/switch-dflt-decl-eval-source-is-strict-onlystrict.js: Copied from JSTests/test262/test/language/eval-code/direct/switch-dflt-decl-strict-caller.js.
815         (catch):
816         * test262/test/language/eval-code/direct/switch-dflt-decl-onlystrict.js: Renamed from JSTests/test262/test/language/eval-code/direct/switch-dflt-decl-strict-caller.js.
817         * test262/test/language/expressions/async-arrow-function/await-as-param-ident-nested-arrow-parameter-position.js: Added.
818         (async):
819         * test262/test/language/expressions/async-arrow-function/await-as-param-nested-arrow-body-position.js: Added.
820         (async):
821         * test262/test/language/expressions/async-arrow-function/await-as-param-nested-arrow-parameter-position.js: Added.
822         (async.a):
823         * test262/test/language/expressions/async-arrow-function/await-as-param-rest-nested-arrow-parameter-position.js: Added.
824         (async.a):
825         * test262/test/language/expressions/async-arrow-function/escaped-async-line-terminator.js: Added.
826         * test262/test/language/expressions/async-generator/generator-created-after-decl-inst.js: Added.
827         (g.async.a):
828         * test262/test/language/expressions/class/class-name-ident-await-escaped-module.js: Added.
829         (C):
830         * test262/test/language/expressions/class/class-name-ident-await-escaped.js: Added.
831         (C):
832         * test262/test/language/expressions/class/class-name-ident-await-module.js: Added.
833         (C):
834         * test262/test/language/expressions/class/class-name-ident-await.js: Added.
835         (C):
836         * test262/test/language/expressions/class/class-name-ident-let-escaped.js: Added.
837         (C):
838         * test262/test/language/expressions/class/class-name-ident-let.js: Added.
839         (C):
840         * test262/test/language/expressions/class/class-name-ident-static-escaped.js: Added.
841         (C):
842         * test262/test/language/expressions/class/class-name-ident-static.js: Added.
843         * test262/test/language/expressions/class/class-name-ident-yield-escaped.js: Added.
844         (C):
845         * test262/test/language/expressions/class/class-name-ident-yield.js: Added.
846         (C):
847         * test262/test/language/expressions/class/constructor-this-tdz-during-initializers.js: Added.
848         (Base):
849         (C):
850         * test262/test/language/expressions/class/fields-run-once-on-double-super.js: Added.
851         (Base):
852         (C):
853         * test262/test/language/expressions/generators/generator-created-after-decl-inst.js: Added.
854         (g):
855         * test262/test/language/expressions/greater-than-or-equal/bigint-and-incomparable-string.js: Added.
856         * test262/test/language/expressions/greater-than-or-equal/bigint-and-string.js: Added.
857         * test262/test/language/expressions/greater-than/bigint-and-boolean.js: Added.
858         * test262/test/language/expressions/greater-than/bigint-and-incomparable-string.js: Added.
859         * test262/test/language/expressions/greater-than/bigint-and-string.js: Added.
860         * test262/test/language/expressions/less-than-or-equal/bigint-and-incomparable-string.js: Added.
861         * test262/test/language/expressions/less-than-or-equal/bigint-and-string.js: Added.
862         * test262/test/language/expressions/less-than/bigint-and-boolean.js: Added.
863         * test262/test/language/expressions/less-than/bigint-and-incomparable-string.js: Added.
864         * test262/test/language/expressions/less-than/bigint-and-string.js: Added.
865         * test262/test/language/expressions/object/method-definition/generator-super-prop-param.js:
866         * test262/test/language/function-code/block-decl-onlystrict.js: Renamed from JSTests/test262/test/language/function-code/block-decl-strict.js.
867         * test262/test/language/function-code/switch-case-decl-onlystrict.js: Renamed from JSTests/test262/test/language/function-code/switch-case-decl-strict.js.
868         * test262/test/language/function-code/switch-dflt-decl-onlystrict.js: Renamed from JSTests/test262/test/language/function-code/switch-dflt-decl-strict.js.
869         * test262/test/language/line-terminators/S7.3_A2.3.js: Removed.
870         * test262/test/language/line-terminators/S7.3_A2.4.js: Removed.
871         * test262/test/language/literals/regexp/invalid-optional-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
872         * test262/test/language/literals/regexp/invalid-optional-negative-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
873         * test262/test/language/literals/regexp/invalid-range-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
874         * test262/test/language/literals/regexp/invalid-range-negative-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
875         * test262/test/language/literals/regexp/u-invalid-optional-lookahead.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
876         * test262/test/language/literals/regexp/u-invalid-optional-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
877         * test262/test/language/literals/regexp/u-invalid-optional-negative-lookahead.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
878         * test262/test/language/literals/regexp/u-invalid-optional-negative-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
879         * test262/test/language/literals/regexp/u-invalid-range-lookahead.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
880         * test262/test/language/literals/regexp/u-invalid-range-lookbehind.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
881         * test262/test/language/literals/regexp/u-invalid-range-negative-lookahead.js: Copied from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
882         * test262/test/language/literals/regexp/u-invalid-range-negative-lookbehind.js: Renamed from JSTests/test262/test/language/literals/regexp/u-invalid-quantifiable-assertion.js.
883         * test262/test/language/literals/string/line-separator-eval.js: Added.
884         * test262/test/language/literals/string/line-separator.js: Added.
885         * test262/test/language/literals/string/paragraph-separator-eval.js: Added.
886         * test262/test/language/literals/string/paragraph-separator.js: Added.
887         * test262/test/language/module-code/early-strict-mode.js:
888         * test262/test/language/statements/async-generator/generator-created-after-decl-inst.js: Added.
889         (async.g):
890         * test262/test/language/statements/break/S12.8_A8_T1.js:
891         (catch):
892         * test262/test/language/statements/break/S12.8_A8_T2.js:
893         (catch):
894         * test262/test/language/statements/class/class-name-ident-await-escaped-module.js: Added.
895         (aw):
896         * test262/test/language/statements/class/class-name-ident-await-escaped.js: Added.
897         (aw):
898         * test262/test/language/statements/class/class-name-ident-await-module.js: Added.
899         (await):
900         * test262/test/language/statements/class/class-name-ident-await.js: Added.
901         (await):
902         * test262/test/language/statements/class/class-name-ident-let-escaped.js: Added.
903         (l):
904         * test262/test/language/statements/class/class-name-ident-let.js: Added.
905         (let):
906         * test262/test/language/statements/class/class-name-ident-static-escaped.js: Added.
907         (st):
908         * test262/test/language/statements/class/class-name-ident-static.js: Added.
909         * test262/test/language/statements/class/class-name-ident-yield-escaped.js: Added.
910         (yi):
911         * test262/test/language/statements/class/class-name-ident-yield.js: Added.
912         (yield):
913         * test262/test/language/statements/continue/S12.7_A8_T1.js:
914         (catch):
915         * test262/test/language/statements/continue/S12.7_A8_T2.js:
916         (catch):
917         * test262/test/language/statements/generators/generator-created-after-decl-inst.js: Added.
918         (g):
919         * test262/test/language/statements/try/early-catch-duplicates.js:
920         * test262/test/language/statements/try/early-catch-function.js: Added.
921         (f.catch.e):
922         (f):
923         * test262/test/language/statements/try/early-catch-lex.js:
924         * test262/test/language/statements/try/early-catch-var.js:
925         * test262/test262-Revision.txt:
926
927 2018-05-09  Caio Lima  <ticaiolima@gmail.com>
928
929         [ESNext][BigInt] Implement support for "==" operation
930         https://bugs.webkit.org/show_bug.cgi?id=184474
931
932         Reviewed by Yusuke Suzuki.
933
934         * stress/big-int-equals-basic.js: Added.
935         * stress/big-int-equals-to-primitive-precedence.js: Added.
936         * stress/big-int-equals-wrapped-value.js: Added.
937
938 2018-05-08  Valerie R Young  <valerie@bocoup.com>
939
940         test262/Runner.pm: move input files to JSTests/test262
941         https://bugs.webkit.org/show_bug.cgi?id=185389
942
943         Reviewed by Michael Saboff.
944
945         * test262/config.yaml: Renamed from Tools/Scripts/test262/config.yaml.
946         * test262/expectations.yaml: Renamed from Tools/Scripts/test262/expectations.yaml.
947
948 2018-05-05  Filip Pizlo  <fpizlo@apple.com>
949
950         DFG AI should have O(1) clobbering
951         https://bugs.webkit.org/show_bug.cgi?id=185287
952
953         Reviewed by Saam Barati.
954
955         * stress/simple-ai-effect.js: Added.
956         (bar):
957         (foo):
958
959 2018-05-04  Keith Miller  <keith_miller@apple.com>
960
961         isCacheableArrayLength should return true for undecided arrays
962         https://bugs.webkit.org/show_bug.cgi?id=185309
963
964         Reviewed by Michael Saboff.
965
966         * stress/get-array-length-undecided.js: Added.
967         (test):
968
969 2018-05-04  Dominik Infuehr  <dinfuehr@igalia.com>
970
971         Disable tests on systems with limited memory
972         https://bugs.webkit.org/show_bug.cgi?id=185296
973
974         Reviewed by Saam Barati.
975
976         Test doesn't work with a limited amount of memory. I tried to reduce memory usage
977         but then it was hard to reproduce the failure the test was originally made to test.
978
979         * stress/array-reverse-doesnt-clobber.js:
980
981 2018-05-03  Saam Barati  <sbarati@apple.com>
982
983         Don't prevent CreateThis being folded to NewObject when the structure is poly proto
984         https://bugs.webkit.org/show_bug.cgi?id=185177
985
986         Reviewed by Filip Pizlo.
987
988         * microbenchmarks/construct-poly-proto-object.js: Added.
989         (foo.A):
990         (foo):
991         * stress/allocation-sinking-new-object-with-poly-proto.js: Added.
992         (foo.A):
993         (foo):
994         (makePolyProto):
995         (bar):
996         (baz):
997
998 2018-05-03  Michael Saboff  <msaboff@apple.com>
999
1000         OSR entry pruning of Program Bytecodes doesn't take into account try/catch
1001         https://bugs.webkit.org/show_bug.cgi?id=185281
1002
1003         Reviewed by Saam Barati.
1004
1005         New regression test.
1006
1007         * stress/baseline-osrentry-catch-is-reachable.js: Added.
1008         (i.j.catch):
1009
1010 2018-05-03  Ryan Haddad  <ryanhaddad@apple.com>
1011
1012         Unreviewed, rolling out r231197.
1013
1014         The test added with this change crashes on the 32-bit JSC bot.
1015
1016         Reverted changeset:
1017
1018         "Correctly detect string overflow when using the 'Function'
1019         constructor"
1020         https://bugs.webkit.org/show_bug.cgi?id=184883
1021         https://trac.webkit.org/changeset/231197
1022
1023 2018-05-02  Filip Pizlo  <fpizlo@apple.com>
1024
1025         JSC should know how to cache custom getter accesses on the prototype chain
1026         https://bugs.webkit.org/show_bug.cgi?id=185213
1027
1028         Reviewed by Keith Miller.
1029
1030         * microbenchmarks/get-custom-getter.js: Added.
1031         (test):
1032
1033 2018-05-02  Robin Morisset  <rmorisset@apple.com>
1034
1035         emitCodeToGetArgumentsArrayLength should not crash on PhantomNewArrayWithSpread
1036         https://bugs.webkit.org/show_bug.cgi?id=183172
1037
1038         Reviewed by Filip Pizlo.
1039
1040         * stress/length-of-new-array-with-spread.js: Added.
1041         (foo):
1042         (bar):
1043         (baz):
1044
1045 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1046
1047         [JSC] Add SameValue DFG node
1048         https://bugs.webkit.org/show_bug.cgi?id=185065
1049
1050         Reviewed by Saam Barati.
1051
1052         * microbenchmarks/object-is.js: Added.
1053         (incognito):
1054         (sameValue):
1055         (test1):
1056         (test2):
1057         (test3):
1058         (test4):
1059         (test5):
1060         (test6):
1061         * stress/object-is.js: Added.
1062         (shouldBe):
1063         (is1):
1064         (is2):
1065         (is3):
1066         (is4):
1067         (is5):
1068         (is6):
1069         (is7):
1070         (is8):
1071         (is9):
1072         (is10):
1073         (is11):
1074         (is12):
1075         (is13):
1076         (is14):
1077         (is15):
1078
1079 2018-05-01  Robin Morisset  <rmorisset@apple.com>
1080
1081         Correctly detect string overflow when using the 'Function' constructor
1082         https://bugs.webkit.org/show_bug.cgi?id=184883
1083         <rdar://problem/36320331>
1084
1085         Reviewed by Filip Pizlo.
1086
1087         I put this regression test in the 'slowMicrobenchmarks' directory because it takes nearly 30s to run, and I am not sure where else to put it.
1088
1089         * slowMicrobenchmarks/function-constructor-with-huge-strings.js: Added.
1090         (catch):
1091
1092 2018-05-01  Robin Morisset  <rmorisset@apple.com>
1093
1094         IntlObject.cpp::removeUnicodeLocaleExtension() should not touch locales that end in '-u'
1095         https://bugs.webkit.org/show_bug.cgi?id=185162
1096
1097         Reviewed by Filip Pizlo.
1098
1099         * stress/incomplete-unicode-locale.js: Added.
1100         (catch):
1101
1102 2018-05-01  Dominik Infuehr  <dinfuehr@igalia.com>
1103
1104         Add SetCallee as DFG-Operation
1105         https://bugs.webkit.org/show_bug.cgi?id=184582
1106
1107         Reviewed by Filip Pizlo.
1108
1109         Added test that runs into infinite loop without updating the callee and
1110         therefore emitting SetCallee in DFG for recursive tail calls.
1111
1112         * stress/closure-recursive-tail-call-infinite-loop.js: Added.
1113         (Foo):
1114         (second):
1115         (first):
1116         (return.closure):
1117         (createClosure):
1118
1119 2018-04-30  Saam Barati  <sbarati@apple.com>
1120
1121         ToString constant folds without preserving checks, causing us to break assumptions that the code would OSR exit
1122         https://bugs.webkit.org/show_bug.cgi?id=185149
1123         <rdar://problem/39455917>
1124
1125         Reviewed by Filip Pizlo.
1126
1127         * stress/keep-checks-when-converting-to-lazy-js-constant-in-strength-reduction.js: Added.
1128
1129 2018-04-29  Filip Pizlo  <fpizlo@apple.com>
1130
1131         LICM shouldn't hoist nodes if hoisted nodes exited in that code block
1132         https://bugs.webkit.org/show_bug.cgi?id=185126
1133
1134         Reviewed by Saam Barati.
1135         
1136         I found this bug by accident when I was writing this test for something else.
1137         
1138         This change also speeds up other benchmarks of this case that we already had. They are all called
1139         the licm-dragons tests.
1140
1141         * microbenchmarks/licm-dragons-two-structures.js: Added.
1142         (foo):
1143
1144 2018-04-29  Commit Queue  <commit-queue@webkit.org>
1145
1146         Unreviewed, rolling out r231137.
1147         https://bugs.webkit.org/show_bug.cgi?id=185118
1148
1149         It is breaking Test262 language/expressions/multiplication
1150         /order-of-evaluation.js (Requested by caiolima on #webkit).
1151
1152         Reverted changeset:
1153
1154         "[ESNext][BigInt] Implement support for "*" operation"
1155         https://bugs.webkit.org/show_bug.cgi?id=183721
1156         https://trac.webkit.org/changeset/231137
1157
1158 2018-04-28  Saam Barati  <sbarati@apple.com>
1159
1160         We don't model regexp effects properly
1161         https://bugs.webkit.org/show_bug.cgi?id=185059
1162         <rdar://problem/39736150>
1163
1164         Reviewed by Filip Pizlo.
1165
1166         * stress/regexp-exec-test-effectful-last-index.js: Added.
1167         (assert):
1168         (foo):
1169         (i.regexLastIndex.toString):
1170         (bar):
1171
1172 2018-04-28  Rick Waldron  <waldron.rick@gmail.com>
1173
1174         Token misspelled "tocken" in error message string
1175         https://bugs.webkit.org/show_bug.cgi?id=185030
1176
1177         Reviewed by Saam Barati.
1178
1179         * ChakraCore/test/Basics/IdsWithEscapes.baseline-jsc: Fix typo "tocken" => "token"
1180         * stress/destructuring-assignment-syntax.js: Fix typo "tocken" => "token"
1181         * stress/error-messages-for-in-operator-should-not-crash.js: Fix typo "tocken" => "token"
1182         * stress/reserved-word-with-escape.js: Fix typo "tocken" => "token"
1183         (testSyntaxError.String.raw.v):
1184         (String.raw.SyntaxError.Cannot.use.the.keyword.string_appeared_here.as.a.name):
1185         (testSyntaxError.String.raw.a):
1186
1187 2018-04-28  Caio Lima  <ticaiolima@gmail.com>
1188
1189         [ESNext][BigInt] Implement support for "*" operation
1190         https://bugs.webkit.org/show_bug.cgi?id=183721
1191
1192         Reviewed by Saam Barati.
1193
1194         * bigIntTests.yaml:
1195         * stress/big-int-mul-jit.js: Added.
1196         * stress/big-int-mul-to-primitive-precedence.js: Added.
1197         * stress/big-int-mul-to-primitive.js: Added.
1198         * stress/big-int-mul-type-error.js: Added.
1199         * stress/big-int-mul-wrapped-value.js: Added.
1200         * stress/big-int-multiplication.js: Added.
1201         * stress/big-int-multiply-memory-stress.js: Added.
1202
1203 2018-04-28  Commit Queue  <commit-queue@webkit.org>
1204
1205         Unreviewed, rolling out r231131.
1206         https://bugs.webkit.org/show_bug.cgi?id=185112
1207
1208         It is breaking Debug build due to unchecked exception
1209         (Requested by caiolima on #webkit).
1210
1211         Reverted changeset:
1212
1213         "[ESNext][BigInt] Implement support for "*" operation"
1214         https://bugs.webkit.org/show_bug.cgi?id=183721
1215         https://trac.webkit.org/changeset/231131
1216
1217 2018-04-27  Caio Lima  <ticaiolima@gmail.com>
1218
1219         [ESNext][BigInt] Implement support for "*" operation
1220         https://bugs.webkit.org/show_bug.cgi?id=183721
1221
1222         Reviewed by Saam Barati.
1223
1224         * bigIntTests.yaml:
1225         * stress/big-int-mul-jit.js: Added.
1226         * stress/big-int-mul-to-primitive-precedence.js: Added.
1227         * stress/big-int-mul-to-primitive.js: Added.
1228         * stress/big-int-mul-type-error.js: Added.
1229         * stress/big-int-mul-wrapped-value.js: Added.
1230         * stress/big-int-multiplication.js: Added.
1231         * stress/big-int-multiply-memory-stress.js: Added.
1232
1233 2018-04-27  Ryan Haddad  <ryanhaddad@apple.com>
1234
1235         Unreviewed, rolling out r231086.
1236
1237         Caused JSC test failures due to an unchecked exception.
1238
1239         Reverted changeset:
1240
1241         "[ESNext][BigInt] Implement support for "*" operation"
1242         https://bugs.webkit.org/show_bug.cgi?id=183721
1243         https://trac.webkit.org/changeset/231086
1244
1245 2018-04-27  Ryan Haddad  <ryanhaddad@apple.com>
1246
1247         Unreviewed test gardening, update expectations for test262/intl402/PluralRules tests after r231047.
1248
1249         * test262.yaml: Mark tests as passing.
1250
1251 2018-04-26  Caio Lima  <ticaiolima@gmail.com>
1252
1253         [ESNext][BigInt] Implement support for "*" operation
1254         https://bugs.webkit.org/show_bug.cgi?id=183721
1255
1256         Reviewed by Saam Barati.
1257
1258         * bigIntTests.yaml:
1259         * stress/big-int-mul-jit.js: Added.
1260         * stress/big-int-mul-to-primitive-precedence.js: Added.
1261         * stress/big-int-mul-to-primitive.js: Added.
1262         * stress/big-int-mul-type-error.js: Added.
1263         * stress/big-int-mul-wrapped-value.js: Added.
1264         * stress/big-int-multiplication.js: Added.
1265         * stress/big-int-multiply-memory-stress.js: Added.
1266
1267 2018-04-25  Robin Morisset  <rmorisset@apple.com>
1268
1269         In FTLLowerDFGToB3.cpp::compileCreateRest, always use a contiguous array as the indexing type when under isWatchingHavingABadTimeWatchpoint
1270         https://bugs.webkit.org/show_bug.cgi?id=184773
1271         <rdar://problem/37773612>
1272
1273         Reviewed by Filip Pizlo.
1274
1275         This bug requires a race between the thread doing FTL compilation and the main thread, but it triggers in 100% of cases (before the fix) on my machine
1276         so I decided to add it to the stress tests nonetheless.
1277
1278         * stress/create-rest-while-having-a-bad-time.js: Added.
1279         (f):
1280         (g):
1281         (h):
1282
1283 2018-04-25  Keith Miller  <keith_miller@apple.com>
1284
1285         Add missing scope release to functionProtoFuncToString
1286         https://bugs.webkit.org/show_bug.cgi?id=184995
1287
1288         Reviewed by Saam Barati.
1289
1290         * stress/function-toString-arrow.js: Added.
1291         (async):
1292
1293 2018-04-24  Keith Miller  <keith_miller@apple.com>
1294
1295         fromCharCode is missing some exception checks
1296         https://bugs.webkit.org/show_bug.cgi?id=184952
1297
1298         Reviewed by Saam Barati.
1299
1300         * stress/fromCharCode-exception-check.js: Added.
1301         (get catch):
1302
1303 2018-04-24  Mark Lam  <mark.lam@apple.com>
1304
1305         Gardening: test fix after r230863.
1306         https://bugs.webkit.org/show_bug.cgi?id=184846
1307         <rdar://problem/39390672>
1308
1309         Not reviewed.
1310
1311         * stress/json-stringified-overflow-2.js:
1312         (catch):
1313         * stress/json-stringified-overflow.js:
1314         (catch):
1315
1316 2018-04-20  JF Bastien  <jfbastien@apple.com>
1317
1318         Handle more JSON stringify OOM
1319         https://bugs.webkit.org/show_bug.cgi?id=184846
1320         <rdar://problem/39390672>
1321
1322         Reviewed by Mark Lam.
1323
1324         * stress/json-stringified-overflow-2.js: Added. Same as the one
1325         below, but with a bigger input which will trigger a different code
1326         path.
1327         (catch):
1328         * stress/json-stringified-overflow.js: Modify the test to only
1329         catch OOM on stringification. not on string creation.
1330
1331 2018-04-18  Yusuke Suzuki  <utatane.tea@gmail.com>
1332
1333         [WebAssembly][Modules] Import tables in wasm modules
1334         https://bugs.webkit.org/show_bug.cgi?id=184738
1335
1336         Reviewed by JF Bastien.
1337
1338         * wasm/modules/wasm-imports-js-re-exports-wasm-exports.js:
1339         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wasm:
1340         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wat:
1341         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/re-export.js:
1342         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wasm:
1343         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wat:
1344         * wasm/modules/wasm-imports-wasm-exports.js:
1345         * wasm/modules/wasm-imports-wasm-exports/imports.wasm:
1346         * wasm/modules/wasm-imports-wasm-exports/imports.wat:
1347         * wasm/modules/wasm-imports-wasm-exports/sum.wasm:
1348         * wasm/modules/wasm-imports-wasm-exports/sum.wat:
1349
1350 2018-04-18  Yusuke Suzuki  <utatane.tea@gmail.com>
1351
1352         [WebAssembly][Modules] Import globals from wasm modules
1353         https://bugs.webkit.org/show_bug.cgi?id=184736
1354
1355         Reviewed by JF Bastien.
1356
1357         * wasm.yaml:
1358         * wasm/modules/wasm-imports-js-re-exports-wasm-exports.js:
1359         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wasm:
1360         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wat:
1361         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/re-export.js:
1362         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wasm:
1363         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wat:
1364         * wasm/modules/wasm-imports-wasm-exports.js:
1365         * wasm/modules/wasm-imports-wasm-exports/imports.wasm:
1366         * wasm/modules/wasm-imports-wasm-exports/imports.wat:
1367         * wasm/modules/wasm-imports-wasm-exports/sum.wasm:
1368         * wasm/modules/wasm-imports-wasm-exports/sum.wat:
1369
1370 2018-04-18  Yusuke Suzuki  <utatane.tea@gmail.com>
1371
1372         Unreviewed, reland r230697, r230720, and r230724.
1373         https://bugs.webkit.org/show_bug.cgi?id=184600
1374
1375         * wasm.yaml:
1376         * wasm/modules/constant.wasm: Added.
1377         * wasm/modules/constant.wat: Added.
1378         * wasm/modules/default-import-star-error.js: Added.
1379         (then):
1380         * wasm/modules/default-import-star-error/entry.wasm: Added.
1381         * wasm/modules/default-import-star-error/entry.wat: Added.
1382         * wasm/modules/default-import-star-error/t0.js: Added.
1383         * wasm/modules/default-import-star-error/t1.js: Added.
1384         * wasm/modules/default-import-star-error/t2.js: Added.
1385         (export.default.Cocoa):
1386         * wasm/modules/js-wasm-cycle.js: Added.
1387         * wasm/modules/js-wasm-cycle/entry.js: Added.
1388         (from.string_appeared_here.export.return42):
1389         * wasm/modules/js-wasm-cycle/sum.wasm: Added.
1390         * wasm/modules/js-wasm-cycle/sum.wat: Added.
1391         * wasm/modules/js-wasm-function-namespace.js: Added.
1392         (assert.throws):
1393         * wasm/modules/js-wasm-function.js: Added.
1394         (assert.throws):
1395         * wasm/modules/js-wasm-global-namespace.js: Added.
1396         (assert.throws):
1397         * wasm/modules/js-wasm-global.js: Added.
1398         (assert.throws):
1399         * wasm/modules/js-wasm-memory-namespace.js: Added.
1400         (assert.throws):
1401         * wasm/modules/js-wasm-memory.js: Added.
1402         (assert.throws):
1403         * wasm/modules/js-wasm-start.js: Added.
1404         (then):
1405         * wasm/modules/js-wasm-table-namespace.js: Added.
1406         (assert.throws):
1407         * wasm/modules/js-wasm-table.js: Added.
1408         (assert.throws):
1409         * wasm/modules/memory.wasm: Added.
1410         * wasm/modules/memory.wat: Added.
1411         * wasm/modules/run-from-wasm.wasm: Added.
1412         * wasm/modules/run-from-wasm.wat: Added.
1413         * wasm/modules/run-from-wasm/check.js: Added.
1414         (export.check):
1415         * wasm/modules/start.wasm: Added.
1416         * wasm/modules/start.wat: Added.
1417         * wasm/modules/sum.wasm: Added.
1418         * wasm/modules/sum.wat: Added.
1419         * wasm/modules/table.wasm: Added.
1420         * wasm/modules/table.wat: Added.
1421         * wasm/modules/wasm-imports-js-exports.js: Added.
1422         * wasm/modules/wasm-imports-js-exports/imports.wasm: Added.
1423         * wasm/modules/wasm-imports-js-exports/imports.wat: Added.
1424         * wasm/modules/wasm-imports-js-exports/sum.js: Added.
1425         (export.sum):
1426         * wasm/modules/wasm-imports-js-re-exports-wasm-exports.js: Added.
1427         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wasm: Added.
1428         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wat: Added.
1429         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/re-export.js: Added.
1430         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wasm: Added.
1431         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wat: Added.
1432         * wasm/modules/wasm-imports-wasm-exports.js: Added.
1433         * wasm/modules/wasm-imports-wasm-exports/imports.wasm: Added.
1434         * wasm/modules/wasm-imports-wasm-exports/imports.wat: Added.
1435         * wasm/modules/wasm-imports-wasm-exports/sum.wasm: Added.
1436         * wasm/modules/wasm-imports-wasm-exports/sum.wat: Added.
1437         * wasm/modules/wasm-js-cycle.js: Added.
1438         * wasm/modules/wasm-js-cycle/entry.wasm: Added.
1439         * wasm/modules/wasm-js-cycle/entry.wat: Added.
1440         * wasm/modules/wasm-js-cycle/sum.js: Added.
1441         (from.string_appeared_here.export.sum):
1442         * wasm/modules/wasm-wasm-cycle.js: Added.
1443         * wasm/modules/wasm-wasm-cycle/entry.wasm: Added.
1444         * wasm/modules/wasm-wasm-cycle/entry.wat: Added.
1445         * wasm/modules/wasm-wasm-cycle/sum.wasm: Added.
1446         * wasm/modules/wasm-wasm-cycle/sum.wat: Added.
1447
1448 2018-04-17  Commit Queue  <commit-queue@webkit.org>
1449
1450         Unreviewed, rolling out r230697, r230720, and r230724.
1451         https://bugs.webkit.org/show_bug.cgi?id=184717
1452
1453         These caused multiple failures on the Test262 testers.
1454         (Requested by mlewis13 on #webkit).
1455
1456         Reverted changesets:
1457
1458         "[WebAssembly][Modules] Prototype wasm import"
1459         https://bugs.webkit.org/show_bug.cgi?id=184600
1460         https://trac.webkit.org/changeset/230697
1461
1462         "[WebAssembly][Modules] Implement function import from wasm
1463         modules"
1464         https://bugs.webkit.org/show_bug.cgi?id=184689
1465         https://trac.webkit.org/changeset/230720
1466
1467         "[JSC] Rename runWebAssembly to runWebAssemblySuite"
1468         https://bugs.webkit.org/show_bug.cgi?id=184703
1469         https://trac.webkit.org/changeset/230724
1470
1471 2018-04-17  JF Bastien  <jfbastien@apple.com>
1472
1473         A put is not an ExistingProperty put when we transition a structure because of an attributes change
1474         https://bugs.webkit.org/show_bug.cgi?id=184706
1475         <rdar://problem/38871451>
1476
1477         Reviewed by Saam Barati.
1478
1479         * stress/put-by-id-direct-strict-transition.js: Added.
1480         (const.foo):
1481         (j.const.obj.set hello):
1482         * stress/put-by-id-direct-transition.js: Added.
1483         (const.foo):
1484         (j.const.obj.set hello):
1485         * stress/put-getter-setter-by-id-strict-transition.js: Added.
1486         (const.foo):
1487         (j.const.obj.set hello):
1488         * stress/put-getter-setter-by-id-transition.js: Added.
1489         (const.foo):
1490         (j.const.obj.set hello):
1491
1492 2018-04-16  Filip Pizlo  <fpizlo@apple.com>
1493
1494         PutStackSinkingPhase should know that KillStack means ConflictingFlush
1495         https://bugs.webkit.org/show_bug.cgi?id=184672
1496
1497         Reviewed by Michael Saboff.
1498
1499         * stress/sink-put-stack-over-kill-stack.js: Added.
1500         (avocado_1):
1501         (apricot_0):
1502         (__c_0):
1503         (banana_2):
1504
1505 2018-04-17  Yusuke Suzuki  <utatane.tea@gmail.com>
1506
1507         [JSC] Rename runWebAssembly to runWebAssemblySuite
1508         https://bugs.webkit.org/show_bug.cgi?id=184703
1509
1510         Reviewed by JF Bastien.
1511
1512         And add runWebAssembly as a command to simplely run wasm modules.
1513
1514         * wasm.yaml:
1515
1516 2018-04-17  Yusuke Suzuki  <utatane.tea@gmail.com>
1517
1518         [WebAssembly][Modules] Implement function import from wasm modules
1519         https://bugs.webkit.org/show_bug.cgi?id=184689
1520
1521         Reviewed by JF Bastien.
1522
1523         * wasm.yaml:
1524         * wasm/modules/js-wasm-cycle.js: Added.
1525         * wasm/modules/js-wasm-cycle/entry.js: Added.
1526         (from.string_appeared_here.export.return42):
1527         * wasm/modules/js-wasm-cycle/sum.wasm: Added.
1528         * wasm/modules/js-wasm-cycle/sum.wat: Added.
1529         * wasm/modules/run-from-wasm.wasm: Added.
1530         * wasm/modules/run-from-wasm.wat: Added.
1531         * wasm/modules/run-from-wasm/check.js: Added.
1532         (export.check):
1533         * wasm/modules/wasm-imports-js-exports.js: Added.
1534         * wasm/modules/wasm-imports-js-exports/imports.wasm: Added.
1535         * wasm/modules/wasm-imports-js-exports/imports.wat: Added.
1536         * wasm/modules/wasm-imports-js-exports/sum.js: Added.
1537         (export.sum):
1538         * wasm/modules/wasm-imports-js-re-exports-wasm-exports.js: Added.
1539         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wasm: Added.
1540         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/imports.wat: Added.
1541         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/re-export.js: Added.
1542         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wasm: Added.
1543         * wasm/modules/wasm-imports-js-re-exports-wasm-exports/sum.wat: Added.
1544         * wasm/modules/wasm-imports-wasm-exports.js: Added.
1545         * wasm/modules/wasm-imports-wasm-exports/imports.wasm: Added.
1546         * wasm/modules/wasm-imports-wasm-exports/imports.wat: Added.
1547         * wasm/modules/wasm-imports-wasm-exports/sum.wasm: Added.
1548         * wasm/modules/wasm-imports-wasm-exports/sum.wat: Added.
1549         * wasm/modules/wasm-js-cycle.js: Added.
1550         * wasm/modules/wasm-js-cycle/entry.wasm: Added.
1551         * wasm/modules/wasm-js-cycle/entry.wat: Added.
1552         * wasm/modules/wasm-js-cycle/sum.js: Added.
1553         (from.string_appeared_here.export.sum):
1554         * wasm/modules/wasm-wasm-cycle.js: Added.
1555         * wasm/modules/wasm-wasm-cycle/entry.wasm: Added.
1556         * wasm/modules/wasm-wasm-cycle/entry.wat: Added.
1557         * wasm/modules/wasm-wasm-cycle/sum.wasm: Added.
1558         * wasm/modules/wasm-wasm-cycle/sum.wat: Added.
1559
1560 2018-04-16  Yusuke Suzuki  <utatane.tea@gmail.com>
1561
1562         [WebAssembly][Modules] Prototype wasm import
1563         https://bugs.webkit.org/show_bug.cgi?id=184600
1564
1565         Reviewed by JF Bastien.
1566
1567         Add wasm and wat files since module loader want to load wasm files from FS.
1568         Currently, importing the other modules from wasm is not supported.
1569
1570         * wasm.yaml:
1571         * wasm/modules/constant.wasm: Added.
1572         * wasm/modules/constant.wat: Added.
1573         * wasm/modules/js-wasm-function-namespace.js: Added.
1574         (assert.throws):
1575         * wasm/modules/js-wasm-function.js: Added.
1576         (assert.throws):
1577         * wasm/modules/js-wasm-global-namespace.js: Added.
1578         (assert.throws):
1579         * wasm/modules/js-wasm-global.js: Added.
1580         (assert.throws):
1581         * wasm/modules/js-wasm-memory-namespace.js: Added.
1582         (assert.throws):
1583         * wasm/modules/js-wasm-memory.js: Added.
1584         (assert.throws):
1585         * wasm/modules/js-wasm-start.js: Added.
1586         (then):
1587         * wasm/modules/js-wasm-table-namespace.js: Added.
1588         (assert.throws):
1589         * wasm/modules/js-wasm-table.js: Added.
1590         (assert.throws):
1591         * wasm/modules/memory.wasm: Added.
1592         * wasm/modules/memory.wat: Added.
1593         * wasm/modules/start.wasm: Added.
1594         * wasm/modules/start.wat: Added.
1595         * wasm/modules/sum.wasm: Added.
1596         * wasm/modules/sum.wat: Added.
1597         * wasm/modules/table.wasm: Added.
1598         * wasm/modules/table.wat: Added.
1599
1600 2018-04-14  Filip Pizlo  <fpizlo@apple.com>
1601
1602         Function.prototype.caller shouldn't return generator bodies
1603         https://bugs.webkit.org/show_bug.cgi?id=184630
1604
1605         Reviewed by Yusuke Suzuki.
1606
1607         * stress/function-caller-async-arrow-function-body.js: Added.
1608         * stress/function-caller-async-function-body.js: Added.
1609         * stress/function-caller-async-generator-body.js: Added.
1610         * stress/function-caller-generator-body.js: Added.
1611         * stress/function-caller-generator-method-body.js: Added.
1612
1613 2018-04-12  Tomas Popela  <tpopela@redhat.com>
1614
1615         Unreviewed, skip JIT tests if it isn't enabled
1616
1617         See https://bugs.webkit.org/show_bug.cgi?id=182730.
1618
1619         * stress/big-int-spec-to-primitive.js:
1620         * stress/big-int-spec-to-this.js:
1621
1622 2018-04-10  Caio Lima  <ticaiolima@gmail.com>
1623
1624         [ESNext][BigInt] Add support for BigInt in SpeculatedType
1625         https://bugs.webkit.org/show_bug.cgi?id=182470
1626
1627         Reviewed by Saam Barati.
1628
1629         * stress/big-int-spec-to-primitive.js: Added.
1630         * stress/big-int-spec-to-this.js: Added.
1631         * stress/big-int-strict-equals-jit.js: Added.
1632         * stress/big-int-strict-spec-to-this.js: Added.
1633         * stress/big-int-type-of-proven-type.js: Added.
1634
1635 2018-04-10  Filip Pizlo  <fpizlo@apple.com>
1636
1637         DFG AI and clobberize should agree with each other
1638         https://bugs.webkit.org/show_bug.cgi?id=184440
1639
1640         Reviewed by Saam Barati.
1641         
1642         Add tests for all of the bugs I fixed.
1643
1644         * stress/direct-arguments-out-of-bounds-change-structure.js: Added.
1645         (foo):
1646         * stress/new-typed-array-cse-effects.js: Added.
1647         (foo):
1648         * stress/scoped-arguments-out-of-bounds-change-structure.js: Added.
1649         (foo.theO):
1650         (foo):
1651         * stress/string-from-char-code-change-structure-not-dead.js: Added.
1652         (foo):
1653         (i.valueOf):
1654         (weirdValue.valueOf):
1655         * stress/string-from-char-code-change-structure.js: Added.
1656         (foo):
1657         (i.valueOf):
1658         (weirdValue.valueOf):
1659
1660 2018-04-09  Leo Balter  <leonardo.balter@gmail.com>
1661
1662         Fix errant Test262 files CRLF to LF for consistency with the original source
1663         https://bugs.webkit.org/show_bug.cgi?id=184425
1664
1665         Reviewed by Yusuke Suzuki.
1666
1667         * test262/test/built-ins/Math/acosh/nan-returns.js:
1668         * test262/test/built-ins/Math/asinh/asinh-specialVals.js:
1669         * test262/test/built-ins/Math/atanh/atanh-specialVals.js:
1670         * test262/test/built-ins/Math/cbrt/cbrt-specialValues.js:
1671         * test262/test/built-ins/Math/cbrt/prop-desc.js:
1672         * test262/test/built-ins/Math/cosh/cosh-specialVals.js:
1673         * test262/test/built-ins/Math/expm1/expm1-specialVals.js:
1674         * test262/test/built-ins/Math/log10/Log10-specialVals.js:
1675         * test262/test/built-ins/Math/log2/log2-basicTests.js:
1676         * test262/test/built-ins/Math/sign/sign-specialVals.js:
1677         * test262/test/built-ins/Math/sinh/sinh-specialVals.js:
1678         * test262/test/built-ins/Math/tanh/tanh-specialVals.js:
1679         * test262/test/built-ins/Math/trunc/trunc-sampleTests.js:
1680         * test262/test/built-ins/Math/trunc/trunc-specialVals.js:
1681
1682 2018-04-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1683
1684         Unreviewed, remove incorrect entry in test262.yaml
1685         https://bugs.webkit.org/show_bug.cgi?id=184266
1686
1687         * test262.yaml:
1688
1689 2018-04-08  Valerie Young  <valerie@bocoup.com>
1690
1691         [JSC] Update Test262 to April 6 version
1692         https://bugs.webkit.org/show_bug.cgi?id=184266
1693
1694         Rubber stamped by Yusuke Suzuki.
1695
1696 2018-04-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1697
1698         [JSC] Introduce op_get_by_id_direct
1699         https://bugs.webkit.org/show_bug.cgi?id=183970
1700
1701         Reviewed by Filip Pizlo.
1702
1703         * stress/generator-prototype-copy.js: Added.
1704         (gen):
1705         (catch):
1706         Adopted JF's tests.
1707
1708         * stress/generator-type-check.js: Added.
1709         (shouldThrow):
1710         (foo2):
1711         (i.shouldThrow):
1712         * stress/get-by-id-direct-getter.js: Added.
1713         (shouldBe):
1714         (shouldThrow):
1715         (obj.get hello):
1716         (builtin.createBuiltin):
1717         (obj2.get length):
1718         * stress/get-by-id-direct.js: Added.
1719         (shouldBe):
1720         (shouldThrow):
1721         (builtin.createBuiltin):
1722         * test262.yaml:
1723         We fixed long-standing spec compatibility issue.
1724         As a result, this patch makes several test262 tests passed!
1725
1726
1727 2018-04-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1728
1729         Unreviewed, annotate test with @skip if $memoryLimited
1730         https://bugs.webkit.org/show_bug.cgi?id=183894
1731
1732         * stress/json-stringified-overflow.js:
1733
1734 2018-04-06  Alexey Proskuryakov  <ap@apple.com>
1735
1736         Add svn:eol-style to line-terminator-normalisation-CR.js
1737         https://bugs.webkit.org/show_bug.cgi?id=184341
1738
1739         * test262/test/built-ins/Function/prototype/toString/line-terminator-normalisation-CR.js: Added property svn:eol-style.
1740
1741 2018-04-06  Ross Kirsling  <ross.kirsling@sony.com>
1742
1743         Unreviewed, remove errant LF from existing test262 test for CR line endings.
1744
1745         * test262/test/built-ins/Function/prototype/toString/line-terminator-normalisation-CR.js:
1746
1747 2018-04-05  Ross Kirsling  <ross.kirsling@sony.com>
1748
1749         Unreviewed, rolling out r230320.
1750
1751         Revert fix, as the root cause lies elsewhere.
1752
1753         Reverted changeset:
1754
1755         "[test262] Mark line-terminator-normalisation-CR.js as a
1756         binary file."
1757         https://bugs.webkit.org/show_bug.cgi?id=184341
1758         https://trac.webkit.org/changeset/230320
1759
1760 2018-04-05  Ross Kirsling  <ross.kirsling@sony.com>
1761
1762         [test262] Mark line-terminator-normalisation-CR.js as a binary file.
1763         https://bugs.webkit.org/show_bug.cgi?id=184341
1764
1765         Reviewed by Yusuke Suzuki.
1766
1767         This test is all about CR line endings, but `svn-apply` can't deal with them.
1768         Treating the file as binary ensures that its contents never are never shown in a diff.
1769
1770         * .gitattributes: Added.
1771
1772 2018-04-05  Robin Morisset  <rmorisset@apple.com>
1773
1774         Fix testcase (missing try/catch).
1775         https://bugs.webkit.org/show_bug.cgi?id=183657
1776
1777         Unreviewed.
1778
1779         * stress/large-unshift-splice.js
1780
1781 2018-04-04  Filip Pizlo  <fpizlo@apple.com>
1782
1783         REGRESSION(r222563): removed DoubleReal type check causes tons of crashes because CSE has never known how to handle SaneChain
1784         https://bugs.webkit.org/show_bug.cgi?id=184319
1785
1786         Reviewed by Saam Barati.
1787
1788         * stress/array-push-nan-to-double-array-cse-sane-and-insane-chain.js: Added.
1789         (foo):
1790         (bar):
1791         * stress/array-push-nan-to-double-array.js: Added.
1792         (foo):
1793         (bar):
1794
1795 2018-04-03  Mark Lam  <mark.lam@apple.com>
1796
1797         Test js-fixed-array-out-of-memory.js should be excluded for memory limited devices.
1798         https://bugs.webkit.org/show_bug.cgi?id=184284
1799
1800         Reviewed by Saam Barati.
1801
1802         * stress/js-fixed-array-out-of-memory.js:
1803
1804 2018-03-31  Filip Pizlo  <fpizlo@apple.com>
1805
1806         JSC crash in JIT code with for-of loop and Array/Set iterators
1807         https://bugs.webkit.org/show_bug.cgi?id=183174
1808
1809         Reviewed by Saam Barati.
1810
1811         * microbenchmarks/hoist-get-by-offset-tower-with-inferred-types.js: Added. This test shows that fixing the bug didn't break hoisting of GetByOffset with inferred types. I confirmed that if I did break it, this test slows down by >7x.
1812         (foo):
1813         * stress/hoist-get-by-offset-with-control-dependent-inferred-type.js: Added. This test shows that the bug is fixed.
1814         (f):
1815
1816 2018-03-30  JF Bastien  <jfbastien@apple.com>
1817
1818         WebAssembly: support DataView compilation
1819         https://bugs.webkit.org/show_bug.cgi?id=183342
1820
1821         Reviewed by Mark Lam.
1822
1823         Test WebAssembly compilation using a DataView with offset.
1824
1825         * wasm/regress/183342.js: Added.
1826         (attempt.catch):
1827
1828 2018-03-30  Filip Pizlo  <fpizlo@apple.com>
1829
1830         Bytecode generator should not get_from_scope something that may be a hole into a variable that is already live
1831         https://bugs.webkit.org/show_bug.cgi?id=184189
1832
1833         Reviewed by JF Bastien.
1834
1835         * stress/load-hole-from-scope-into-live-var.js: Added.
1836         (result.eval.try.switch):
1837         (catch):
1838
1839 2018-03-30  Ryan Haddad  <ryanhaddad@apple.com>
1840
1841         Unreviewed, rolling out r230102.
1842
1843         Caused assertion failures on JSC bots.
1844
1845         Reverted changeset:
1846
1847         "A stack overflow in the parsing of a builtin (called by
1848         createExecutable) cause a crash instead of a catchable js
1849         exception"
1850         https://bugs.webkit.org/show_bug.cgi?id=184074
1851         https://trac.webkit.org/changeset/230102
1852
1853 2018-03-30  Robin Morisset  <rmorisset@apple.com>
1854
1855         Inlining of a function that ends in op_unreachable in a non-tail position triggers an ASSERT
1856         https://bugs.webkit.org/show_bug.cgi?id=183812
1857
1858         Reviewed by Keith Miller.
1859
1860         * stress/inlining-unreachable-non-tail.js: Added.
1861         (foo.):
1862         (foo):
1863
1864 2018-03-30  Robin Morisset  <rmorisset@apple.com>
1865
1866         A stack overflow in the parsing of a builtin (called by createExecutable) cause a crash instead of a catchable js exception
1867         https://bugs.webkit.org/show_bug.cgi?id=184074
1868         <rdar://problem/37165897>
1869
1870         Reviewed by Keith Miller.
1871
1872         * stress/stack-overflow-while-parsing-builtin.js: Added.
1873         (f):
1874
1875 2018-03-30  Robin Morisset  <rmorisset@apple.com>
1876
1877         Out-of-bounds accesses due to a missing check for MAX_STORAGE_VECTOR_LENGTH in unshiftCountForAnyIndexingType
1878         https://bugs.webkit.org/show_bug.cgi?id=183657
1879
1880         Reviewed by Keith Miller.
1881
1882         * stress/large-unshift-splice.js: Added.
1883         (make_contig_arr):
1884
1885 2018-03-28  Robin Morisset  <rmorisset@apple.com>
1886
1887         appendQuotedJSONString stops on arithmetic overflow instead of propagating it upwards
1888         https://bugs.webkit.org/show_bug.cgi?id=183894
1889
1890         Reviewed by Saam Barati.
1891
1892         * stress/json-stringified-overflow.js: Added.
1893         (catch):
1894
1895 2018-03-26  Filip Pizlo  <fpizlo@apple.com>
1896
1897         DFG should know that CreateThis can be effectful
1898         https://bugs.webkit.org/show_bug.cgi?id=184013
1899
1900         Reviewed by Saam Barati.
1901
1902         * stress/create-this-property-change.js: Added.
1903         (Foo):
1904         (RealBar):
1905         (get if):
1906         * stress/create-this-structure-change-without-cse.js: Added.
1907         (Foo):
1908         (RealBar):
1909         (get if):
1910         * stress/create-this-structure-change.js: Added.
1911         (Foo):
1912         (RealBar):
1913         (get if):
1914
1915 2018-03-22  Yusuke Suzuki  <utatane.tea@gmail.com>
1916
1917         [DFG] Introduces fused compare and jump
1918         https://bugs.webkit.org/show_bug.cgi?id=177100
1919
1920         Reviewed by Mark Lam.
1921
1922         * stress/fused-jeq-slow.js: Added.
1923         (shouldBe):
1924         (testJEQ):
1925         (testJNEQB):
1926         (testJEQB):
1927         (testJNEQF):
1928         (testJEQF):
1929         * stress/fused-jeq.js: Added.
1930         (shouldBe):
1931         (testJEQ):
1932         (testJNEQB):
1933         (testJEQB):
1934         (testJNEQF):
1935         (testJEQF):
1936         * stress/fused-jstricteq-slow.js: Added.
1937         (shouldBe):
1938         (testJSTRICTEQ):
1939         (testJNSTRICTEQB):
1940         (testJSTRICTEQB):
1941         (testJNSTRICTEQF):
1942         (testJSTRICTEQF):
1943         * stress/fused-jstricteq.js: Added.
1944         (shouldBe):
1945         (testJSTRICTEQ):
1946         (testJNSTRICTEQB):
1947         (testJSTRICTEQB):
1948         (testJNSTRICTEQF):
1949         (testJSTRICTEQF):
1950
1951 2018-03-22  Yusuke Suzuki  <utatane.tea@gmail.com>
1952
1953         [JSC] Clear MustGenerate for ToString(Number) converted from NumberToStringWithRadix
1954         https://bugs.webkit.org/show_bug.cgi?id=183559
1955
1956         Reviewed by Mark Lam.
1957
1958         * stress/double-to-string-in-loop-removed.js: Added.
1959         (test):
1960         * stress/int32-to-string-in-loop-removed.js: Added.
1961         (test):
1962         * stress/int52-to-string-in-loop-removed.js: Added.
1963         (test):
1964
1965 2018-03-22  Michael Saboff  <msaboff@apple.com>
1966
1967         Race Condition in arrayProtoFuncReverse() causes wrong results or crash
1968         https://bugs.webkit.org/show_bug.cgi?id=183901
1969
1970         Reviewed by Keith Miller.
1971
1972         New test.
1973
1974         * stress/array-reverse-doesnt-clobber.js: Added.
1975         (testArrayReverse):
1976         (createArrayOfArrays):
1977         (createArrayStorage):
1978
1979 2018-03-21  Filip Pizlo  <fpizlo@apple.com>
1980
1981         ScopedArguments should do poisoning and index masking
1982         https://bugs.webkit.org/show_bug.cgi?id=183863
1983
1984         Reviewed by Mark Lam.
1985         
1986         Adds another stress test of scoped arguments.
1987
1988         * stress/scoped-arguments-test.js: Added.
1989         (foo):
1990
1991 2018-03-20  Saam Barati  <sbarati@apple.com>
1992
1993         We need to do proper bookkeeping of exitOK when inserting constants when sinking NewArrayBuffer
1994         https://bugs.webkit.org/show_bug.cgi?id=183795
1995         <rdar://problem/38298694>
1996
1997         Reviewed by JF Bastien.
1998
1999         * stress/sink-phantom-new-array-buffer-exit-ok.js: Added.
2000         (foo):
2001         (bar):
2002
2003 2018-03-16  Yusuke Suzuki  <utatane.tea@gmail.com>
2004
2005         [DFG][FTL] Add vectorLengthHint for NewArray
2006         https://bugs.webkit.org/show_bug.cgi?id=183694
2007
2008         Reviewed by Saam Barati.
2009
2010         * stress/vector-length-hint-array-constructor.js: Added.
2011         (shouldBe):
2012         (test):
2013         * stress/vector-length-hint-new-array.js: Added.
2014         (shouldBe):
2015         (test):
2016
2017 2018-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2018
2019         [DFG][FTL] Make ArraySlice(0) code tight
2020         https://bugs.webkit.org/show_bug.cgi?id=183590
2021
2022         Reviewed by Saam Barati.
2023
2024         * stress/array-slice-with-zero.js: Added.
2025         (shouldBe):
2026         (test):
2027         (test2):
2028         * stress/array-slice-zero-args.js: Added.
2029         (shouldBe):
2030         (test):
2031
2032 2018-03-14  Caitlin Potter  <caitp@igalia.com>
2033
2034         [JSC] fix order of evaluation for ClassDefinitionEvaluation
2035         https://bugs.webkit.org/show_bug.cgi?id=183523
2036
2037         Reviewed by Keith Miller.
2038
2039         Computed property names need to be evaluated in source order during class
2040         definition evaluation, as it's observable (and specified to work this way).
2041
2042         This change improves compatibility with Chromium.
2043
2044         * stress/class_elements.js: Added.
2045         (test):
2046         (test.C.prototype.effect):
2047         (test.C.effect):
2048         (test.C.prototype.get effect):
2049         (test.C.prototype.set effect):
2050         (test.C):
2051
2052 2018-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2053
2054         [DFG] AI should convert CreateThis to NewObject if the prototype object is proved
2055         https://bugs.webkit.org/show_bug.cgi?id=183310
2056
2057         Reviewed by Filip Pizlo.
2058
2059         * stress/ai-create-this-to-new-object-fire.js: Added.
2060         (assert):
2061         (test):
2062         (func):
2063         (check):
2064         (test.body.A):
2065         (test.body.B):
2066         (test.body):
2067         * stress/ai-create-this-to-new-object.js: Added.
2068         (assert):
2069         (test):
2070         (func):
2071         (check):
2072         (test.body.A):
2073         (test.body.B):
2074         (test.body):
2075
2076 2018-03-10  Yusuke Suzuki  <utatane.tea@gmail.com>
2077
2078         [FTL] Drop NewRegexp for String.prototype.match with RegExp + global flag
2079         https://bugs.webkit.org/show_bug.cgi?id=181848
2080
2081         Reviewed by Sam Weinig.
2082
2083         * microbenchmarks/regexp-u-global-es5.js: Added.
2084         (fn):
2085         * microbenchmarks/regexp-u-global-es6.js: Added.
2086         (fn):
2087         * stress/materialized-regexp-has-correct-last-index-set-by-match-at-osr-exit.js: Added.
2088         (shouldBe):
2089         (test):
2090         (i.switch):
2091         * stress/materialized-regexp-has-correct-last-index-set-by-match.js: Added.
2092         (shouldBe):
2093         (test):
2094
2095 2018-03-07  Dominik Infuehr  <dinfuehr@igalia.com>
2096
2097         Disable test stress/var-injection-cache-invalidation.js on systems with limited memory
2098         https://bugs.webkit.org/show_bug.cgi?id=183334
2099
2100         Reviewed by Žan Doberšek.
2101
2102         * stress/var-injection-cache-invalidation.js:
2103
2104 2018-03-06  Dominik Infuehr  <dinfuehr@igalia.com>
2105
2106         [ARM] Disable tests that run out of memory
2107         https://bugs.webkit.org/show_bug.cgi?id=182699
2108
2109         Reviewed by Žan Doberšek.
2110
2111         Skip tests that run of of memory. Do not run
2112         modules/module-jit-reachability.js without LLInt to prevent
2113         running out of executable memory.
2114
2115         * modules.yaml:
2116         * modules/module-jit-reachability.js:
2117         * stress/has-own-property-name-cache-string-keys.js:
2118         * stress/has-own-property-name-cache-symbol-keys.js:
2119
2120 2018-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2121
2122         ASSERTION FAILED: matchContextualKeyword(m_vm->propertyNames->async)
2123         https://bugs.webkit.org/show_bug.cgi?id=183173
2124
2125         Reviewed by Saam Barati.
2126
2127         * stress/async-arrow-function-in-class-heritage.js: Added.
2128         (testSyntax):
2129         (testSyntaxError):
2130         (SyntaxError):
2131
2132 2018-03-01  Saam Barati  <sbarati@apple.com>
2133
2134         We need to clear cached structures when having a bad time
2135         https://bugs.webkit.org/show_bug.cgi?id=183256
2136         <rdar://problem/36245022>
2137
2138         Reviewed by Mark Lam.
2139
2140         * stress/having-a-bad-time-with-derived-arrays.js: Added.
2141         (assert):
2142         (defineSetter):
2143         (iterate):
2144         (doSlice):
2145
2146 2018-02-28  Yusuke Suzuki  <utatane.tea@gmail.com>
2147
2148         JSC crash with `import("")`
2149         https://bugs.webkit.org/show_bug.cgi?id=183175
2150
2151         Reviewed by Saam Barati.
2152
2153         * stress/import-with-empty-string.js: Added.
2154
2155 2018-02-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2156
2157         Unreviewed, skip FTL tests if FTL is disabled
2158         https://bugs.webkit.org/show_bug.cgi?id=183071
2159
2160         * stress/has-indexed-property-array-storage-ftl.js:
2161         * stress/has-indexed-property-slow-put-array-storage-ftl.js:
2162
2163 2018-02-25  Yusuke Suzuki  <utatane.tea@gmail.com>
2164
2165         [FTL] Support PutByVal(ArrayStorage/SlowPutArrayStorage)
2166         https://bugs.webkit.org/show_bug.cgi?id=182965
2167
2168         Reviewed by Saam Barati.
2169
2170         * stress/put-by-val-array-storage.js: Added.
2171         (shouldBe):
2172         (testArrayStorageInBounds):
2173         * stress/put-by-val-direct-out-of-bounds-setter.js: Added.
2174         (shouldBe):
2175         (testInt32.createBuiltin):
2176         (set for):
2177         * stress/put-by-val-slow-put-array-storage.js: Added.
2178         (shouldBe):
2179         (testArrayStorageInBounds):
2180
2181 2018-02-26  Saam Barati  <sbarati@apple.com>
2182
2183         validateStackAccess should not validate if the offset is within the stack bounds
2184         https://bugs.webkit.org/show_bug.cgi?id=183067
2185         <rdar://problem/37749988>
2186
2187         Reviewed by Mark Lam.
2188
2189         * stress/dont-validate-stack-offset-in-b3-because-it-might-be-guarded-by-control-flow.js: Added.
2190         (assert):
2191         (test.a):
2192         (test.b):
2193         (test):
2194
2195 2018-02-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2196
2197         Unreviewed, skip FTL tests if FTL is disabled
2198         https://bugs.webkit.org/show_bug.cgi?id=183071
2199
2200         * stress/has-indexed-property-array-storage-ftl.js:
2201         * stress/has-indexed-property-slow-put-array-storage-ftl.js:
2202
2203 2018-02-23  Saam Barati  <sbarati@apple.com>
2204
2205         Make Number.isInteger an intrinsic
2206         https://bugs.webkit.org/show_bug.cgi?id=183088
2207
2208         Reviewed by JF Bastien.
2209
2210         * stress/number-is-integer-intrinsic.js: Added.
2211
2212 2018-02-23  Oleksandr Skachkov  <gskachkov@gmail.com>
2213
2214         WebAssembly: cache memory address / size on instance
2215         https://bugs.webkit.org/show_bug.cgi?id=177305
2216
2217         Reviewed by JF Bastien.
2218
2219         * wasm/function-tests/memory-reuse.js: Added.
2220         (createWasmInstance):
2221         (doCheckTrap):
2222         (doMemoryGrow):
2223         (doCheck):
2224         (checkWasmInstancesWithSharedMemory):
2225
2226 2018-02-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2227
2228         [JSC] Implement $vm.ftlTrue function for FTL testing
2229         https://bugs.webkit.org/show_bug.cgi?id=183071
2230
2231         Reviewed by Mark Lam.
2232
2233         * stress/dead-fiat-value-to-int52-then-exit-not-double.js:
2234         (foo):
2235         * stress/dead-fiat-value-to-int52-then-exit-not-int52.js:
2236         (foo):
2237         * stress/dead-fiat-value-to-int52.js:
2238         (foo):
2239         * stress/dead-osr-entry-value.js:
2240         (foo):
2241         * stress/fiat-value-to-int52-then-exit-not-double.js:
2242         (foo):
2243         * stress/fiat-value-to-int52-then-exit-not-int52.js:
2244         (foo):
2245         * stress/fiat-value-to-int52-then-fail-to-fold.js:
2246         (foo):
2247         * stress/fiat-value-to-int52-then-fold.js:
2248         (foo):
2249         * stress/fiat-value-to-int52.js:
2250         (foo):
2251         * stress/fold-based-on-int32-proof-mul-branch.js:
2252         (foo):
2253         * stress/fold-profiled-call-to-call.js:
2254         (foo):
2255         * stress/fold-to-double-constant-then-exit.js:
2256         (foo):
2257         * stress/fold-to-int52-constant-then-exit.js:
2258         (foo):
2259         * stress/fold-to-primitive-in-cfa.js:
2260         (foo):
2261         * stress/fold-to-primitive-to-identity-in-cfa.js:
2262         (foo):
2263         * stress/has-indexed-property-array-storage-ftl.js: Added.
2264         (shouldBe):
2265         (test1):
2266         (test2):
2267         * stress/has-indexed-property-slow-put-array-storage-ftl.js: Added.
2268         (shouldBe):
2269         (test1):
2270         (test2):
2271         * stress/int52-ai-add-then-filter-int32.js:
2272         (foo):
2273         * stress/int52-ai-mul-and-clean-neg-zero-then-filter-int32.js:
2274         (foo):
2275         * stress/int52-ai-mul-then-filter-int32.js:
2276         (foo):
2277         * stress/int52-ai-neg-then-filter-int32.js:
2278         (foo):
2279         * stress/int52-ai-sub-then-filter-int32.js:
2280         (foo):
2281         * stress/licm-pre-header-cannot-exit-nested.js:
2282         (foo):
2283         * stress/licm-pre-header-cannot-exit.js:
2284         (foo):
2285         * stress/sparse-array-entry-update-144067.js:
2286         (useMemoryToTriggerGCs):
2287         * stress/test-spec-misc.js:
2288         (foo):
2289         * stress/tricky-array-bounds-checks.js:
2290         (foo):
2291
2292 2018-02-22  Yusuke Suzuki  <utatane.tea@gmail.com>
2293
2294         [FTL] Support HasIndexedProperty for ArrayStorage and SlowPutArrayStorage
2295         https://bugs.webkit.org/show_bug.cgi?id=182792
2296
2297         Reviewed by Mark Lam.
2298
2299         * stress/has-indexed-property-array-storage.js: Added.
2300         (shouldBe):
2301         (test1):
2302         (test2):
2303         * stress/has-indexed-property-slow-put-array-storage.js: Added.
2304         (shouldBe):
2305         (test1):
2306         (test2):
2307
2308 2018-02-20  Saam Barati  <sbarati@apple.com>
2309
2310         DFG::VarargsForwardingPhase should eliminate getting argument length
2311         https://bugs.webkit.org/show_bug.cgi?id=182959
2312
2313         Reviewed by Keith Miller.
2314
2315         * microbenchmarks/forward-arguments-dont-escape-on-arguments-length.js: Added.
2316
2317 2018-02-14  Yusuke Suzuki  <utatane.tea@gmail.com>
2318
2319         [FTL] Support ArrayPush for ArrayStorage
2320         https://bugs.webkit.org/show_bug.cgi?id=182782
2321
2322         Reviewed by Saam Barati.
2323
2324         Existing array-push-multiple-storage.js covers ArrayPush(ArrayStorage) multiple arguments case.
2325
2326         * stress/array-push-array-storage-beyond-int32.js: Added.
2327         (shouldBe):
2328         (test):
2329         * stress/array-push-array-storage.js: Added.
2330         (shouldBe):
2331         (test):
2332         * stress/array-push-multiple-array-storage-beyond-int32.js: Added.
2333         (shouldBe):
2334         (test):
2335         * stress/array-push-multiple-storage-continuous.js: Added.
2336         (shouldBe):
2337         (test):
2338
2339 2018-02-14  Yusuke Suzuki  <utatane.tea@gmail.com>
2340
2341         [FTL] Support ArrayPop for ArrayStorage
2342         https://bugs.webkit.org/show_bug.cgi?id=182783
2343
2344         Reviewed by Saam Barati.
2345
2346         * stress/array-pop-array-storage.js: Added.
2347         (shouldBe):
2348         (test):
2349
2350 2018-02-14  Yusuke Suzuki  <utatane.tea@gmail.com>
2351
2352         [FTL] Add Arrayify for ArrayStorage and SlowPutArrayStorage
2353         https://bugs.webkit.org/show_bug.cgi?id=182731
2354
2355         Reviewed by Saam Barati.
2356
2357         * stress/arrayify-array-storage-array.js: Added.
2358         (shouldBe):
2359         (testArrayStorage):
2360         * stress/arrayify-array-storage-non-array.js: Added.
2361         (shouldBe):
2362         (testArrayStorage):
2363         * stress/arrayify-array-storage.js: Added.
2364         (shouldBe):
2365         (testArrayStorage):
2366         * stress/arrayify-slow-put-array-storage-pass-array-storage.js: Added.
2367         (shouldBe):
2368         (testArrayStorage):
2369         * stress/arrayify-slow-put-array-storage.js: Added.
2370         (shouldBe):
2371         (testArrayStorage):
2372
2373 2018-02-19  Saam Barati  <sbarati@apple.com>
2374
2375         Don't use JSFunction's allocation profile when getting the prototype can be effectful
2376         https://bugs.webkit.org/show_bug.cgi?id=182942
2377         <rdar://problem/37584764>
2378
2379         Reviewed by Mark Lam.
2380
2381         * stress/get-prototype-create-this-effectful.js: Added.
2382
2383 2018-02-16  Saam Barati  <sbarati@apple.com>
2384
2385         Fix bugs from r228411
2386         https://bugs.webkit.org/show_bug.cgi?id=182851
2387         <rdar://problem/37577732>
2388
2389         Reviewed by JF Bastien.
2390
2391         * stress/constant-folding-phase-insert-check-handle-varargs.js: Added.
2392
2393 2018-02-15  Filip Pizlo  <fpizlo@apple.com>
2394
2395         Unreviewed, roll out r228366 since it did not progress anything.
2396
2397         * stress/gc-error-stack.js: Removed.
2398         * stress/no-gc-error-stack.js: Removed.
2399
2400 2018-02-15  Tomas Popela  <tpopela@redhat.com>
2401
2402         Many stress tests fail with JIT disabled
2403         https://bugs.webkit.org/show_bug.cgi?id=182730
2404
2405         Reviewed by Saam Barati.
2406
2407         These tests are broken by design if the JIT is disabled - they test
2408         the return value of numberOfDFGCompiles(), which is always set to
2409         1000000.0 in TestRunnerUtils.cpp and makes the tests to fail.
2410
2411         * stress/arith-abs-on-various-types.js:
2412         * stress/arith-abs-to-arith-negate-range-optimizaton.js:
2413         * stress/arith-acos-on-various-types.js:
2414         * stress/arith-acosh-on-various-types.js:
2415         * stress/arith-asin-on-various-types.js:
2416         * stress/arith-asinh-on-various-types.js:
2417         * stress/arith-atan-on-various-types.js:
2418         * stress/arith-atanh-on-various-types.js:
2419         * stress/arith-cbrt-on-various-types.js:
2420         * stress/arith-ceil-on-various-types.js:
2421         * stress/arith-clz32-on-various-types.js:
2422         * stress/arith-cos-on-various-types.js:
2423         * stress/arith-cosh-on-various-types.js:
2424         * stress/arith-expm1-on-various-types.js:
2425         * stress/arith-floor-on-various-types.js:
2426         * stress/arith-fround-on-various-types.js:
2427         * stress/arith-log-on-various-types.js:
2428         * stress/arith-log10-on-various-types.js:
2429         * stress/arith-log2-on-various-types.js:
2430         * stress/arith-negate-on-various-types.js:
2431         * stress/arith-round-on-various-types.js:
2432         * stress/arith-sin-on-various-types.js:
2433         * stress/arith-sinh-on-various-types.js:
2434         * stress/arith-sqrt-on-various-types.js:
2435         * stress/arith-tan-on-various-types.js:
2436         * stress/arith-tanh-on-various-types.js:
2437         * stress/arith-trunc-on-various-types.js:
2438         * stress/compare-strict-eq-on-various-types.js:
2439
2440 2018-02-14  Ryan Haddad  <ryanhaddad@apple.com>
2441
2442         Skip stress/new-largeish-contiguous-array-with-size.js on arm.
2443
2444         Unreviewed test gardening.
2445
2446         * stress/new-largeish-contiguous-array-with-size.js:
2447
2448 2018-02-14  Saam Barati  <sbarati@apple.com>
2449
2450         Setting a VMTrap shouldn't look at topCallFrame since that may imply we're in C code and holding the malloc lock
2451         https://bugs.webkit.org/show_bug.cgi?id=182801
2452
2453         Reviewed by Keith Miller.
2454
2455         * stress/watchdog-dont-malloc-when-in-c-code.js: Added.
2456
2457 2018-02-14  Ryan Haddad  <ryanhaddad@apple.com>
2458
2459         Skip JSC test stress/activation-sink-default-value-tdz-error.js on debug.
2460         https://bugs.webkit.org/show_bug.cgi?id=182526
2461
2462         Unreviewed test gardening.
2463
2464         * stress/activation-sink-default-value-tdz-error.js:
2465
2466 2018-02-13  Saam Barati  <sbarati@apple.com>
2467
2468         putDirectIndexSlowOrBeyondVectorLength needs to convert to dictionary indexing mode always if attributes are present
2469         https://bugs.webkit.org/show_bug.cgi?id=182755
2470         <rdar://problem/37080864>
2471
2472         Reviewed by Keith Miller.
2473
2474         * stress/always-enter-dictionary-indexing-mode-with-getter.js: Added.
2475         (test1.o.get 10005):
2476         (test1):
2477         (test2.o.get 1000):
2478         (test2):
2479
2480 2018-02-13  Caitlin Potter  <caitp@igalia.com>
2481
2482         [JSC] cache TaggedTemplate arrays by callsite rather than by contents
2483         https://bugs.webkit.org/show_bug.cgi?id=182717
2484
2485         Reviewed by Yusuke Suzuki.
2486
2487         https://github.com/tc39/ecma262/pull/890 imposes a change to template
2488         literals, to allow template callsite arrays to be collected when the
2489         code containing the tagged template call is collected. This spec change
2490         has received concensus and been ratified.
2491
2492         This change eliminates the eternal map associating template contents
2493         with arrays.
2494
2495         * stress/tagged-template-object-collect.js: Renamed from JSTests/stress/tagged-template-registry-key-collect.js.
2496         * stress/tagged-template-object.js: Renamed from JSTests/stress/tagged-template-registry-key.js.
2497         * stress/tagged-templates-identity.js:
2498         * stress/template-string-tags-eval.js:
2499         * test262.yaml:
2500
2501 2018-02-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2502
2503         Support GetArrayLength on ArrayStorage in the FTL
2504         https://bugs.webkit.org/show_bug.cgi?id=182625
2505
2506         Reviewed by Saam Barati.
2507
2508         * stress/array-storage-length.js: Added.
2509         (shouldBe):
2510         (testInBound):
2511         (testUncountable):
2512         (testSlowPutInBound):
2513         (testSlowPutUncountable):
2514         * stress/undecided-length.js: Added.
2515         (shouldBe):
2516         (test2):
2517
2518 2018-02-12  Saam Barati  <sbarati@apple.com>
2519
2520         DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
2521         https://bugs.webkit.org/show_bug.cgi?id=182706
2522         <rdar://problem/36833681>
2523
2524         Reviewed by Filip Pizlo.
2525
2526         * stress/get-array-length-phantom-new-array-buffer.js: Added.
2527         (effects):
2528         (foo):
2529
2530 2018-02-09  Filip Pizlo  <fpizlo@apple.com>
2531
2532         Don't waste memory for error.stack
2533         https://bugs.webkit.org/show_bug.cgi?id=182656
2534
2535         Reviewed by Saam Barati.
2536         
2537         Tests the policy.
2538
2539         * stress/gc-error-stack.js: Added. Shows that the GC forgets frames now.
2540         * stress/no-gc-error-stack.js: Added. Shows that the GC won't forget things if you ask for the stack.
2541
2542 2018-02-08  Yusuke Suzuki  <utatane.tea@gmail.com>
2543
2544         [JSC] Update Test262 to Feb 9 version
2545         https://bugs.webkit.org/show_bug.cgi?id=182468
2546
2547         Reviewed by Saam Barati.
2548
2549 2018-02-08  Yusuke Suzuki  <utatane.tea@gmail.com>
2550
2551         Unreviewed, fix invalid line terminator in old test262 file part 2
2552         https://bugs.webkit.org/show_bug.cgi?id=182468
2553
2554         * test262/test/built-ins/Function/prototype/toString/line-terminator-normalisation-CR.js:
2555
2556 2018-02-08  Yusuke Suzuki  <utatane.tea@gmail.com>
2557
2558         Unreviewed, fix invalid line terminator in old test262 file
2559         https://bugs.webkit.org/show_bug.cgi?id=182468
2560
2561         * test262/test/language/literals/regexp/7.8.5-1.js:
2562
2563 2018-02-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2564
2565         [JSC] Implement Array.prototype.flatMap and Array.prototype.flatten
2566         https://bugs.webkit.org/show_bug.cgi?id=182440
2567
2568         Reviewed by Darin Adler.
2569
2570         * stress/array-flatmap.js: Added.
2571         (shouldBe):
2572         (shouldBeArray):
2573         (shouldThrow):
2574         (var):
2575         * stress/array-flatten.js: Added.
2576         (shouldBe):
2577         (shouldBeArray):
2578         * test262.yaml:
2579         * test262/test/built-ins/Array/prototype/flatMap/depth-always-one.js:
2580         (3.flatMap):
2581         Pick test262 82c6148980332febe92a544a1fb653718e9fdb57 change.
2582
2583 2018-02-06  Keith Miller  <keith_miller@apple.com>
2584
2585         put_to_scope/get_from_scope should not cache lexical scopes when expecting a global object
2586         https://bugs.webkit.org/show_bug.cgi?id=182549
2587         <rdar://problem/36189995>
2588
2589         Reviewed by Saam Barati.
2590
2591         * stress/var-injection-cache-invalidation.js: Added.
2592         (allocateLotsOfThings):
2593         (test):
2594
2595 2018-02-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2596
2597         Unreviewed, follow up for test262 update
2598         https://bugs.webkit.org/show_bug.cgi?id=182288
2599
2600         * test262.yaml:
2601
2602 2018-02-02  Ryan Haddad  <ryanhaddad@apple.com>
2603
2604         Update test262 to Jan 30 version
2605         https://bugs.webkit.org/show_bug.cgi?id=182288
2606
2607         Unreviewed test gardening.
2608
2609         * test262.yaml: Remove entry for missing test language/expressions/assignment/white-space.js
2610
2611 2018-02-02  Saam Barati  <sbarati@apple.com>
2612
2613         When BytecodeParser inserts Unreachable after ForceOSRExit it needs to update ArgumentPositions for Flushes it inserts
2614         https://bugs.webkit.org/show_bug.cgi?id=182368
2615         <rdar://problem/36932466>
2616
2617         Reviewed by Mark Lam.
2618
2619         * stress/flush-after-force-exit-in-bytecodeparser-needs-to-update-argument-positions.js: Added.
2620         (runNearStackLimit.t):
2621         (runNearStackLimit):
2622         (try.runNearStackLimit):
2623         (catch):
2624
2625 2018-02-02  Yusuke Suzuki  <utatane.tea@gmail.com>
2626
2627         Update test262 to Jan 30 version
2628         https://bugs.webkit.org/show_bug.cgi?id=182288
2629
2630         Rubber stamped by Saam Barati.
2631
2632         This patch updates test262 to the latest one, Jan 30 version.
2633         Since added and changed files are too many, we cannot create ChangeLog.
2634         The following files are changed.
2635
2636         Several files are intentionally omitted due to merge failures. We should investigate how to merge files
2637         including some special line terminators (like u2028, u2029).
2638
2639         * test262.yaml:
2640         * test262/test262-Revision.txt:
2641         * test262/*:
2642
2643 2018-02-02  Guillaume Emont  <guijemont@igalia.com>
2644
2645         JSTests: Skip mozilla/js1_5/Array/regress-157652.js on all memory limited platforms
2646         https://bugs.webkit.org/show_bug.cgi?id=182411
2647
2648         Reviewed by Carlos Alberto Lopez Perez.
2649
2650         This is skipped only on arm memory limited platforms. Until recently
2651         it was not a problem on MIPS as the butterfly was not initialized. But
2652         since r227435, the butterfly is initialized in that test and therefore
2653         memory is allocated, and the test typically takes around 512M, which
2654         means it generally gets OOM-killed on the MIPS buildbot.
2655
2656         * mozilla/mozilla-tests.yaml:
2657
2658 2018-02-01  Mark Lam  <mark.lam@apple.com>
2659
2660         Fix broken bounds check in FTL's compileGetMyArgumentByVal().
2661         https://bugs.webkit.org/show_bug.cgi?id=182419
2662         <rdar://problem/37044945>
2663
2664         Reviewed by Saam Barati.
2665
2666         * stress/regress-182419.js: Added.
2667
2668 2018-02-01  Keith Miller  <keith_miller@apple.com>
2669
2670         Fix crashes due to mishandling custom sections.
2671         https://bugs.webkit.org/show_bug.cgi?id=182404
2672         <rdar://problem/36935863>
2673
2674         Reviewed by Saam Barati.
2675
2676         * wasm/Builder.js:
2677         (export.default.Builder.prototype._registerSectionBuilders.const.section.in.WASM.description.section.switch.section.case.string_appeared_here.this.section):
2678         * wasm/js-api/validate.js:
2679         (assert.truthy):
2680
2681 2018-01-31  Saam Barati  <sbarati@apple.com>
2682
2683         JSC incorrectly interpreting script, sets Global Property instead of Global Lexical variable (LiteralParser / JSONP path)
2684         https://bugs.webkit.org/show_bug.cgi?id=182074
2685         <rdar://problem/36846261>
2686
2687         Reviewed by Mark Lam.
2688
2689         * stress/jsonp-program-evaluate-path-must-consider-global-lexical-environment.js: Added.
2690         (assert):
2691         (let.func):
2692         (let.o.foo):
2693         (varFunc):
2694
2695 2018-01-30  Yusuke Suzuki  <utatane.tea@gmail.com>
2696
2697         Unreviewed, update test262 expects
2698         https://bugs.webkit.org/show_bug.cgi?id=182232
2699
2700         * test262.yaml:
2701
2702 2018-01-29  Yusuke Suzuki  <utatane.tea@gmail.com>
2703
2704         [JSC] Implement trimStart and trimEnd
2705         https://bugs.webkit.org/show_bug.cgi?id=182233
2706
2707         Reviewed by Mark Lam.
2708
2709         * stress/trim.js: Added.
2710         (shouldBe):
2711         (startTest):
2712         (endTest):
2713         (trimTest):
2714
2715 2018-01-29  Yusuke Suzuki  <utatane.tea@gmail.com>
2716
2717         [JSC] Relax line terminators in String to make JSON subset of JS
2718         https://bugs.webkit.org/show_bug.cgi?id=182232
2719
2720         Reviewed by Keith Miller.
2721
2722         * ChakraCore/test/es5/Lex_u3.baseline-jsc:
2723         * stress/relaxed-line-terminators-in-string.js: Added.
2724         (shouldBe):
2725
2726 2018-01-29  Michael Saboff  <msaboff@apple.com>
2727
2728         REGRESSION (r227341): DFG_ASSERT failure at JSC::DFG::AtTailAbstractState::forNode()
2729         https://bugs.webkit.org/show_bug.cgi?id=182249
2730
2731         Reviewed by Keith Miller.
2732
2733         New regression test.
2734
2735         * stress/compare-clobber-untypeduse.js: Added.
2736
2737 2018-01-29  Matt Lewis  <jlewis3@apple.com>
2738
2739         Unreviewed, rolling out r227725.
2740
2741         This caused internal failures.
2742
2743         Reverted changeset:
2744
2745         "JSC Sampling Profiler: Detect tester and testee when sampling
2746         in RegExp JIT"
2747         https://bugs.webkit.org/show_bug.cgi?id=152729
2748         https://trac.webkit.org/changeset/227725
2749
2750 2018-01-29  Yusuke Suzuki  <utatane.tea@gmail.com>
2751
2752         JSC Sampling Profiler: Detect tester and testee when sampling in RegExp JIT
2753         https://bugs.webkit.org/show_bug.cgi?id=152729
2754
2755         Reviewed by Saam Barati.
2756
2757         * stress/sampling-profiler-regexp.js: Added.
2758         (platformSupportsSamplingProfiler.test):
2759         (platformSupportsSamplingProfiler.baz):
2760         (platformSupportsSamplingProfiler):
2761
2762 2018-01-29  Yusuke Suzuki  <utatane.tea@gmail.com>
2763
2764         [DFG][FTL] WeakMap#set should have DFG node
2765         https://bugs.webkit.org/show_bug.cgi?id=180015
2766
2767         Reviewed by Saam Barati.
2768
2769         * stress/weakmap-set-change-get.js: Added.
2770         (shouldBe):
2771         (test):
2772         * stress/weakmap-set-cse.js: Added.
2773         (shouldBe):
2774         (test):
2775         * stress/weakset-add-change-get.js: Added.
2776         (shouldBe):
2777         * stress/weakset-add-cse.js: Added.
2778         (shouldBe):
2779
2780 2018-01-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2781
2782         DFG strength reduction fails to convert NumberToStringWithValidRadixConstant for 0 to constant '0'
2783         https://bugs.webkit.org/show_bug.cgi?id=182213
2784
2785         Reviewed by Mark Lam.
2786
2787         * stress/int32-min-to-string.js: Added.
2788         (shouldBe):
2789         (test2):
2790         (test4):
2791         (test8):
2792         (test16):
2793         (test32):
2794         * stress/zero-to-string.js: Added.
2795         (shouldBe):
2796         (test2):
2797         (test4):
2798         (test8):
2799         (test16):
2800         (test32):
2801
2802 2018-01-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2803
2804         Add more module scope related tests with code evaluation by string
2805         https://bugs.webkit.org/show_bug.cgi?id=181983
2806
2807         Reviewed by Sam Weinig.
2808
2809         Add more module scope related tests. When the original tests are landed,
2810         we do not have browser integration. This patch adds more module scope tests
2811         with dynamically created script evaluation. We add tests with Function
2812         constructor, direct eval, indirect eval, setTimeout, setInterval, and event handlers.
2813
2814         * modules/scopes-eval.js: Added.
2815         (shouldBe):
2816         * modules/scopes.js:
2817         (shouldBe):
2818
2819 2018-01-23  Filip Pizlo  <fpizlo@apple.com>
2820
2821         Unreviewed, retire some microbenchmarks that are proportionately very slow. Benchmark running time should be proportional to their value. Microbenchmarks have little value, so they should be very fast.
2822
2823         * microbenchmarks/array-push-3.js: Removed.
2824         * microbenchmarks/bigswitch-indirect-symbol-or-undefined.js: Removed.
2825         * microbenchmarks/double-to-int32.js: Removed.
2826         * microbenchmarks/fake-iterators-that-throw-when-finished.js: Removed.
2827         * microbenchmarks/ftl-polymorphic-bitand.js: Removed.
2828         * microbenchmarks/ftl-polymorphic-bitor.js: Removed.
2829         * microbenchmarks/ftl-polymorphic-bitxor.js: Removed.
2830         * microbenchmarks/ftl-polymorphic-lshift.js: Removed.
2831         * microbenchmarks/ftl-polymorphic-rshift.js: Removed.
2832         * microbenchmarks/ftl-polymorphic-sub.js: Removed.
2833         * microbenchmarks/ftl-polymorphic-urshift.js: Removed.
2834         * microbenchmarks/map-constant-key.js: Removed.
2835         * microbenchmarks/nested-function-parsing.js: Removed.
2836         * microbenchmarks/rest-parameter-allocation-elimination.js: Removed.
2837         * microbenchmarks/spread-large-array.js: Removed.
2838         * microbenchmarks/string-add-constant-folding.js: Removed.
2839         * microbenchmarks/to-lower-case.js: Removed.
2840         * microbenchmarks/undefined-property-access.js: Removed.
2841         * slowMicrobenchmarks/array-push-3.js: Copied from JSTests/microbenchmarks/array-push-3.js.
2842         * slowMicrobenchmarks/bigswitch-indirect-symbol-or-undefined.js: Copied from JSTests/microbenchmarks/bigswitch-indirect-symbol-or-undefined.js.
2843         * slowMicrobenchmarks/double-to-int32.js: Copied from JSTests/microbenchmarks/double-to-int32.js.
2844         * slowMicrobenchmarks/fake-iterators-that-throw-when-finished.js: Copied from JSTests/microbenchmarks/fake-iterators-that-throw-when-finished.js.
2845         * slowMicrobenchmarks/ftl-polymorphic-bitand.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-bitand.js.
2846         * slowMicrobenchmarks/ftl-polymorphic-bitor.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-bitor.js.
2847         * slowMicrobenchmarks/ftl-polymorphic-bitxor.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-bitxor.js.
2848         * slowMicrobenchmarks/ftl-polymorphic-lshift.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-lshift.js.
2849         * slowMicrobenchmarks/ftl-polymorphic-rshift.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-rshift.js.
2850         * slowMicrobenchmarks/ftl-polymorphic-sub.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-sub.js.
2851         * slowMicrobenchmarks/ftl-polymorphic-urshift.js: Copied from JSTests/microbenchmarks/ftl-polymorphic-urshift.js.
2852         * slowMicrobenchmarks/map-constant-key.js: Copied from JSTests/microbenchmarks/map-constant-key.js.
2853         * slowMicrobenchmarks/nested-function-parsing.js: Copied from JSTests/microbenchmarks/nested-function-parsing.js.
2854         * slowMicrobenchmarks/rest-parameter-allocation-elimination.js: Copied from JSTests/microbenchmarks/rest-parameter-allocation-elimination.js.
2855         * slowMicrobenchmarks/spread-large-array.js: Copied from JSTests/microbenchmarks/spread-large-array.js.
2856         * slowMicrobenchmarks/string-add-constant-folding.js: Copied from JSTests/microbenchmarks/string-add-constant-folding.js.
2857         * slowMicrobenchmarks/to-lower-case.js: Copied from JSTests/microbenchmarks/to-lower-case.js.
2858         * slowMicrobenchmarks/undefined-property-access.js: Copied from JSTests/microbenchmarks/undefined-property-access.js.
2859
2860 2018-01-23  Robin Morisset  <rmorisset@apple.com>
2861
2862         Update the argument count in DFGByteCodeParser::handleRecursiveCall
2863         https://bugs.webkit.org/show_bug.cgi?id=181739
2864         <rdar://problem/36627662>
2865
2866         Reviewed by Saam Barati.
2867
2868         * stress/recursive-tail-call-with-different-argument-count.js: Added.
2869         (foo):
2870         (bar):
2871
2872 2018-01-22  Michael Saboff  <msaboff@apple.com>
2873
2874         DFG abstract interpreter needs to properly model effects of some Math ops
2875         https://bugs.webkit.org/show_bug.cgi?id=181886
2876
2877         Reviewed by Saam Barati.
2878
2879         New regression test.
2880
2881         * stress/arith-nodes-abstract-interpreter-untypeduse.js: Added.
2882         (test):
2883
2884 2018-01-20  Caio Lima  <ticaiolima@gmail.com>
2885
2886         [JSC] NumberPrototype::extractRadixFromArgs incorrectly cast double to int32_t
2887         https://bugs.webkit.org/show_bug.cgi?id=181182
2888
2889         Reviewed by Darin Adler.
2890
2891         * stress/big-int-prototype-to-string-cast-overflow.js: Added.
2892         * stress/big-int-prototype-to-string-exception.js: Added.
2893         * stress/big-int-prototype-to-string-wrong-values.js: Added.
2894         * stress/number-prototype-to-string-cast-overflow.js: Added.
2895         * stress/number-prototype-to-string-exception.js: Added.
2896         * stress/number-prototype-to-string-wrong-values.js: Added.
2897
2898 2018-01-19  Ryan Haddad  <ryanhaddad@apple.com>
2899
2900         Disable Atomics when SharedArrayBuffer isn’t enabled
2901         https://bugs.webkit.org/show_bug.cgi?id=181572
2902
2903         Unreviewed test gardening.
2904
2905         * test262.yaml: Skip tests that fail after this change.
2906
2907 2018-01-19  Saam Barati  <sbarati@apple.com>
2908
2909         Kill ArithNegate's ArithProfile assert inside BytecodeParser
2910         https://bugs.webkit.org/show_bug.cgi?id=181877
2911         <rdar://problem/36630552>
2912
2913         Reviewed by Mark Lam.
2914
2915         * stress/arith-profile-for-negate-can-see-non-number-due-to-dfg-osr-exit-profiling.js: Added.
2916         (runNearStackLimit):
2917         (f1):
2918         (f2):
2919         (f3):
2920         (i.catch):
2921         (i.try.runNearStackLimit):
2922         (catch):
2923
2924 2018-01-19  Saam Barati  <sbarati@apple.com>
2925
2926         Spread's effects are modeled incorrectly both in AI and in Clobberize
2927         https://bugs.webkit.org/show_bug.cgi?id=181867
2928         <rdar://problem/36290415>
2929
2930         Reviewed by Michael Saboff.
2931
2932         * stress/ai-needs-to-model-spreads-effects.js: Added.
2933         (try.p.Symbol.iterator):
2934         (try.go):
2935         (catch):
2936         * stress/clobberize-needs-to-model-spread-effects.js: Added.
2937         (assert):
2938         (foo):
2939         (a.Symbol.iterator):
2940
2941 2018-01-19  Yusuke Suzuki  <utatane.tea@gmail.com>
2942
2943         Unreviewed, reduce count of iteration to fix timing out debug JSC test
2944         https://bugs.webkit.org/show_bug.cgi?id=181535
2945
2946         * stress/inserted-recovery-with-set-last-index.js:
2947
2948 2018-01-17  Yusuke Suzuki  <utatane.tea@gmail.com>
2949
2950         [DFG][FTL] Introduce PhantomNewRegexp and RegExpExecNonGlobalOrSticky
2951         https://bugs.webkit.org/show_bug.cgi?id=181535
2952
2953         Reviewed by Saam Barati.
2954
2955         * stress/inserted-recovery-with-set-last-index.js: Added.
2956         (shouldBe):
2957         (foo):
2958         * stress/materialize-regexp-at-osr-exit.js: Added.
2959         (shouldBe):
2960         (test):
2961         * stress/materialize-regexp-cyclic-regexp-at-osr-exit.js: Added.
2962         (shouldBe):
2963         (test):
2964         * stress/materialize-regexp-cyclic-regexp.js: Added.
2965         (shouldBe):
2966         (test):
2967         (i.switch):
2968         * stress/materialize-regexp-cyclic.js: Added.
2969         (shouldBe):
2970         (test):
2971         (i.switch):
2972         * stress/materialize-regexp-referenced-from-phantom-regexp-cyclic.js: Added.
2973         (bar):
2974         (foo):
2975         (test):
2976         * stress/materialize-regexp-referenced-from-phantom-regexp.js: Added.
2977         (bar):
2978         (foo):
2979         (test):
2980         * stress/materialize-regexp.js: Added.
2981         (shouldBe):
2982         (test):
2983         * stress/phantom-regexp-regexp-exec.js: Added.
2984         (shouldBe):
2985         (test):
2986         * stress/phantom-regexp-string-match.js: Added.
2987         (shouldBe):
2988         (test):
2989         * stress/regexp-last-index-sinking.js: Added.
2990         (shouldBe):
2991         (test):
2992
2993 2018-01-17  Saam Barati  <sbarati@apple.com>
2994
2995         Disable Atomics when SharedArrayBuffer isn’t enabled
2996         https://bugs.webkit.org/show_bug.cgi?id=181572
2997         <rdar://problem/36553206>
2998
2999         Reviewed by Michael Saboff.
3000
3001         * stress/isLockFree.js:
3002
3003 2018-01-17  Saam Barati  <sbarati@apple.com>
3004
3005         DFG::Node::convertToConstant needs to clear the varargs flags
3006         https://bugs.webkit.org/show_bug.cgi?id=181697
3007         <rdar://problem/36497332>
3008
3009         Reviewed by Yusuke Suzuki.
3010
3011         * stress/dfg-node-convert-to-constant-must-clear-varargs-flags.js: Added.
3012         (doIndexOf):
3013         (bar):
3014         (i.bar):
3015
3016 2018-01-16  Ryan Haddad  <ryanhaddad@apple.com>
3017
3018         Unreviewed, rolling out r226937.
3019
3020         Tests added with this change are failing due to a missing
3021         exception check.
3022
3023         Reverted changeset:
3024
3025         "[JSC] NumberPrototype::extractRadixFromArgs incorrectly cast
3026         double to int32_t"
3027         https://bugs.webkit.org/show_bug.cgi?id=181182
3028         https://trac.webkit.org/changeset/226937
3029
3030 2018-01-13  Caio Lima  <ticaiolima@gmail.com>
3031
3032         [JSC] NumberPrototype::extractRadixFromArgs incorrectly cast double to int32_t
3033         https://bugs.webkit.org/show_bug.cgi?id=181182
3034
3035         Reviewed by Darin Adler.
3036
3037         * bigIntTests.yaml:
3038         * stress/big-int-constructor.js:
3039         * stress/big-int-prototype-to-string-cast-overflow.js: Added.
3040         (assert):
3041         (assertThrowRangeError):
3042         * stress/number-prototype-to-string-cast-overflow.js: Added.
3043         (assert):
3044         (assertThrowRangeError):
3045
3046 2018-01-12  Saam Barati  <sbarati@apple.com>
3047
3048         CheckStructure can be incorrectly subsumed by CheckStructureOrEmpty
3049         https://bugs.webkit.org/show_bug.cgi?id=181177
3050         <rdar://problem/36205704>
3051
3052         Reviewed by Yusuke Suzuki.
3053
3054         * stress/check-structure-ir-ensures-empty-does-not-flow-through.js: Added.
3055         (runNearStackLimit.t):
3056         (runNearStackLimit):
3057         (test.f):
3058         (test):
3059
3060 2018-01-12  Saam Barati  <sbarati@apple.com>
3061
3062         Each variant of a polymorphic inlined call should be exitOK at the top of the block
3063         https://bugs.webkit.org/show_bug.cgi?id=181562
3064         <rdar://problem/36445624>
3065
3066         Reviewed by Yusuke Suzuki.
3067
3068         * stress/each-block-at-top-of-polymorphic-call-inlining-should-be-exitOK.js: Added.
3069         (f):
3070         (foo):
3071
3072 2018-01-11  Saam Barati  <sbarati@apple.com>
3073
3074         When inserting Unreachable in byte code parser we need to flush all the right things
3075         https://bugs.webkit.org/show_bug.cgi?id=181509
3076         <rdar://problem/36423110>
3077
3078         Reviewed by Mark Lam.
3079
3080         * stress/proper-flushing-when-we-insert-unreachable-after-force-exit-in-bytecode-parser.js: Added.
3081
3082 2018-01-11  Saam Barati  <sbarati@apple.com>
3083
3084         JITMathIC code in the FTL is wrong when code gets duplicated
3085         https://bugs.webkit.org/show_bug.cgi?id=181525
3086         <rdar://problem/36351993>
3087
3088         Reviewed by Michael Saboff and Keith Miller.
3089
3090         * stress/allow-math-ic-b3-code-duplication.js: Added.
3091
3092 2018-01-11  Saam Barati  <sbarati@apple.com>
3093
3094         Our for-in caching is wrong when we add indexed properties on things in the prototype chain
3095         https://bugs.webkit.org/show_bug.cgi?id=181508
3096
3097         Reviewed by Yusuke Suzuki.
3098
3099         * stress/for-in-prototype-with-indexed-properties-should-prevent-caching.js: Added.
3100         (assert):
3101         (test1.foo):
3102         (test1):
3103         (test2.foo):
3104         (test2):
3105
3106 2018-01-09  Mark Lam  <mark.lam@apple.com>
3107
3108         ASSERTION FAILED: pair.second->m_type & PropertyNode::Getter
3109         https://bugs.webkit.org/show_bug.cgi?id=181388
3110         <rdar://problem/36349351>
3111
3112         Reviewed by Saam Barati.
3113
3114         * stress/regress-181388.js: Added.
3115
3116 2018-01-08  JF Bastien  <jfbastien@apple.com>
3117
3118         WebAssembly: mask indexed accesses to Table
3119         https://bugs.webkit.org/show_bug.cgi?id=181412
3120         <rdar://problem/36363236>
3121
3122         Reviewed by Saam Barati.
3123
3124         Update error messages.
3125
3126         * wasm/js-api/table.js:
3127         (assert.throws.WebAssembly.Table.prototype.grow):
3128
3129 2018-01-08  Ryan Haddad  <ryanhaddad@apple.com>
3130
3131         Disable SharedArrayBuffer tests missed in r226386.
3132         https://bugs.webkit.org/show_bug.cgi?id=181266
3133
3134         Unreviewed test gardening.
3135
3136         * test262.yaml:
3137
3138 2018-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
3139
3140         Object.getOwnPropertyNames includes "arguments" and "caller" for bound functions
3141         https://bugs.webkit.org/show_bug.cgi?id=181321
3142
3143         Reviewed by Saam Barati.
3144
3145         * stress/bound-function-does-not-have-caller-and-arguments.js: Added.
3146         (shouldBe):
3147         (testFunction):
3148         * test262.yaml:
3149
3150 2018-01-05  Ryan Haddad  <ryanhaddad@apple.com>
3151
3152         Unreviewed, attempt to fix test262 after r226386.
3153
3154         * test262.yaml:
3155
3156 2018-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
3157
3158         [DFG] Define defs for MapSet/SetAdd to participate in CSE
3159         https://bugs.webkit.org/show_bug.cgi?id=179911
3160
3161         Reviewed by Saam Barati.
3162
3163         In addition to these tests, map-set-cse.js and set-add-cse.js work.
3164
3165         * stress/map-set-change-get.js: Added.
3166         (shouldBe):
3167         (test):
3168         * stress/map-set-create-bucket.js: Added.
3169         (shouldBe):
3170         (test):
3171         * stress/set-add-create-bucket.js: Added.
3172         (shouldBe):
3173
3174 2018-01-03  Michael Saboff  <msaboff@apple.com>
3175
3176         Disable SharedArrayBuffers from Web API
3177         https://bugs.webkit.org/show_bug.cgi?id=181266
3178
3179         Reviewed by Saam Barati.
3180
3181         Disabled SharedArrayBuffer tests.
3182
3183         * stress/SharedArrayBuffer-opt.js:
3184         * stress/SharedArrayBuffer.js:
3185         * stress/array-buffer-byte-length.js:
3186         * stress/atomics-add-uint32.js:
3187         * stress/atomics-known-int-use.js:
3188         * stress/atomics-neg-zero.js:
3189         * stress/atomics-store-return.js:
3190         * stress/lars-sab-workers.js:
3191         * stress/regress-159779-1.js:
3192         * stress/regress-159779-2.js:
3193         * stress/regress-170473.js:
3194         * test262.yaml:
3195
3196 2018-01-03  Caio Lima  <ticaiolima@gmail.com>
3197
3198         [ESNext][BigInt] Failing test stress/big-int-constructor-oom.js into MIPS
3199         https://bugs.webkit.org/show_bug.cgi?id=181258
3200
3201         Reviewed by Antonio Gomes.
3202
3203         * stress/big-int-constructor-gc.js:
3204         * stress/big-int-constructor-oom.js:
3205
3206 2018-01-03  Robin Morisset  <rmorisset@apple.com>
3207
3208         Inlining of a function that ends in op_unreachable crashes
3209         https://bugs.webkit.org/show_bug.cgi?id=181027
3210
3211         Reviewed by Filip Pizlo.
3212
3213         * stress/inlining-unreachable.js: Added.
3214         (bar):
3215         (baz):
3216         (i.catch):
3217
3218 2018-01-02  Saam Barati  <sbarati@apple.com>
3219
3220         Incorrect assertion inside AccessCase
3221         https://bugs.webkit.org/show_bug.cgi?id=181200
3222         <rdar://problem/35494754>
3223
3224         Reviewed by Yusuke Suzuki.
3225
3226         * stress/setter-same-base-and-rhs-invalid-assertion-inside-access-case.js: Added.
3227         (ctor):
3228         (theFunc):
3229         (run):
3230
3231 2018-01-02  Caio Lima  <ticaiolima@gmail.com>
3232
3233         [ESNext][BigInt] Implement BigIntConstructor and BigIntPrototype
3234         https://bugs.webkit.org/show_bug.cgi?id=175359
3235
3236         Reviewed by Yusuke Suzuki.
3237
3238         * bigIntTests.yaml:
3239         * stress/big-int-as-key.js: Added.
3240         * stress/big-int-constructor-gc.js: Added.
3241         * stress/big-int-constructor-oom.js: Added.
3242         * stress/big-int-constructor-properties.js: Added.
3243         * stress/big-int-constructor-prototype-prop-descriptor.js: Added.
3244         * stress/big-int-constructor-prototype.js: Added.
3245         * stress/big-int-constructor.js: Added.
3246         * stress/big-int-function-apply.js:
3247         * stress/big-int-length.js: Added.
3248         * stress/big-int-prop-descriptor.js: Added.
3249         * stress/big-int-proto-constructor.js: Added.
3250         * stress/big-int-proto-name.js: Added.
3251         * stress/big-int-prototype-properties.js: Added.
3252         * stress/big-int-prototype-proto.js: Added.
3253         * stress/big-int-prototype-value-of.js: Added.
3254         * stress/big-int-prototype-symbol-to-string-tag.js: Added.
3255         * stress/big-int-prototype-to-string-apply.js: Added.
3256         * stress/big-int-to-object.js: Added.
3257         * stress/big-int-to-string.js: Added.
3258
3259 2017-12-28  Saam Barati  <sbarati@apple.com>
3260
3261         Assertion used to determine if something is an async generator is wrong
3262         https://bugs.webkit.org/show_bug.cgi?id=181168
3263         <rdar://problem/35640560>
3264
3265         Reviewed by Yusuke Suzuki.
3266
3267         * stress/async-generator-assertion.js: Added.
3268
3269 2017-12-21  Guillaume Emont  <guijemont@igalia.com>
3270
3271         Skip stress/splay-flash-access tests on memory limited platforms
3272         https://bugs.webkit.org/show_bug.cgi?id=181086
3273
3274         Reviewed by Carlos Alberto Lopez Perez.
3275
3276         These tests use about 185M of memory, and occasionally get OOM-killed
3277         on memory limited platforms.
3278
3279         * stress/splay-flash-access-1ms.js:
3280         * stress/splay-flash-access.js:
3281
3282 2017-12-21  Guillaume Emont  <guijemont@igalia.com>
3283
3284         Skip slow jsc tests on embedded platforms
3285         https://bugs.webkit.org/show_bug.cgi?id=180937
3286
3287         Reviewed by Carlos Alberto Lopez Perez.
3288
3289         The tests typeProfiler/deltablue-for-of.js and
3290         typeProfiler/getter-richards.js take a very long time in the
3291         ftl-no-cjit-type-profiler-force-poly-proto on embedded platform, and
3292         thus always timeout. They should be skipped on these platforms.
3293
3294         * typeProfiler/deltablue-for-of.js: Skip on arm*/mips.
3295         * typeProfiler/getter-richards.js: Skip on arm*/mips.
3296
3297 2017-12-19  Yusuke Suzuki  <utatane.tea@gmail.com>
3298
3299         [JSC] Do not check isValid() in op_new_regexp
3300         https://bugs.webkit.org/show_bug.cgi?id=180970
3301
3302         Reviewed by Saam Barati.
3303
3304         * stress/regexp-syntax-error-invalid-flags.js: Added.
3305         (shouldThrow):
3306
3307 2017-12-18  Guillaume Emont  <guijemont@igalia.com>
3308
3309         Skip stress/call-apply-exponential-bytecode-size.js unless x86-64 or arm64
3310         https://bugs.webkit.org/show_bug.cgi?id=180712
3311
3312         Reviewed by Michael Catanzaro.
3313
3314         stress/call-apply-exponential-bytecode-size.js crashes if the
3315         ExecutableAllocator's fixedExecutableMemoryPoolSize is less than 64
3316         MB. Currently it is 64 MB or more only on x86-64 and arm64, so we
3317         should skip the test on other platforms.
3318
3319         * stress/call-apply-exponential-bytecode-size.js:
3320
3321 2017-12-17  Yusuke Suzuki  <utatane.tea@gmail.com>
3322
3323         [FTL] NewArrayBuffer should be sinked if it is only used for spreading
3324         https://bugs.webkit.org/show_bug.cgi?id=179762
3325
3326         Reviewed by Saam Barati.
3327
3328         * stress/call-varargs-double-new-array-buffer.js: Added.
3329         (assert):
3330         (bar):
3331         (foo):
3332         * stress/call-varargs-spread-new-array-buffer.js: Added.
3333         (assert):
3334         (bar):
3335         (foo):
3336         * stress/call-varargs-spread-new-array-buffer2.js: Added.
3337         (assert):
3338         (bar):
3339         (foo):
3340         * stress/forward-varargs-double-new-array-buffer.js: Added.
3341         (assert):
3342         (test.baz):
3343         (test.bar):
3344         (test.foo):
3345         (test):
3346         * stress/new-array-buffer-sinking-osrexit.js: Added.
3347         (target):
3348         (test):
3349         * stress/new-array-with-spread-double-new-array-buffer.js: Added.
3350         (shouldBe):
3351         (test):
3352         * stress/new-array-with-spread-with-phantom-new-array-buffer.js: Added.
3353         (shouldBe):
3354         (target):
3355         (test):
3356         * stress/phantom-new-array-buffer-forward-varargs.js: Added.
3357         (assert):
3358         (test1.bar):
3359         (test1.foo):
3360         (test1):
3361         (test2.bar):
3362         (test2.foo):
3363         (test3.baz):
3364         (test3.bar):
3365         (test3.foo):
3366         (test4.baz):
3367         (test4.bar):
3368         (test4.foo):
3369         * stress/phantom-new-array-buffer-forward-varargs2.js: Added.
3370         (assert):
3371         (test.baz):
3372         (test.bar):
3373         (test.foo):
3374         (test):
3375         * stress/phantom-new-array-buffer-osr-exit.js: Added.
3376         (assert):
3377         (baz):
3378         (bar):
3379         (effects):
3380         (foo):
3381
3382 2017-12-14  Saam Barati  <sbarati@apple.com>
3383
3384         The CleanUp after LICM is erroneously removing a Check
3385         https://bugs.webkit.org/show_bug.cgi?id=180852
3386         <rdar://problem/36063494>
3387
3388         Reviewed by Filip Pizlo.
3389
3390         * stress/dont-run-cleanup-after-licm.js: Added.
3391
3392 2017-12-14  Michael Saboff  <msaboff@apple.com>
3393
3394         REGRESSION (r225695): Repro crash on yahoo login page
3395         https://bugs.webkit.org/show_bug.cgi?id=180761
3396
3397         Reviewed by JF Bastien.
3398
3399         New regression test.
3400
3401         * stress/regress-180761.js: Added.
3402
3403 2017-12-13  Keith Miller  <keith_miller@apple.com>
3404
3405         JSObjects should have a mask for loading indexed properties
3406         https://bugs.webkit.org/show_bug.cgi?id=180768
3407
3408         Reviewed by Mark Lam.
3409
3410         * stress/int16-put-by-val-in-and-out-of-bounds.js:
3411         (test):
3412
3413 2017-12-13  Saam Barati  <sbarati@apple.com>
3414
3415         Arrow functions need their own structure because they have different properties than sloppy functions
3416         https://bugs.webkit.org/show_bug.cgi?id=180779
3417         <rdar://problem/35814591>
3418
3419         Reviewed by Mark Lam.
3420
3421         * stress/arrow-function-needs-its-own-structure.js: Added.
3422         (assert):
3423         (readPrototype):
3424         (noInline.let.f1):
3425         (noInline):
3426
3427 2017-12-13  Saam Barati  <sbarati@apple.com>
3428
3429         Fix how JSFunction handles "caller" and "arguments" for functions that don't have those properties
3430         https://bugs.webkit.org/show_bug.cgi?id=163579
3431         <rdar://problem/35455798>
3432
3433         Reviewed by Mark Lam.
3434
3435         * stress/caller-and-arguments-properties-for-functions-that-dont-have-them.js: Added.
3436         (assert):
3437         (test1):
3438         (i.test1):
3439         (i.test1.C):
3440         (i.test1.async.foo):
3441         (i.test1.foo):
3442         (test2):
3443
3444 2017-12-13  Saam Barati  <sbarati@apple.com>
3445
3446         TypeCheckHoistingPhase needs to emit a CheckStructureOrEmpty if it's doing it for |this|
3447         https://bugs.webkit.org/show_bug.cgi?id=180734
3448         <rdar://problem/35640547>
3449
3450         Reviewed by Yusuke Suzuki.
3451
3452         * stress/type-check-hoisting-phase-hoist-check-structure-on-tdz-this-value.js: Added.
3453         (__isPropertyOfType):
3454         (__getProperties):
3455         (__getObjects):
3456         (__getRandomObject):
3457         (theClass.):
3458         (theClass):
3459         (childClass):
3460         (counter.catch):
3461
3462 2017-12-12  Saam Barati  <sbarati@apple.com>
3463
3464         We need to model effects of Spread(@PhantomCreateRest) in Clobberize/PreciseLocalClobberize
3465         https://bugs.webkit.org/show_bug.cgi?id=180725
3466         <rdar://problem/35970511>
3467
3468         Reviewed by Michael Saboff.
3469
3470         * stress/model-effects-properly-of-spread-over-phantom-create-rest.js: Added.
3471         (f1):
3472         (f2):
3473         (let.o2.valueOf):
3474
3475 2017-12-12  Yusuke Suzuki  <utatane.tea@gmail.com>
3476
3477         [JSC] Implement optimized WeakMap and WeakSet
3478         https://bugs.webkit.org/show_bug.cgi?id=179929
3479
3480         Reviewed by Saam Barati.
3481
3482         * microbenchmarks/weak-map-key.js:
3483         * microbenchmarks/weak-set-key.js: Copied from JSTests/microbenchmarks/weak-map-key.js.
3484         (assert):
3485         (objectKey):
3486         (let.start.Date.now):
3487         * stress/basic-weakmap.js: Added.
3488         (shouldBe):
3489         (test):
3490         * stress/basic-weakset.js: Added.
3491         (shouldBe):
3492         (test.set new):
3493         * stress/weakmap-cse-set-break.js: Added.
3494         (shouldBe):
3495         (test):
3496         * stress/weakmap-cse.js: Added.
3497         (shouldBe):
3498         (test):
3499         * stress/weakmap-gc.js: Added.
3500         (test):
3501         * stress/weakset-cse-add-break.js: Added.
3502         (shouldBe):
3503         (test.set new):
3504         * stress/weakset-cse.js: Added.
3505         (shouldBe):
3506         (test.set new):
3507         * stress/weakset-gc.js: Added.
3508         (test.set add):
3509         (test.set new):
3510         (test):
3511
3512 2017-12-12  Saam Barati  <sbarati@apple.com>
3513
3514         ConstantFoldingPhase rule for GetMyArgumentByVal must check for negative indices
3515         https://bugs.webkit.org/show_bug.cgi?id=180723
3516         <rdar://problem/35859726>
3517
3518         Reviewed by JF Bastien.
3519
3520         * stress/get-my-argument-by-val-constant-folding.js: Added.
3521         (test):
3522         (catch):
3523
3524 2017-12-12  Caio Lima  <ticaiolima@gmail.com>
3525
3526         [ESNext][BigInt] Implement BigInt literals and JSBigInt
3527         https://bugs.webkit.org/show_bug.cgi?id=179000
3528
3529         Reviewed by Darin Adler and Yusuke Suzuki.
3530
3531         * bigIntTests.yaml: Added.
3532         * stress/big-int-literal-line-terminator.js: Added.
3533         * stress/big-int-literals.js: Added.
3534         * stress/big-int-operations-error.js: Added.
3535         * stress/big-int-type-of.js: Added.
3536         * stress/big-int-white-space-trailing-leading.js: Added.
3537         * stress/big-int-function-apply.js: Added.
3538
3539 2017-12-11  Saam Barati  <sbarati@apple.com>
3540
3541         We need to disableCaching() in ErrorInstance when we materialize properties
3542         https://bugs.webkit.org/show_bug.cgi?id=180343
3543         <rdar://problem/35833002>
3544
3545         Reviewed by Mark Lam.
3546
3547         * stress/disable-caching-when-lazy-materializing-error-property-on-put.js: Added.
3548         (assert):
3549         (makeError):
3550         (storeToStack):
3551         (storeToStackAlreadyMaterialized):
3552
3553 2017-12-05  JF Bastien  <jfbastien@apple.com>
3554
3555         WebAssembly: don't eagerly checksum
3556         https://bugs.webkit.org/show_bug.cgi?id=180441
3557         <rdar://problem/35156628>
3558
3559         Reviewed by Saam Barati.
3560
3561         Checksum is now disabled, so tests only have <?> as the module
3562         name.
3563
3564         * wasm/function-tests/nameSection.js:
3565         * wasm/function-tests/stack-overflow.js:
3566         (import.Builder.from.string_appeared_here.import.as.assert.from.string_appeared_here.assertOverflows):
3567         (assertOverflows.assertThrows):
3568         (assertOverflows):
3569         * wasm/function-tests/stack-trace.js:
3570
3571 2017-12-04  JF Bastien  <jfbastien@apple.com>
3572
3573         Proxy all functions, except the $ objects
3574         https://bugs.webkit.org/show_bug.cgi?id=180375
3575
3576         Reviewed by Saam Barati.
3577
3578         It looks like this test may have broken some executions because I
3579         call some internal objects. Explicitly ignore objects whose name
3580         starts with "$" because it's a bad idea anyways.
3581
3582         * stress/proxy-all-the-parameters.js:
3583         (generateObjects):
3584         (get throw):
3585
3586 2017-12-04  Saam Barati  <sbarati@apple.com>
3587
3588         We need to leave room on the top of the stack for the FTL TailCall slow path so it doesn't overwrite things we want to retrieve when doing a stack walk when throwing an exception
3589         https://bugs.webkit.org/show_bug.cgi?id=180366
3590         <rdar://problem/35685877>
3591
3592         Reviewed by Michael Saboff.
3593
3594         * stress/ftl-tail-call-throw-exception-from-slow-path-recover-stack-values.js: Added.
3595         (theParent):
3596         (test1.base.getParentStaticValue):
3597         (test1.base):
3598         (test1.__v_24888.prototype.set prop):
3599         (test1.__v_24888):
3600         (test2.base.getParentStaticValue):
3601         (test2.base):
3602         (test2.__v_24888.prototype.set prop):
3603         (test2.__v_24888):
3604         (test2):
3605
3606 2017-12-01  JF Bastien  <jfbastien@apple.com>
3607
3608         Try proxying all function arguments
3609         https://bugs.webkit.org/show_bug.cgi?id=180306
3610
3611         Reviewed by Saam Barati.
3612
3613         * stress/proxy-all-the-parameters.js: Added.
3614         (isPropertyOfType):
3615         (getProperties):
3616         (generateObjects):
3617         (getObjects):
3618         (getFunctions):
3619         (get throw):
3620         (let.o.of.getObjects.let.f.of.getFunctions.catch):
3621
3622 2017-12-01  JF Bastien  <jfbastien@apple.com>
3623
3624         JavaScriptCore: missing exception checks in Math functions that take more than one argument
3625         https://bugs.webkit.org/show_bug.cgi?id=180297
3626         <rdar://problem/35745556>
3627
3628         Reviewed by Mark Lam.
3629
3630         * stress/math-exceptions.js: Added.
3631         (get try):
3632         (catch):
3633
3634 2017-12-01  JF Bastien  <jfbastien@apple.com>
3635
3636         JavaScriptCore: add test for weird class static getters
3637         https://bugs.webkit.org/show_bug.cgi?id=180281
3638         <rdar://problem/35592139>
3639
3640         Reviewed by Mark Lam.
3641
3642         I fixed a bug for it in r224927 and didn't add a test. Do so.
3643
3644         * stress/class-static-get-weird.js: Added.
3645         (c.prototype.get name):
3646         (c):
3647         (c.prototype.get arguments):
3648         (c.prototype.get caller):
3649         (c.prototype.get length):
3650
3651 2017-12-01  Saam Barati  <sbarati@apple.com>
3652
3653         Having a bad time needs to handle ArrayClass indexing type as well
3654         https://bugs.webkit.org/show_bug.cgi?id=180274
3655         <rdar://problem/35667869>
3656
3657         Reviewed by Keith Miller and Mark Lam.
3658
3659         * stress/array-prototype-slow-put-having-a-bad-time-2.js: Added.
3660         (assert):
3661         * stress/array-prototype-slow-put-having-a-bad-time.js: Added.
3662         (assert):
3663
3664 2017-12-01  JF Bastien  <jfbastien@apple.com>
3665
3666         WebAssembly: restore cached stack limit after out-call
3667         https://bugs.webkit.org/show_bug.cgi?id=179106
3668         <rdar://problem/35337525>
3669
3670         Reviewed by Saam Barati.
3671
3672         * wasm/function-tests/double-instance.js: Added.
3673         (const.imp.boom):
3674         (const.imp.get callAnother):
3675
3676 2017-11-30  JF Bastien  <jfbastien@apple.com>
3677
3678         WebAssembly: improve stack trace
3679         https://bugs.webkit.org/show_bug.cgi?id=179343
3680
3681         Reviewed by Saam Barati.
3682
3683         Update the tests to follow the new format. Notably, SHA1 module
3684         hash is now included in traces, and stubs are properly identified.
3685
3686         * wasm/assert.js: Add an assertion which matches regular expressions.
3687         * wasm/function-tests/nameSection.js:
3688         * wasm/function-tests/stack-overflow.js:
3689         (import.Builder.from.string_appeared_here.import.as.assert.from.string_appeared_here.assertOverflows):
3690         (assertOverflows.assertThrows.wasm.1):
3691         (assertOverflows.assertThrows.wasm.0):
3692         (assertOverflows.assertThrows):
3693         (assertOverflows):
3694         * wasm/function-tests/stack-trace.js:
3695         (import.Builder.from.string_appeared_here.assert): Deleted.
3696         * wasm/function-tests/trap-after-cross-instance-call.js:
3697         (wasmFrameCountFromError):
3698         * wasm/function-tests/trap-load-2.js:
3699         (wasmFrameCountFromError):
3700         * wasm/function-tests/trap-load.js:
3701         (wasmFrameCountFromError):
3702
3703 2017-11-30  Mark Lam  <mark.lam@apple.com>
3704
3705         jsc shell's flashHeapAccess() should not do JS work after releasing access to the heap.
3706         https://bugs.webkit.org/show_bug.cgi?id=180219
3707         <rdar://problem/35696536>
3708
3709         Reviewed by Filip Pizlo.
3710
3711         * stress/regress-180219.js: Added.
3712
3713 2017-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
3714
3715         [DFG][FTL] operationHasIndexedProperty does not consider negative int32_t
3716         https://bugs.webkit.org/show_bug.cgi?id=180190
3717
3718         Reviewed by Mark Lam.
3719
3720         * stress/operation-in-may-have-negative-int32-array-storage.js: Added.
3721         (shouldBe):
3722         (test1):
3723         * stress/operation-in-may-have-negative-int32-contiguous-array.js: Added.
3724         (shouldBe):
3725         (test1):
3726         * stress/operation-in-may-have-negative-int32-double-array.js: Added.
3727         (shouldBe):
3728         (test1):
3729         * stress/operation-in-may-have-negative-int32-generic-array.js: Added.
3730         (shouldBe):
3731         (test1):
3732         * stress/operation-in-may-have-negative-int32-int32-array.js: Added.
3733         (shouldBe):
3734         (test1):
3735         * stress/operation-in-may-have-negative-int32.js: Added.
3736         (shouldBe):
3737         (test2):
3738         * stress/operation-in-negative-int32-cast.js: Added.
3739         (shouldBe):
3740         (test1):
3741
3742 2017-11-28  JF Bastien  <jfbastien@apple.com>
3743
3744         Strict and sloppy functions shouldn't share structure
3745         https://bugs.webkit.org/show_bug.cgi?id=180103
3746         <rdar://problem/35667847>
3747
3748         Reviewed by Saam Barati.
3749
3750         * stress/get-by-id-strict-arguments.js: Added. Used to not throw
3751         because the IC was wrong.
3752         (foo):
3753         (bar):
3754         (baz):
3755         (catch):
3756         * stress/get-by-id-strict-callee.js: Added. Not strictly necessary
3757         in this patch, but may as well test odd strict mode corner cases.
3758         (bar):
3759         (baz):
3760         (catch):
3761         * stress/get-by-id-strict-caller.js: Added. Also IC'd wrong.
3762         (foo):
3763         (bar):
3764         (baz):
3765         (catch):
3766         * stress/get-by-id-strict-nested-arguments-2.js: Added. Same as
3767         next file, but with invalidation of the FunctionExecutable's
3768         singletonFunction() to hit SpeculativeJIT::compileNewFunction's
3769         slower path.
3770         (foo):
3771         (bar.const.x):
3772         (bar.const.y):
3773         (bar):
3774         (catch):
3775         * stress/get-by-id-strict-nested-arguments.js: Added. Make sure
3776         strict nesting works correctly.
3777         (foo):
3778         (bar.baz):
3779         (bar):
3780         * stress/strict-function-structure.js: Added. The test used to
3781         assert in objectProtoFuncHasOwnProperty.
3782         (foo):
3783         (bar):
3784         (baz):
3785         * stress/strict-nested-function-structure.js: Added. Nesting.
3786         (foo):
3787         (bar):
3788         (baz.boo):
3789         (baz):
3790
3791 2017-11-29  Robin Morisset  <rmorisset@apple.com>
3792
3793         The recursive tail call optimisation is wrong on closures
3794         https://bugs.webkit.org/show_bug.cgi?id=179835
3795
3796         Reviewed by Saam Barati.
3797
3798         * stress/closure-recursive-tail-call.js: Added.
3799         (makeClosure):
3800
3801 2017-11-27  JF Bastien  <jfbastien@apple.com>
3802
3803         JavaScript rest function parameter with negative index leads to bad DFG abstract interpretation
3804         https://bugs.webkit.org/show_bug.cgi?id=180051
3805         <rdar://problem/35614371>
3806
3807         Reviewed by Saam Barati.
3808
3809         * stress/rest-parameter-negative.js: Added.
3810         (__f_5484):
3811         (catch):
3812         (__f_5485):
3813         (__v_22598.catch):
3814
3815 2017-11-27  Saam Barati  <sbarati@apple.com>
3816
3817         Spread can escape when CreateRest does not
3818         https://bugs.webkit.org/show_bug.cgi?id=180057
3819         <rdar://problem/35676119>
3820
3821         Reviewed by JF Bastien.
3822
3823         * stress/spread-escapes-but-create-rest-does-not.js: Added.
3824         (assert):
3825         (getProperties):
3826         (theFunc):
3827         (let.obj.valueOf):
3828
3829 2017-11-21  Yusuke Suzuki  <utatane.tea@gmail.com>
3830
3831         [DFG] Add NormalizeMapKey DFG IR
3832         https://bugs.webkit.org/show_bug.cgi?id=179912
3833
3834         Reviewed by Saam Barati.
3835
3836         * stress/map-untyped-normalize-cse.js: Added.
3837         (shouldBe):
3838         (test):
3839         * stress/map-untyped-normalize.js: Added.
3840         (shouldBe):
3841         (test):
3842         * stress/set-untyped-normalize-cse.js: Added.
3843         (shouldBe):
3844         (set return.set has.set has):
3845         * stress/set-untyped-normalize.js: Added.
3846         (shouldBe):
3847         (set return.set has):
3848
3849 2017-11-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3850
3851         [FTL] Support DeleteById and DeleteByVal
3852         https://bugs.webkit.org/show_bug.cgi?id=180022
3853
3854         Reviewed by Saam Barati.
3855
3856         * stress/delete-by-id.js: Added.
3857         (shouldBe):
3858         (test1):
3859         (test2):
3860         * stress/delete-by-val-ftl.js: Added.
3861         (shouldBe):
3862         (test1):
3863         (test2):
3864
3865 2017-11-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3866
3867         [DFG] Introduce {Set,Map,WeakMap}Fields
3868         https://bugs.webkit.org/show_bug.cgi?id=179925
3869
3870         Reviewed by Saam Barati.
3871
3872         * stress/map-set-clobber-map-get.js: Added.
3873         (shouldBe):
3874         (test):
3875         * stress/map-set-does-not-clobber-set-has.js: Added.
3876         (shouldBe):
3877         * stress/map-set-does-not-clobber-weak-map-get.js: Added.
3878         (shouldBe):
3879         (test):
3880         * stress/set-add-clobber-set-has.js: Added.
3881         (shouldBe):
3882         * stress/set-add-does-not-clobber-map-get.js: Added.
3883         (shouldBe):
3884
3885 2017-11-24  Mark Lam  <mark.lam@apple.com>
3886
3887         Move unsafe jsc shell test functions to the $vm object.
3888         https://bugs.webkit.org/show_bug.cgi?id=179980
3889
3890         Reviewed by Yusuke Suzuki.
3891
3892         * controlFlowProfiler/driver/driver.js:
3893         * controlFlowProfiler/execution-count.js:
3894         * controlFlowProfiler/if-statement.js:
3895         * controlFlowProfiler/loop-statements.js:
3896         * controlFlowProfiler/switch-statements.js:
3897         * controlFlowProfiler/test-jit.js:
3898         * exceptionFuzz/3d-cube.js:
3899         * exceptionFuzz/date-format-xparb.js:
3900         * exceptionFuzz/earley-boyer.js:
3901         * heapProfiler/basic-edges.js:
3902         * heapProfiler/property-edge-types.js:
3903         * microbenchmarks/try-get-by-id-basic.js:
3904         * microbenchmarks/try-get-by-id-polymorphic.js:
3905         * modules/namespace-object-try-get.js:
3906         * stress/argument-count-bytecode.js:
3907         * stress/argument-intrinsic-basic.js:
3908         * stress/argument-intrinsic-inlining-use-caller-arg.js:
3909         * stress/argument-intrinsic-inlining-with-result-escape.js:
3910         * stress/argument-intrinsic-inlining-with-vararg-with-enough-arguments.js:
3911         * stress/argument-intrinsic-inlining-with-vararg.js:
3912         * stress/argument-intrinsic-nested-inlining.js:
3913         * stress/argument-intrinsic-not-convert-to-get-argument.js:
3914         * stress/argument-intrinsic-with-stack-write.js:
3915         * stress/arity-mismatch-get-argument.js:
3916         * stress/array-message-passing.js:
3917         * stress/array-push-with-force-exit.js:
3918         * stress/check-dom-with-signature.js:
3919         * stress/check-sub-class.js:
3920         * stress/compare-eq-incomplete-profile.js:
3921         * stress/custom-get-set-inline-caching-one-level-up-proto-chain.js:
3922         * stress/do-eval-virtual-call-correctly.js:
3923         * stress/dom-jit-with-poly-proto.js:
3924         * stress/domjit-exception-ic.js:
3925         * stress/domjit-exception.js:
3926         * stress/domjit-getter-complex-with-incorrect-object.js:
3927         * stress/domjit-getter-complex.js:
3928         * stress/domjit-getter-poly.js:
3929         * stress/domjit-getter-proto.js:
3930         * stress/domjit-getter-super-poly.js:
3931         * stress/domjit-getter-try-catch-getter-as-get-by-id-register-restoration.js:
3932         * stress/domjit-getter-type-check.js:
3933         * stress/domjit-getter.js:
3934         * stress/exit-during-inlined-arity-fixup-recover-proper-frame.js:
3935         * stress/for-in-proxy-target-changed-structure.js:
3936         * stress/for-in-proxy.js:
3937         * stress/generational-opaque-roots.js:
3938         * stress/global-const-redeclaration-setting-2.js:
3939         * stress/global-const-redeclaration-setting-3.js:
3940         * stress/global-const-redeclaration-setting-4.js:
3941         * stress/global-const-redeclaration-setting-5.js:
3942         * stress/global-const-redeclaration-setting.js:
3943         * stress/import-basic.js:
3944         * stress/import-from-eval.js:
3945         * stress/import-reject-with-exception.js:
3946         * stress/import-syntax.js:
3947         * stress/impure-get-own-property-slot-inline-cache.js:
3948         * stress/is-constructor.js:
3949         * stress/istypedarrayview-intrinsic.js:
3950         * stress/jsc-setImpureGetterDelegate-on-bad-type.js:
3951         * stress/jsc-test-functions-should-be-more-robust.js:
3952         * stress/object-toString-with-proxy.js:
3953         * stress/poly-proto-custom-value-and-accessor.js:
3954         * stress/proxy-inline-cache.js:
3955         * stress/re-execute-error-module.js:
3956         * stress/regress-150532.js:
3957         * stress/regress-156992.js:
3958         * stress/regress-179619.js:
3959         * stress/resources/shadow-chicken-support.js:
3960         * stress/runtime-array.js:
3961         * stress/sampling-profiler-microtasks.js:
3962         * stress/shadow-chicken-enabled.js:
3963         * stress/spread-correct-global-object-on-exception.js:
3964         * stress/super-get-by-id.js:
3965         * stress/tailCallForwardArguments.js:
3966         * stress/to-object-intrinsic-boolean-edge.js:
3967         * stress/to-object-intrinsic-null-or-undefined-edge.js:
3968         * stress/to-object-intrinsic-number-edge.js:
3969         * stress/to-object-intrinsic-object-edge.js:
3970         * stress/to-object-intrinsic-string-edge.js:
3971         * stress/to-object-intrinsic-symbol-edge.js:
3972         * stress/to-object-intrinsic.js:
3973         * stress/try-catch-custom-getter-as-get-by-id.js:
3974         * stress/try-get-by-id-poly-proto.js:
3975         * stress/try-get-by-id-should-spill-registers-dfg.js:
3976         * stress/try-get-by-id.js:
3977         * typeProfiler/arrow-functions.js:
3978         * typeProfiler/basic.js:
3979         * typeProfiler/captured.js:
3980         * typeProfiler/classes.js:
3981         * typeProfiler/dfg-jit-optimizations.js:
3982         * typeProfiler/dictionary-mode.js:
3983         * typeProfiler/es6-block-scoping.js:
3984         * typeProfiler/es6-classes.js:
3985         * typeProfiler/inheritance.js:
3986         * typeProfiler/int52-dfg.js:
3987         * typeProfiler/loop.js:
3988         * typeProfiler/optional-fields.js:
3989         * typeProfiler/overflow.js:
3990         * typeProfiler/return.js:
3991         * typeProfiler/symbol.js:
3992         * typeProfiler/weird-prototype-chain.js:
3993
3994 2017-11-21  Yusuke Suzuki  <utatane.tea@gmail.com>
3995
3996         [DFG][FTL] Support MapSet / SetAdd intrinsics
3997         https://bugs.webkit.org/show_bug.cgi?id=179858
3998
3999         Reviewed by Saam Barati.
4000
4001         * microbenchmarks/map-has-and-set.js: Added.
4002         (test):
4003         * stress/map-set-check-failure.js: Added.
4004         (shouldBe):
4005         (shouldThrow):
4006         (target):
4007         * stress/map-set-cse.js: Added.
4008         (shouldBe):
4009         (test):
4010         * stress/set-add-check-failure.js: Added.
4011         (shouldBe):
4012         (shouldThrow):
4013         (set shouldThrow):
4014         * stress/set-add-cse.js: Added.
4015         (shouldBe):
4016
4017 2017-11-21  Yusuke Suzuki  <utatane.tea@gmail.com>
4018
4019         [JSC] Allow poly proto for intrinsic getters
4020         https://bugs.webkit.org/show_bug.cgi?id=179550
4021
4022         Reviewed by Saam Barati.
4023
4024         This change is also tested by existing tests.
4025
4026             1. stress/intrinsic-getter-with-poly-proto.js
4027             2. stress/poly-proto-intrinsic-getter-correctness.js
4028
4029         * stress/intrinsic-getter-with-poly-proto-getter-change.js: Added.
4030         (shouldBe):
4031         (makePolyProtoObject.foo.C):
4032         (makePolyProtoObject.foo):
4033         (makePolyProtoObject):
4034         (target):
4035         * stress/intrinsic-getter-with-poly-proto-proto-change.js: Added.
4036         (shouldBe):
4037         (makePolyProtoObject.foo.C):
4038         (makePolyProtoObject.foo):
4039         (makePolyProtoObject):
4040         (target):
4041
4042 2017-11-20  Guillaume Emont  <guijemont@igalia.com>
4043
4044         Skip stress/unshiftCountSlowCase-correct-postCapacity.js on embedded Linux
4045         https://bugs.webkit.org/show_bug.cgi?id=179744
4046
4047         Reviewed by Michael Catanzaro.
4048
4049         This test uses too much memory for our buildbots on these platforms
4050         and gets OOM-killed.
4051
4052         * stress/unshiftCountSlowCase-correct-postCapacity.js:
4053         Skip if $memoryLimited and linux.
4054
4055 2017-11-17  JF Bastien  <jfbastien@apple.com>
4056
4057         WebAssembly JS API: throw when a promise can't be created
4058         https://bugs.webkit.org/show_bug.cgi?id=179826
4059         <rdar://problem/35455813>
4060
4061         Reviewed by Mark Lam.
4062
4063         Test WebAssembly.{compile,instantiate} where promise creation
4064         fails because of a stack overflow.
4065
4066         * wasm/js-api/promise-stack-overflow.js: Added.
4067         (const.runNearStackLimit.f.const.t):
4068         (async.testCompile):
4069         (async.testInstantiate):
4070
4071 2017-11-16  Yusuke Suzuki  <utatane.tea@gmail.com>
4072
4073         Unreviewed, mark regress-178385.js as memory exhausting
4074
4075         * stress/regress-178385.js:
4076
4077 2017-11-16  Ryan Haddad  <ryanhaddad@apple.com>
4078
4079         Mark test262/test/language/statements/class/definition/fn-name-static-precedence.js as passing after r224927.
4080
4081         Unreviewed test gardening.
4082
4083         * test262.yaml:
4084
4085 2017-11-16  Robin Morisset  <rmorisset@apple.com>
4086
4087         REGRESSION (r224592): oss-fuzz: jsc: Null-dereference READ in JSC::JSCell::isObject (4216)
4088         https://bugs.webkit.org/show_bug.cgi?id=179763
4089         <rdar://problem/35550513>
4090
4091         Reviewed by Keith Miller.
4092
4093         Just adding a slightly cleaned-up version of the original fuzzer-found test.
4094
4095         * stress/tdz-this-in-try-catch.js: Added.
4096         (__v_6388):
4097         (__v_6392):
4098
4099 2017-11-14  Yusuke Suzuki  <utatane.tea@gmail.com>
4100
4101         [DFG][FTL] Support Array::DirectArguments with OutOfBounds
4102         https://bugs.webkit.org/show_bug.cgi?id=179594
4103
4104         Reviewed by Saam Barati.
4105
4106         * stress/direct-arguments-in-bounds-to-out-of-bounds.js: Added.
4107         (shouldBe):
4108         (args):
4109         * stress/direct-arguments-out-of-bounds-watchpoint.js: Added.
4110         (shouldBe):
4111         (args):
4112
4113 2017-11-14  Saam Barati  <sbarati@apple.com>
4114
4115         We need to set topCallFrame when calling Wasm::Memory::grow from the JIT
4116         https://bugs.webkit.org/show_bug.cgi?id=179639
4117         <rdar://problem/35513018>
4118
4119         Reviewed by JF Bastien.
4120
4121         * wasm/function-tests/grow-memory-cause-gc.js: Added.
4122         (escape):
4123         (i.func):
4124
4125 2017-11-13  Mark Lam  <mark.lam@apple.com>
4126
4127         Add more overflow check book-keeping for MarkedArgumentBuffer.
4128         https://bugs.webkit.org/show_bug.cgi?id=179634
4129         <rdar://problem/35492517>
4130
4131         Reviewed by Saam Barati.
4132
4133         * stress/regress-179634.js: Added.
4134
4135 2017-11-13  Mark Lam  <mark.lam@apple.com>
4136
4137         Make the jsc shell loadGetterFromGetterSetter() function more robust.
4138         https://bugs.webkit.org/show_bug.cgi?id=179619
4139         <rdar://problem/35492518>
4140
4141         Reviewed by Saam Barati.
4142
4143         * stress/regress-179619.js: Added.
4144
4145 2017-11-12  Mark Lam  <mark.lam@apple.com>
4146
4147         We should ensure that operationStrCat2 and operationStrCat3 are never passed Symbols as arguments.
4148         https://bugs.webkit.org/show_bug.cgi?id=179562
4149         <rdar://problem/35467022>
4150
4151         Reviewed by Saam Barati.
4152
4153         * regress-179562.js: Added.
4154
4155 2017-11-08  Saam Barati  <sbarati@apple.com>
4156
4157         A JSFunction's ObjectAllocationProfile should watch the poly prototype watchpoint so it can clear its object allocation profile
4158         https://bugs.webkit.org/show_bug.cgi?id=177792
4159
4160         Reviewed by Yusuke Suzuki.
4161
4162         * microbenchmarks/poly-proto-clear-js-function-allocation-profile.js: Added.
4163         (assert):
4164         (foo.Foo.prototype.ensureX):
4165         (foo.Foo):
4166         (foo):
4167         (access):
4168
4169 2017-11-08  Ryan Haddad  <ryanhaddad@apple.com>
4170
4171         Mark test262.yaml/test262/test/language/statements/try/tco-catch.js as passing.
4172         https://bugs.webkit.org/show_bug.cgi?id=178592
4173
4174         Unreviewed test gardening.
4175
4176         * test262.yaml:
4177
4178 2017-11-08  Robin Morisset  <rmorisset@apple.com>
4179
4180         Turn recursive tail calls into loops
4181         https://bugs.webkit.org/show_bug.cgi?id=176601
4182
4183         Reviewed by Saam Barati.
4184
4185         Relanding after https://bugs.webkit.org/show_bug.cgi?id=178834.
4186
4187         Add some simple test that computes factorial in several ways, and other trivial computations.
4188         They all tests the case where foo calls bar (in an inlineable way) that then does a tail call.
4189         Depending on the nature of both calls, it is possible or not to turn the tail call into a loop.
4190         I have no clear way of checking that the call was indeed transformed, but I can check that the code computes the right result
4191         (which it doesn't if that tail call is transformed into a loop in the unsound cases).
4192
4193         * stress/inline-call-to-recursive-tail-call.js: Added.
4194         (factorial.aux):
4195         (factorial):
4196         (factorial2.aux2):
4197         (factorial2.id):
4198         (factorial2):
4199         (factorial3.aux3):
4200         (factorial3):
4201         (aux4):
4202         (factorial4):
4203         (foo):
4204         (auxBar):
4205         (bar):
4206         (test):
4207
4208 2017-11-07  Mark Lam  <mark.lam@apple.com>
4209
4210         AccessCase::generateImpl() should exclude the result register when restoring registers after a call.
4211         https://bugs.webkit.org/show_bug.cgi?id=179355
4212         <rdar://problem/35263053>
4213
4214         Reviewed by Saam Barati.
4215
4216         * stress/regress-179355.js: Added.
4217
4218 2017-11-05  Yusuke Suzuki  <utatane.tea@gmail.com>
4219
4220         JIT call inline caches should cache calls to objects with getCallData/getConstructData traps
4221         https://bugs.webkit.org/show_bug.cgi?id=144458
4222
4223         Reviewed by Saam Barati.
4224
4225         * microbenchmarks/dfg-internal-function-call.js: Added.
4226         (target):
4227         * microbenchmarks/dfg-internal-function-construct.js: Added.
4228         (target):
4229         * microbenchmarks/dfg-internal-function-not-handled-call.js: Added.
4230         (target):
4231         * microbenchmarks/dfg-internal-function-not-handled-construct.js: Added.
4232         (target):
4233         * stress/dfg-internal-function-call.js: Added.
4234         (shouldBe):
4235         (target):
4236         * stress/dfg-internal-function-construct.js: Added.
4237         (shouldBe):
4238         (target):
4239         * stress/internal-function-call.js: Added.
4240         (shouldBe):
4241         * stress/internal-function-construct.js: Added.
4242         (shouldBe):
4243
4244 2017-11-05  Per Arne Vollan  <pvollan@apple.com>
4245
4246         [Win] Skip stress/regress-178385.js.
4247         https://bugs.webkit.org/show_bug.cgi?id=179298
4248
4249         Unreviewed test gardening.
4250
4251         * stress/regress-178385.js:
4252
4253 2017-11-03  Keith Miller  <keith_miller@apple.com>
4254
4255         Add test for ic with side effects
4256         https://bugs.webkit.org/show_bug.cgi?id=179268
4257
4258         Reviewed by Saam Barati.
4259
4260         * stress/put-inline-cache-side-effects.js: Added.
4261         (let.i.of.objs.keys):
4262         (f):
4263
4264 2017-11-03  Mark Lam  <mark.lam@apple.com>
4265
4266         CachedCall (and its clients) needs overflow checks.
4267         https://bugs.webkit.org/show_bug.cgi?id=179185
4268
4269         Reviewed by JF Bastien.
4270
4271         * stress/regress-179185.js: Added.
4272
4273 2017-11-02  Michael Saboff  <msaboff@apple.com>
4274
4275         DFG needs to handle code motion of code in for..in loop bodies
4276         https://bugs.webkit.org/show_bug.cgi?id=179212
4277
4278         Reviewed by Keith Miller.
4279
4280         New regression test.
4281
4282         * stress/for-in-side-effects.js: Added.
4283         (getPrototypeOf):
4284         (reset):
4285         (testWithoutFTL.f):
4286         (testWithoutFTL):
4287         (testWithFTL.f):
4288         (testWithFTL):
4289
4290 2017-11-02  Filip Pizlo  <fpizlo@apple.com>
4291
4292         AI does not correctly model the clobber case of ArithClz32
4293         https://bugs.webkit.org/show_bug.cgi?id=179188
4294
4295         Reviewed by Michael Saboff.
4296
4297         * stress/arith-clz32-effects.js: Added.
4298         (foo):
4299         (valueOf):
4300
4301 2017-11-01  Michael Saboff  <msaboff@apple.com>
4302
4303         Integer overflow in code generated by LoadVarargs processing in DFG and FTL.
4304         https://bugs.webkit.org/show_bug.cgi?id=179140
4305
4306         Reviewed by Saam Barati.
4307
4308         New regression test.
4309
4310         * stress/regress-179140.js: Added.
4311         (testWithoutFTL):
4312         (testWithFTL):
4313
4314 2017-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
4315