JSC::createError needs to check for OOM in errorDescriptionForValue
[WebKit-https.git] / JSTests / ChangeLog
index bba5f1c..d7c5ee8 100644 (file)
@@ -1,3 +1,254 @@
+2019-03-20  Tadeu Zagallo  <tzagallo@apple.com>
+
+        JSC::createError needs to check for OOM in errorDescriptionForValue
+        https://bugs.webkit.org/show_bug.cgi?id=196032
+        <rdar://problem/46842740>
+
+        Reviewed by Mark Lam.
+
+        * stress/create-error-out-of-memory-rope-string.js: Added.
+
+2019-03-19  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Unreviewed, reduce # of iterations to avoid timing out after r242991
+        https://bugs.webkit.org/show_bug.cgi?id=195791
+
+        To avoid timing out, this patch reduces it from 3e7 to 1e7. 1e7 iteration counts still reproduce the issue at 60%.
+
+        * stress/symbol-is-destructed-before-refing-underlying-symbol-impl.js:
+
+2019-03-19  Caio Lima  <ticaiolima@gmail.com>
+
+        [JSC] microbenchmarks/generate-multiple-llint-entrypoints.js is running out of executable memory on ARMv7
+        https://bugs.webkit.org/show_bug.cgi?id=195950
+
+        Unreviewed, reducing the amount of memory used on this test to avoid
+        OOM on devices with memory restrictions.
+
+        * microbenchmarks/generate-multiple-llint-entrypoints.js:
+
+2019-03-19  Caio Lima  <ticaiolima@gmail.com>
+
+        [JSC] LLIntEntryPoint creates same DirectJITCode for all functions
+        https://bugs.webkit.org/show_bug.cgi?id=194648
+
+        Reviewed by Keith Miller.
+
+        * microbenchmarks/generate-multiple-llint-entrypoints.js: Added.
+
+2019-03-18  Mark Lam  <mark.lam@apple.com>
+
+        Missing a ThrowScope release in JSObject::toString().
+        https://bugs.webkit.org/show_bug.cgi?id=195893
+        <rdar://problem/48970986>
+
+        Reviewed by Michael Saboff.
+
+        * stress/to-string-exception-check-release.js: Added.
+
+2019-03-18  Mark Lam  <mark.lam@apple.com>
+
+        Structure::flattenDictionary() should clear unused property slots.
+        https://bugs.webkit.org/show_bug.cgi?id=195871
+        <rdar://problem/48959497>
+
+        Reviewed by Michael Saboff.
+
+        * stress/structure-flattenDictionary-should-clear-unused-property-slots.js: Added.
+
+2019-03-15  Mark Lam  <mark.lam@apple.com>
+
+        Need to check ObjectPropertyCondition liveness before accessing it when firing watchpoints.
+        https://bugs.webkit.org/show_bug.cgi?id=195827
+        <rdar://problem/48845513>
+
+        Reviewed by Filip Pizlo.
+
+        * stress/check-object-property-condition-liveness-before-accessing-it-when-watchpoints-fire.js: Added.
+
+2019-03-15  Dominik Infuehr  <dinfuehr@igalia.com>
+
+        [ARM,MIPS] Skip slow tests
+        https://bugs.webkit.org/show_bug.cgi?id=195799
+
+        Unreviewed, test does not finish on ARM and MIPS within the
+        timeout limit.
+
+        * stress/symbol-is-destructed-before-refing-underlying-symbol-impl.js:
+
+2019-03-14  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Retain PrivateName of Symbol before passing it to operations potentially incurring GC
+        https://bugs.webkit.org/show_bug.cgi?id=195791
+        <rdar://problem/48806130>
+
+        Reviewed by Mark Lam.
+
+        * stress/symbol-is-destructed-before-refing-underlying-symbol-impl.js: Added.
+        (foo):
+
+2019-03-14  Saam barati  <sbarati@apple.com>
+
+        We can't remove code after ForceOSRExit until after FixupPhase
+        https://bugs.webkit.org/show_bug.cgi?id=186916
+        <rdar://problem/41396612>
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/movhint-backwards-propagation-must-merge-use-as-value-add.js: Added.
+        (foo):
+        * stress/movhint-backwards-propagation-must-merge-use-as-value.js: Added.
+        (foo):
+
+2019-03-13  Michael Saboff  <msaboff@apple.com>
+
+        ASSERTION FAILED: regexp->isValid() or ASSERTION FAILED: !isCompilationThread()
+        https://bugs.webkit.org/show_bug.cgi?id=195735
+
+        Reviewed by Mark Lam.
+
+        New regression test.
+
+        * stress/dont-strength-reduce-regexp-with-compile-error.js: Added.
+        (foo):
+        (bar):
+
+2019-03-14  Saam barati  <sbarati@apple.com>
+
+        Fixup uses KnownInt32 incorrectly in some nodes
+        https://bugs.webkit.org/show_bug.cgi?id=195279
+        <rdar://problem/47915654>
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/known-int32-cant-be-used-across-bytecode-boundary.js: Added.
+        (foo):
+
+2019-03-14  Keith Miller  <keith_miller@apple.com>
+
+        DFG liveness can't skip tail caller inline frames
+        https://bugs.webkit.org/show_bug.cgi?id=195715
+
+        Reviewed by Saam Barati.
+
+        * stress/dfg-scan-inlined-tail-caller-frames-liveness.js:
+        (i.foo):
+
+2019-03-13  Mark Lam  <mark.lam@apple.com>
+
+        Gardening: reducing the variants on 2 tests to avoid timing out on JSC Debug queue.
+        https://bugs.webkit.org/show_bug.cgi?id=195415
+
+        Not reviewed.
+
+        Changed these tests to only run the default configuration.
+        The ftl-no-cjit-validate-sampling-profiler variant was timing out.
+        There's no strong need to run this test on that variant.
+
+        * stress/dfg-to-string-on-int-does-gc.js:
+        * stress/dfg-to-string-on-string-or-string-object-does-not-gc.js:
+
+2019-03-13  Dominik Infuehr  <dinfuehr@igalia.com>
+
+        String overflow when using StringBuilder in JSC::createError
+        https://bugs.webkit.org/show_bug.cgi?id=194957
+
+        Reviewed by Mark Lam.
+
+        Add test string-overflow-createError-bulder.js that overflows
+        StringBuilder in notAFunctionSourceAppender. The second new test
+        string-overflow-createError-fit.js has an error message that doesn't
+        overflow, it still failed since the String's capacity can't be doubled.
+        Run test string-overflow-createError.js only in the default
+        configuration to reduce memory consumption when running the test
+        in all configurations on multiple CPUs in parallel.
+
+        * stress/string-overflow-createError-builder.js: Copied from JSTests/stress/string-overflow-createError.js.
+        (catch):
+        * stress/string-overflow-createError-fit.js: Copied from JSTests/stress/string-overflow-createError.js.
+        (catch):
+        * stress/string-overflow-createError.js:
+
+2019-03-12  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] OSR entry should respect abstract values in addition to flush formats
+        https://bugs.webkit.org/show_bug.cgi?id=195653
+
+        Reviewed by Mark Lam.
+
+        * stress/osr-entry-locals-none.js: Added.
+
+2019-03-12  Michael Saboff  <msaboff@apple.com>
+
+        REGRESSION (iOS 12.2): Webpage using CoffeeScript crashes
+        https://bugs.webkit.org/show_bug.cgi?id=195613
+
+        Reviewed by Mark Lam.
+
+        New regression test.
+
+        * stress/regexp-backref-inbounds.js: Added.
+        (testRegExp):
+
+2019-03-12  Mark Lam  <mark.lam@apple.com>
+
+        The HasIndexedProperty node does GC.
+        https://bugs.webkit.org/show_bug.cgi?id=195559
+        <rdar://problem/48767923>
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/HasIndexedProperty-does-gc.js: Added.
+
+2019-03-11  Caio Lima  <ticaiolima@gmail.com>
+
+        [ESNext][BigInt] Implement "~" unary operation
+        https://bugs.webkit.org/show_bug.cgi?id=182216
+
+        Reviewed by Keith Miller.
+
+        * stress/big-int-bit-not-general.js: Added.
+        * stress/big-int-bitwise-not-jit.js: Added.
+        * stress/big-int-bitwise-not-wrapped-value.js: Added.
+        * stress/bit-op-with-object-returning-int32.js:
+        * stress/bitwise-not-fixup-rules.js: Added.
+        * stress/value-bit-not-ai-rule.js: Added.
+
+2019-03-10  Ross Kirsling  <ross.kirsling@sony.com>
+
+        Invalid flags in a RegExp literal should be an early SyntaxError
+        https://bugs.webkit.org/show_bug.cgi?id=195514
+
+        Reviewed by Darin Adler.
+
+        * test262/expectations.yaml:
+        Mark 4 test cases as passing.
+
+        * stress/regexp-syntax-error-invalid-flags.js:
+        * stress/regress-161995.js: Removed.
+        Update existing test, merging in an older test for the same behavior.
+
+2019-03-08  Mark Lam  <mark.lam@apple.com>
+
+        Stack overflow crash in JSC::JSObject::hasInstance.
+        https://bugs.webkit.org/show_bug.cgi?id=195458
+        <rdar://problem/48710195>
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/stack-overflow-in-custom-hasInstance.js: Added.
+
+2019-03-08  Tadeu Zagallo  <tzagallo@apple.com>
+
+        op_check_tdz does not def its argument
+        https://bugs.webkit.org/show_bug.cgi?id=192880
+        <rdar://problem/46221598>
+
+        Reviewed by Saam Barati.
+
+        * microbenchmarks/let-for-in.js: Added.
+        (foo):
+
 2019-03-07  Yusuke Suzuki  <ysuzuki@apple.com>
 
         [JSC] StringFromCharCode fast path should accept 0xff in DFG and FTL
 2019-03-07  Yusuke Suzuki  <ysuzuki@apple.com>
 
         [JSC] StringFromCharCode fast path should accept 0xff in DFG and FTL