Title: [228725] trunk
Revision 228725
Author sbar...@apple.com
Date 2018-02-19 19:45:03 -0800 (Mon, 19 Feb 2018)
Log Message
Don't use JSFunction's allocation profile when getting the prototype can be effectful
https://bugs.webkit.org/show_bug.cgi?id=182942
Reviewed by Mark Lam.
Title: [228720] trunk/Source/_javascript_Core
Revision 228720
Author sbar...@apple.com
Date 2018-02-19 18:00:39 -0800 (Mon, 19 Feb 2018)
Log Message
Don't mark an array profile out of bounds for the cases where the DFG will convert the access to SaneChain
Title: [228565] trunk
Revision 228565
Author sbar...@apple.com
Date 2018-02-16 11:12:29 -0800 (Fri, 16 Feb 2018)
Log Message
Fix bugs from r228411
https://bugs.webkit.org/show_bug.cgi?id=182851
Reviewed by JF Bastien.
JSTests:
*
Title: [228488] trunk
Revision 228488
Author sbar...@apple.com
Date 2018-02-14 15:25:52 -0800 (Wed, 14 Feb 2018)
Log Message
Setting a VMTrap shouldn't look at topCallFrame since that may imply we're in C code and holding the malloc lock
https://bugs.webkit.org/show_bug.cgi?id=182801
Title: [228454] trunk
Revision 228454
Author sbar...@apple.com
Date 2018-02-13 21:07:07 -0800 (Tue, 13 Feb 2018)
Log Message
putDirectIndexSlowOrBeyondVectorLength needs to convert to dictionary indexing mode always if attributes are present
https://bugs.webkit.org/show_bug.cgi?id=182755
Title: [228438] trunk/Source/_javascript_Core
Revision 228438
Author sbar...@apple.com
Date 2018-02-13 15:03:21 -0800 (Tue, 13 Feb 2018)
Log Message
Follup fix to r228411 for 32-bit builds. I missed a place where we used non vararg getter for child2().
* dfg/DFGSpeculativeJIT32_64.cpp:
Title: [228401] trunk
Revision 228401
Author sbar...@apple.com
Date 2018-02-12 15:41:17 -0800 (Mon, 12 Feb 2018)
Log Message
DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
https://bugs.webkit.org/show_bug.cgi?id=182706
Reviewed by Filip
Title: [228035] trunk/Source/_javascript_Core
Revision 228035
Author sbar...@apple.com
Date 2018-02-02 16:43:14 -0800 (Fri, 02 Feb 2018)
Log Message
Make various DFG_ASSERTs provide more data to WTFCrashWithInfo
https://bugs.webkit.org/show_bug.cgi?id=182453
Reviewed by JF Bastien and
Title: [228031] trunk
Revision 228031
Author sbar...@apple.com
Date 2018-02-02 14:55:29 -0800 (Fri, 02 Feb 2018)
Log Message
When BytecodeParser inserts Unreachable after ForceOSRExit it needs to update ArgumentPositions for Flushes it inserts
Title: [228018] trunk/Source/_javascript_Core
Revision 228018
Author sbar...@apple.com
Date 2018-02-02 11:07:31 -0800 (Fri, 02 Feb 2018)
Log Message
MapHash should return true to doesGC in the DFG depending on useKind because it might resolve a rope
Title: [227951] trunk/Source
Revision 227951
Author sbar...@apple.com
Date 2018-01-31 21:36:40 -0800 (Wed, 31 Jan 2018)
Log Message
Replace tryLargeMemalignVirtual with tryLargeZeroedMemalignVirtual and use it to allocate large zeroed memory in Wasm
Title: [227898] trunk
Revision 227898
Author sbar...@apple.com
Date 2018-01-31 02:18:28 -0800 (Wed, 31 Jan 2018)
Log Message
JSC incorrectly interpreting script, sets Global Property instead of Global Lexical variable (LiteralParser / JSONP path)
Title: [227897] trunk/Source/_javascript_Core
Revision 227897
Author sbar...@apple.com
Date 2018-01-31 02:04:57 -0800 (Wed, 31 Jan 2018)
Log Message
clean up pushToSaveImmediateWithoutTouchingRegisters a bit
https://bugs.webkit.org/show_bug.cgi?id=181774
Reviewed by JF Bastien.
This
Title: [227236] trunk
Revision 227236
Author sbar...@apple.com
Date 2018-01-19 14:30:45 -0800 (Fri, 19 Jan 2018)
Log Message
Kill ArithNegate's ArithProfile assert inside BytecodeParser
https://bugs.webkit.org/show_bug.cgi?id=181877
Reviewed by Mark Lam.
JSTests:
*
Title: [227104] trunk
Revision 227104
Author sbar...@apple.com
Date 2018-01-17 17:58:25 -0800 (Wed, 17 Jan 2018)
Log Message
Disable Atomics when SharedArrayBuffer isn’t enabled
https://bugs.webkit.org/show_bug.cgi?id=181572
Reviewed by Michael Saboff.
JSTests:
*
Title: [227096] trunk/Source/_javascript_Core
Revision 227096
Author sbar...@apple.com
Date 2018-01-17 16:34:16 -0800 (Wed, 17 Jan 2018)
Log Message
Support MultiGetByOffset in the DFG
https://bugs.webkit.org/show_bug.cgi?id=181466
Reviewed by Keith Miller.
This seems to benefit
Title: [227053] trunk
Revision 227053
Author sbar...@apple.com
Date 2018-01-17 01:24:26 -0800 (Wed, 17 Jan 2018)
Log Message
DFG::Node::convertToConstant needs to clear the varargs flags
https://bugs.webkit.org/show_bug.cgi?id=181697
Reviewed by Yusuke Suzuki.
JSTests:
*
Title: [226942] trunk/Source/_javascript_Core
Revision 226942
Author sbar...@apple.com
Date 2018-01-14 11:43:39 -0800 (Sun, 14 Jan 2018)
Log Message
Unreviewed. r226928 broke the CLOOP build. This patch fixes the CLOOP build.
* bytecode/CallLinkStatus.cpp:
Title: [226928] trunk/Source/_javascript_Core
Revision 226928
Author sbar...@apple.com
Date 2018-01-12 16:36:37 -0800 (Fri, 12 Jan 2018)
Log Message
Move ExitProfile to UnlinkedCodeBlock so it can be shared amongst CodeBlocks backed by the same UnlinkedCodeBlock
Title: [226907] trunk
Revision 226907
Author sbar...@apple.com
Date 2018-01-12 12:47:44 -0800 (Fri, 12 Jan 2018)
Log Message
CheckStructure can be incorrectly subsumed by CheckStructureOrEmpty
https://bugs.webkit.org/show_bug.cgi?id=181177
Reviewed by Yusuke Suzuki.
JSTests:
*
Title: [226811] trunk
Revision 226811
Author sbar...@apple.com
Date 2018-01-11 15:21:18 -0800 (Thu, 11 Jan 2018)
Log Message
When inserting Unreachable in byte code parser we need to flush all the right things
https://bugs.webkit.org/show_bug.cgi?id=181509
Reviewed by Mark Lam.
Title: [226806] trunk
Revision 226806
Author sbar...@apple.com
Date 2018-01-11 14:18:17 -0800 (Thu, 11 Jan 2018)
Log Message
JITMathIC code in the FTL is wrong when code gets duplicated
https://bugs.webkit.org/show_bug.cgi?id=181525
Reviewed by Michael Saboff and Keith Miller.
Title: [226767] trunk
Revision 226767
Author sbar...@apple.com
Date 2018-01-11 00:16:06 -0800 (Thu, 11 Jan 2018)
Log Message
Our for-in caching is wrong when we add indexed properties on things in the prototype chain
https://bugs.webkit.org/show_bug.cgi?id=181508
Reviewed by Yusuke
Title: [226661] trunk/Tools
Revision 226661
Author sbar...@apple.com
Date 2018-01-09 15:43:41 -0800 (Tue, 09 Jan 2018)
Log Message
Give some slack in display-profiler-outputs computation of the terminal window's number of columns
https://bugs.webkit.org/show_bug.cgi?id=181449
Reviewed
Title: [226655] trunk/Source/_javascript_Core
Revision 226655
Author sbar...@apple.com
Date 2018-01-09 13:13:35 -0800 (Tue, 09 Jan 2018)
Log Message
Reduce graph size by replacing terminal nodes in blocks that have a ForceOSRExit with Unreachable
Title: [226603] trunk/Source/WebCore
Revision 226603
Author sbar...@apple.com
Date 2018-01-08 17:55:40 -0800 (Mon, 08 Jan 2018)
Log Message
Speculative build fix after r226600. We only use clflush on x86 and the `asm volatile` syntax is not available in the Windows build.
No new tests
Title: [226493] trunk/Tools
Revision 226493
Author sbar...@apple.com
Date 2018-01-07 14:22:52 -0800 (Sun, 07 Jan 2018)
Log Message
Add total exits and total compilations sorting mode to the "full" command in display-profiler-output
https://bugs.webkit.org/show_bug.cgi?id=181372
Reviewed
Title: [226436] trunk/Source/_javascript_Core
Revision 226436
Author sbar...@apple.com
Date 2018-01-04 21:12:51 -0800 (Thu, 04 Jan 2018)
Log Message
Do value profiling in to_this
https://bugs.webkit.org/show_bug.cgi?id=181299
Reviewed by Filip Pizlo.
This patch adds value profiling to
Title: [226426] trunk/Source/_javascript_Core
Revision 226426
Author sbar...@apple.com
Date 2018-01-04 16:01:32 -0800 (Thu, 04 Jan 2018)
Log Message
Add a new pattern matching rule to Graph::methodOfGettingAValueProfileFor for SetLocal(@nodeWithHeapPrediction)
Title: [226379] trunk/Source/_javascript_Core
Revision 226379
Author sbar...@apple.com
Date 2018-01-03 16:44:37 -0800 (Wed, 03 Jan 2018)
Log Message
Fix BytecodeParser op_catch assert to work with useProfiler=1
https://bugs.webkit.org/show_bug.cgi?id=181260
Reviewed by Keith Miller.
Title: [226351] trunk
Revision 226351
Author sbar...@apple.com
Date 2018-01-02 19:59:16 -0800 (Tue, 02 Jan 2018)
Log Message
Incorrect assertion inside AccessCase
https://bugs.webkit.org/show_bug.cgi?id=181200
Reviewed by Yusuke Suzuki.
JSTests:
*
Title: [226305] trunk
Revision 226305
Author sbar...@apple.com
Date 2017-12-28 10:13:15 -0800 (Thu, 28 Dec 2017)
Log Message
Assertion used to determine if something is an async generator is wrong
https://bugs.webkit.org/show_bug.cgi?id=181168
Reviewed by Yusuke Suzuki.
JSTests:
*
Title: [226254] trunk/Source/_javascript_Core
Revision 226254
Author sbar...@apple.com
Date 2017-12-21 19:05:18 -0800 (Thu, 21 Dec 2017)
Log Message
lowering get_by_val to GetById inside bytecode parser should check for BadType exit kind
https://bugs.webkit.org/show_bug.cgi?id=181112
Title: [226208] trunk/Source/_javascript_Core
Revision 226208
Author sbar...@apple.com
Date 2017-12-20 17:54:46 -0800 (Wed, 20 Dec 2017)
Log Message
GetPropertyEnumerator in DFG/FTL should not unconditionally speculate cell
https://bugs.webkit.org/show_bug.cgi?id=181054
Reviewed by Mark
Title: [226139] trunk/Source/_javascript_Core
Revision 226139
Author sbar...@apple.com
Date 2017-12-19 13:51:27 -0800 (Tue, 19 Dec 2017)
Log Message
We forgot to do index masking for in bounds int32 arrays in the FTL
https://bugs.webkit.org/show_bug.cgi?id=180987
Reviewed by Keith
Title: [226081] trunk/Source/_javascript_Core
Revision 226081
Author sbar...@apple.com
Date 2017-12-18 14:20:22 -0800 (Mon, 18 Dec 2017)
Log Message
Follow up to bug#179762. Fix PreciseLocalClobberize to handle Spread/PhantomSpread(PhantomNewArrayBuffer)
*
Title: [225966] trunk
Revision 225966
Author sbar...@apple.com
Date 2017-12-14 22:20:07 -0800 (Thu, 14 Dec 2017)
Log Message
The CleanUp after LICM is erroneously removing a Check
https://bugs.webkit.org/show_bug.cgi?id=180852
Reviewed by Filip Pizlo.
JSTests:
*
Title: [225912] trunk/Source/bmalloc
Revision 225912
Author sbar...@apple.com
Date 2017-12-14 11:10:54 -0800 (Thu, 14 Dec 2017)
Log Message
logVMFailure should not simulate crash on iOS
https://bugs.webkit.org/show_bug.cgi?id=180790
Reviewed by JF Bastien.
The Gigacage allocation on
Title: [225891] trunk
Revision 225891
Author sbar...@apple.com
Date 2017-12-13 20:10:02 -0800 (Wed, 13 Dec 2017)
Log Message
Arrow functions need their own structure because they have different properties than sloppy functions
https://bugs.webkit.org/show_bug.cgi?id=180779
Reviewed by
Title: [225880] trunk/Source/_javascript_Core
Revision 225880
Author sbar...@apple.com
Date 2017-12-13 16:31:58 -0800 (Wed, 13 Dec 2017)
Log Message
Take a value driven approach to how we emit structure checks in TypeCheckHoistingPhase to obviate the need for static_assert guards
Title: [225865] trunk/Source/_javascript_Core
Revision 225865
Author sbar...@apple.com
Date 2017-12-13 12:46:33 -0800 (Wed, 13 Dec 2017)
Log Message
REGRESSION(r225844): Around 850 new JSC failures on 32-bit
https://bugs.webkit.org/show_bug.cgi?id=180764
Unreviewed. We should only emit
Title: [225845] trunk
Revision 225845
Author sbar...@apple.com
Date 2017-12-13 09:29:21 -0800 (Wed, 13 Dec 2017)
Log Message
Fix how JSFunction handles "caller" and "arguments" for functions that don't have those properties
https://bugs.webkit.org/show_bug.cgi?id=163579
Reviewed by
Title: [225844] trunk
Revision 225844
Author sbar...@apple.com
Date 2017-12-13 09:19:24 -0800 (Wed, 13 Dec 2017)
Log Message
TypeCheckHoistingPhase needs to emit a CheckStructureOrEmpty if it's doing it for |this|
https://bugs.webkit.org/show_bug.cgi?id=180734
Reviewed by Yusuke
Title: [225834] trunk
Revision 225834
Author sbar...@apple.com
Date 2017-12-12 19:04:22 -0800 (Tue, 12 Dec 2017)
Log Message
We need to model effects of Spread(@PhantomCreateRest) in Clobberize/PreciseLocalClobberize
https://bugs.webkit.org/show_bug.cgi?id=180725
Reviewed by Michael
Title: [225821] trunk
Revision 225821
Author sbar...@apple.com
Date 2017-12-12 16:32:57 -0800 (Tue, 12 Dec 2017)
Log Message
ConstantFoldingPhase rule for GetMyArgumentByVal must check for negative indices
https://bugs.webkit.org/show_bug.cgi?id=180723
Reviewed by JF Bastien.
JSTests:
Title: [225768] trunk
Revision 225768
Author sbar...@apple.com
Date 2017-12-11 19:24:43 -0800 (Mon, 11 Dec 2017)
Log Message
We need to disableCaching() in ErrorInstance when we materialize properties
https://bugs.webkit.org/show_bug.cgi?id=180343
Reviewed by Mark Lam.
JSTests:
*
Title: [225701] trunk/Source/bmalloc
Revision 225701
Author sbar...@apple.com
Date 2017-12-08 14:28:31 -0800 (Fri, 08 Dec 2017)
Log Message
Enable gigacage on iOS with a 32GB runway and ensure it doesn't break WasmBench
https://bugs.webkit.org/show_bug.cgi?id=178557
Reviewed by Mark
Title: [225664] trunk/Source/_javascript_Core
Revision 225664
Author sbar...@apple.com
Date 2017-12-07 18:08:03 -0800 (Thu, 07 Dec 2017)
Log Message
Modify our dollar VM clflush intrinsic to aid in some perf testing
https://bugs.webkit.org/show_bug.cgi?id=180559
Reviewed by Mark Lam.
*
Title: [225658] trunk/Source/WebKit
Revision 225658
Author sbar...@apple.com
Date 2017-12-07 17:12:18 -0800 (Thu, 07 Dec 2017)
Log Message
We need to grab the JSLock in InjectedBundle::createWebDataFromUint8Array
https://bugs.webkit.org/show_bug.cgi?id=180492
Reviewed by Alex
Title: [225621] trunk/Source/WebCore
Revision 225621
Author sbar...@apple.com
Date 2017-12-06 22:47:16 -0800 (Wed, 06 Dec 2017)
Log Message
Unreviewed. Fix iOS (and maybe other platform) build
* workers/service/server/RegistrationDatabase.cpp:
Title: [225579] trunk/Source/_javascript_Core
Revision 225579
Author sbar...@apple.com
Date 2017-12-06 10:58:00 -0800 (Wed, 06 Dec 2017)
Log Message
ASSERTION FAILED: vm->currentThreadIsHoldingAPILock() in void JSC::sanitizeStackForVM(JSC::VM *)
Title: [225492] trunk
Revision 225492
Author sbar...@apple.com
Date 2017-12-04 14:00:24 -0800 (Mon, 04 Dec 2017)
Log Message
We need to leave room on the top of the stack for the FTL TailCall slow path so it doesn't overwrite things we want to retrieve when doing a stack walk when
Title: [225423] trunk
Revision 225423
Author sbar...@apple.com
Date 2017-12-01 15:40:13 -0800 (Fri, 01 Dec 2017)
Log Message
Having a bad time needs to handle ArrayClass indexing type as well
https://bugs.webkit.org/show_bug.cgi?id=180274
Reviewed by Keith Miller and Mark Lam.
Title: [225307] trunk/Source/_javascript_Core
Revision 225307
Author sbar...@apple.com
Date 2017-11-29 17:05:01 -0800 (Wed, 29 Nov 2017)
Log Message
Remove pointer caging for double arrays
https://bugs.webkit.org/show_bug.cgi?id=180163
Reviewed by Mark Lam.
This patch removes pointer
Title: [225202] trunk
Revision 225202
Author sbar...@apple.com
Date 2017-11-27 16:14:07 -0800 (Mon, 27 Nov 2017)
Log Message
Spread can escape when CreateRest does not
https://bugs.webkit.org/show_bug.cgi?id=180057
Reviewed by JF Bastien.
JSTests:
*
Title: [225188] trunk/Source/_javascript_Core
Revision 225188
Author sbar...@apple.com
Date 2017-11-27 12:40:51 -0800 (Mon, 27 Nov 2017)
Log Message
Having a bad time watchpoint firing during compilation revealed a racy assertion
https://bugs.webkit.org/show_bug.cgi?id=180048
Reviewed
Title: [224942] trunk/Source/_javascript_Core
Revision 224942
Author sbar...@apple.com
Date 2017-11-16 16:35:49 -0800 (Thu, 16 Nov 2017)
Log Message
Fix a bug with cpuid in the FTL.
Rubber stamped by Mark Lam.
Before uploading the previous patch, I tried to condense the code. I
Title: [224938] trunk/Source/_javascript_Core
Revision 224938
Author sbar...@apple.com
Date 2017-11-16 15:44:12 -0800 (Thu, 16 Nov 2017)
Log Message
Add some X86 intrinsics to $vm to help with some perf testing
https://bugs.webkit.org/show_bug.cgi?id=179693
Reviewed by Mark Lam.
I've
Title: [224811] trunk/Source/bmalloc
Revision 224811
Author sbar...@apple.com
Date 2017-11-14 01:08:06 -0800 (Tue, 14 Nov 2017)
Log Message
Make the gigacage runway 32GB
https://bugs.webkit.org/show_bug.cgi?id=175062
Reviewed by Mark Lam.
Making the gigacage runway 32GB defends us
Title: [224810] trunk
Revision 224810
Author sbar...@apple.com
Date 2017-11-14 01:05:33 -0800 (Tue, 14 Nov 2017)
Log Message
We need to set topCallFrame when calling Wasm::Memory::grow from the JIT
https://bugs.webkit.org/show_bug.cgi?id=179639
Reviewed by JF Bastien.
JSTests:
*
Title: [224802] trunk/Source/_javascript_Core
Revision 224802
Author sbar...@apple.com
Date 2017-11-13 21:33:30 -0800 (Mon, 13 Nov 2017)
Log Message
Remove pointer caging for HashMapImpl, JSLexicalEnvironment, DirectArguments, ScopedArguments, and ScopedArgumentsTable
Title: [224603] trunk
Revision 224603
Author sbar...@apple.com
Date 2017-11-08 15:38:55 -0800 (Wed, 08 Nov 2017)
Log Message
A JSFunction's ObjectAllocationProfile should watch the poly prototype watchpoint so it can clear its object allocation profile
Title: [224564] trunk/Source/_javascript_Core
Revision 224564
Author sbar...@apple.com
Date 2017-11-07 22:29:31 -0800 (Tue, 07 Nov 2017)
Log Message
Only cage double butterfly accesses
https://bugs.webkit.org/show_bug.cgi?id=179202
Reviewed by Mark Lam.
This patch removes caging from
Title: [224555] trunk/Source/bmalloc
Revision 224555
Author sbar...@apple.com
Date 2017-11-07 15:31:22 -0800 (Tue, 07 Nov 2017)
Log Message
We should PROT_NONE the Gigacage runway so OOB accesses crash
https://bugs.webkit.org/show_bug.cgi?id=179392
Reviewed by Mark Lam.
If we assume
Title: [224217] trunk/Source/_javascript_Core
Revision 224217
Author sbar...@apple.com
Date 2017-10-30 18:15:08 -0700 (Mon, 30 Oct 2017)
Log Message
We need a storeStoreFence before storing to the instruction stream's live variable catch data
Title: [224138] trunk/Source/_javascript_Core
Revision 224138
Author sbar...@apple.com
Date 2017-10-27 18:03:22 -0700 (Fri, 27 Oct 2017)
Log Message
Bytecode liveness should live on UnlinkedCodeBlock so it can be shared amongst CodeBlocks
https://bugs.webkit.org/show_bug.cgi?id=178949
Title: [223746] trunk/Source
Revision 223746
Author sbar...@apple.com
Date 2017-10-20 00:50:08 -0700 (Fri, 20 Oct 2017)
Log Message
Optimize accesses to how we get the direct prototype
https://bugs.webkit.org/show_bug.cgi?id=178548
Reviewed by Yusuke Suzuki.
Source/_javascript_Core:
Title: [223741] trunk/Source/bmalloc
Revision 223741
Author sbar...@apple.com
Date 2017-10-19 20:08:26 -0700 (Thu, 19 Oct 2017)
Log Message
Runtime disable gigacage on iOS because it broke WasmBench
https://bugs.webkit.org/show_bug.cgi?id=178556
Reviewed by Keith Miller.
*
Title: [223729] trunk/Source/_javascript_Core
Revision 223729
Author sbar...@apple.com
Date 2017-10-19 16:49:23 -0700 (Thu, 19 Oct 2017)
Log Message
REGRESSION(r223691): DFGByteCodeParser.cpp:1483:83: warning: comparison is always false due to limited range of data type [-Wtype-limits]
Title: [223727] trunk/Source/_javascript_Core
Revision 223727
Author sbar...@apple.com
Date 2017-10-19 16:34:20 -0700 (Thu, 19 Oct 2017)
Log Message
re-inline ObjectAllocationProfile::initializeProfile
https://bugs.webkit.org/show_bug.cgi?id=178532
Rubber stamped by Michael Saboff.
I
Title: [223715] trunk/Source/_javascript_Core
Revision 223715
Author sbar...@apple.com
Date 2017-10-19 15:23:58 -0700 (Thu, 19 Oct 2017)
Log Message
We should hard code the poly proto offset
https://bugs.webkit.org/show_bug.cgi?id=178531
Reviewed by Filip Pizlo.
This patch embraces
Title: [223709] trunk/Source/_javascript_Core
Revision 223709
Author sbar...@apple.com
Date 2017-10-19 13:45:54 -0700 (Thu, 19 Oct 2017)
Log Message
Turn various poly proto RELEASE_ASSERTs into ASSERTs because they're on the hot path in speedometer
Title: [223703] trunk
Revision 223703
Author sbar...@apple.com
Date 2017-10-19 13:16:19 -0700 (Thu, 19 Oct 2017)
Log Message
Turn poly proto back on by default and remove the option
https://bugs.webkit.org/show_bug.cgi?id=178525
Reviewed by Mark Lam.
Source/_javascript_Core:
I added
Title: [223222] trunk
Revision 223222
Author sbar...@apple.com
Date 2017-10-11 17:53:45 -0700 (Wed, 11 Oct 2017)
Log Message
Runtime disable poly proto because it may be a 3-4% Speedometer regression
https://bugs.webkit.org/show_bug.cgi?id=178192
Reviewed by JF Bastien.
Title: [223214] trunk/JSTests
Revision 223214
Author sbar...@apple.com
Date 2017-10-11 17:00:57 -0700 (Wed, 11 Oct 2017)
Log Message
Unreviewed. Actually skip certain type profiler tests in debug.
* typeProfiler.yaml:
* typeProfiler/deltablue-for-of.js:
*
Title: [223161] trunk/Source/_javascript_Core
Revision 223161
Author sbar...@apple.com
Date 2017-10-10 17:53:59 -0700 (Tue, 10 Oct 2017)
Log Message
Prototype structure transition should be a deferred transition
https://bugs.webkit.org/show_bug.cgi?id=177734
Reviewed by Keith Miller.
Title: [223125] trunk
Revision 223125
Author sbar...@apple.com
Date 2017-10-10 00:58:27 -0700 (Tue, 10 Oct 2017)
Log Message
The prototype cache should be aware of the Executable it generates a Structure for
https://bugs.webkit.org/show_bug.cgi?id=177907
Reviewed by Filip Pizlo.
Title: [223123] trunk/Source/_javascript_Core
Revision 223123
Author sbar...@apple.com
Date 2017-10-09 22:11:27 -0700 (Mon, 09 Oct 2017)
Log Message
We don't need to clearEmptyObjectStructureForPrototype because JSGlobalObject* is part of the cache's key
Title: [223056] trunk/JSTests
Revision 223056
Author sbar...@apple.com
Date 2017-10-09 11:37:14 -0700 (Mon, 09 Oct 2017)
Log Message
3 poly-proto JSC tests timing out on debug after r222827
https://bugs.webkit.org/show_bug.cgi?id=177880
Unreviewed.
I'm skipping these type profiler
Title: [223037] trunk/JSTests
Revision 223037
Author sbar...@apple.com
Date 2017-10-08 17:44:40 -0700 (Sun, 08 Oct 2017)
Log Message
Unreviewed. Make some type profiler tests run for less time to avoid debug timeouts.
* typeProfiler/deltablue-for-of.js:
*
Title: [222929] trunk/Source/_javascript_Core
Revision 222929
Author sbar...@apple.com
Date 2017-10-05 12:58:08 -0700 (Thu, 05 Oct 2017)
Log Message
Only add prototypes to the PrototypeMap if they're not already present
https://bugs.webkit.org/show_bug.cgi?id=177952
Reviewed by Michael
Title: [222925] trunk/Source/_javascript_Core
Revision 222925
Author sbar...@apple.com
Date 2017-10-05 11:59:58 -0700 (Thu, 05 Oct 2017)
Log Message
Unreviewed. Disable probe OSR exit on 32-bit until it's fixed.
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
Modified Paths
Title: [222914] trunk/Tools
Revision 222914
Author sbar...@apple.com
Date 2017-10-05 10:18:15 -0700 (Thu, 05 Oct 2017)
Log Message
Unreviewed. Try to make debug type profiler tests stop timing out.
* Scripts/run-jsc-stress-tests:
Modified Paths
trunk/Tools/ChangeLog
Title: [222901] trunk
Revision 222901
Author sbar...@apple.com
Date 2017-10-05 00:38:00 -0700 (Thu, 05 Oct 2017)
Log Message
Make sure all prototypes under poly proto get added into the VM's prototype map
https://bugs.webkit.org/show_bug.cgi?id=177909
Reviewed by Keith Miller.
JSTests:
Title: [222891] trunk
Revision 222891
Author sbar...@apple.com
Date 2017-10-04 19:47:59 -0700 (Wed, 04 Oct 2017)
Log Message
Make pertinent AccessCases watch the poly proto watchpoint
https://bugs.webkit.org/show_bug.cgi?id=177765
Reviewed by Keith Miller.
JSTests:
*
Title: [222866] trunk/JSTests
Revision 222866
Author sbar...@apple.com
Date 2017-10-04 11:56:32 -0700 (Wed, 04 Oct 2017)
Log Message
3 poly-proto JSC tests timing out on debug after r222827
https://bugs.webkit.org/show_bug.cgi?id=177880
Rubber stamped by Mark Lam.
*
Title: [222744] trunk/Source/_javascript_Core
Revision 222744
Author sbar...@apple.com
Date 2017-10-02 14:40:19 -0700 (Mon, 02 Oct 2017)
Log Message
Unreviewed. Add missing exception check for the custom-get-set-inline-caching-one-level-up-proto-chain.js
test that I added. It uncovered a
Title: [222713] trunk/Source/_javascript_Core
Revision 222713
Author sbar...@apple.com
Date 2017-10-02 10:09:08 -0700 (Mon, 02 Oct 2017)
Log Message
Unreviewed. Fix debug assertion after r222671.
JSTestCustomGetterSetter::finishCreation needs to call its base's finishCreation
Title: [222671] trunk
Revision 222671
Author sbar...@apple.com
Date 2017-09-29 16:48:10 -0700 (Fri, 29 Sep 2017)
Log Message
Custom GetterSetterAccessCase does not use the correct slotBase when making call
https://bugs.webkit.org/show_bug.cgi?id=177639
Reviewed by Geoffrey Garen.
Title: [222590] trunk
Revision 222590
Author sbar...@apple.com
Date 2017-09-27 17:44:28 -0700 (Wed, 27 Sep 2017)
Log Message
Propagate hasBeenFlattenedBefore in Structure's transition constructor and fix our for-in caching to fail when the prototype chain has an object with a dictionary
Title: [222398] trunk/Source/_javascript_Core
Revision 222398
Author sbar...@apple.com
Date 2017-09-22 12:18:33 -0700 (Fri, 22 Sep 2017)
Log Message
Usage of ErrorInstance::m_stackTrace on the mutator is racy with the collector
https://bugs.webkit.org/show_bug.cgi?id=177368
Reviewed by
Title: [222115] trunk
Revision 222115
Author sbar...@apple.com
Date 2017-09-15 16:27:56 -0700 (Fri, 15 Sep 2017)
Log Message
Arity fixup during inlining should do a 2 phase commit so it properly recovers the frame in case of exit
https://bugs.webkit.org/show_bug.cgi?id=176981
Reviewed
Title: [222071] trunk/Source
Revision 222071
Author sbar...@apple.com
Date 2017-09-14 19:23:59 -0700 (Thu, 14 Sep 2017)
Log Message
We should have a way of preventing a caller from making a tail call and we should use it for ProxyObject instead of using build flags
Title: [222066] trunk/Source/_javascript_Core
Revision 222066
Author sbar...@apple.com
Date 2017-09-14 17:04:47 -0700 (Thu, 14 Sep 2017)
Log Message
Make dumping the graph print when both when exitOK and !exitOK
https://bugs.webkit.org/show_bug.cgi?id=176954
Reviewed by Keith Miller.
*
Title: [222060] trunk
Revision 222060
Author sbar...@apple.com
Date 2017-09-14 16:39:27 -0700 (Thu, 14 Sep 2017)
Log Message
It should be valid to exit before each set when doing arity fixup when inlining
https://bugs.webkit.org/show_bug.cgi?id=176948
Reviewed by Keith Miller.
JSTests:
Title: [221703] trunk/Source/_javascript_Core
Revision 221703
Author sbar...@apple.com
Date 2017-09-06 14:04:25 -0700 (Wed, 06 Sep 2017)
Log Message
Air should have a Vector of prologue generators instead of a HashMap representing an optional prologue generator
Title: [221701] trunk/Source/_javascript_Core
Revision 221701
Author sbar...@apple.com
Date 2017-09-06 13:51:02 -0700 (Wed, 06 Sep 2017)
Log Message
ASSERTION FAILED: op() == CheckStructure in Source/_javascript_Core/dfg/DFGNode.h(443)
https://bugs.webkit.org/show_bug.cgi?id=176470
Title: [221657] trunk
Revision 221657
Author sbar...@apple.com
Date 2017-09-05 18:18:15 -0700 (Tue, 05 Sep 2017)
Log Message
isNotCellSpeculation is wrong with respect to SpecEmpty
https://bugs.webkit.org/show_bug.cgi?id=176429
Reviewed by Michael Saboff.
JSTests:
*
Title: [221637] trunk/Source/_javascript_Core
Revision 221637
Author sbar...@apple.com
Date 2017-09-05 14:30:05 -0700 (Tue, 05 Sep 2017)
Log Message
Make the distinction between entrypoints and CFG roots more clear by naming things better
https://bugs.webkit.org/show_bug.cgi?id=176336
Title: [221607] trunk
Revision 221607
Author sbar...@apple.com
Date 2017-09-04 21:10:53 -0700 (Mon, 04 Sep 2017)
Log Message
typeCheckHoistingPhase may emit a CheckStructure on the empty value which leads to a dereference of zero on 64 bit platforms
601 - 700 of 1147 matches
Mail list logo
