[webkit-changes] [204597] trunk/Source/JavaScriptCore

Title: [204597] trunk/Source/_javascript_Core Revision 204597 Author sbar...@apple.com Date 2016-08-18 10:17:41 -0700 (Thu, 18 Aug 2016) Log Message Make @Array(size) a bytecode intrinsic https://bugs.webkit.org/show_bug.cgi?id=160867 Reviewed by Mark Lam. There were a few places in

[webkit-changes] [204489] trunk/Source

Title: [204489] trunk/Source Revision 204489 Author sbar...@apple.com Date 2016-08-15 16:32:03 -0700 (Mon, 15 Aug 2016) Log Message Web Inspector: Introduce a method to enable code coverage profiler without enabling type profiler https://bugs.webkit.org/show_bug.cgi?id=160750 Reviewed

[webkit-changes] [204488] trunk/Source/JavaScriptCore

Title: [204488] trunk/Source/_javascript_Core Revision 204488 Author sbar...@apple.com Date 2016-08-15 16:31:39 -0700 (Mon, 15 Aug 2016) Log Message Array.prototype.map builtin should go on the fast path when constructor===@Array https://bugs.webkit.org/show_bug.cgi?id=160836 Reviewed

[webkit-changes] [204439] trunk

Title: [204439] trunk Revision 204439 Author sbar...@apple.com Date 2016-08-12 19:14:42 -0700 (Fri, 12 Aug 2016) Log Message Inline store loop for CopyRest in DFG and FTL for certain array modes https://bugs.webkit.org/show_bug.cgi?id=159612 Reviewed by Filip Pizlo. JSTests: *

[webkit-changes] [204353] trunk/LayoutTests

Title: [204353] trunk/LayoutTests Revision 204353 Author sbar...@apple.com Date 2016-08-10 14:20:47 -0700 (Wed, 10 Aug 2016) Log Message Web Inspector: rebase inspector/model/remote-object-get-properties.html and unskip https://bugs.webkit.org/show_bug.cgi?id=160738 Reviewed by Joseph

[webkit-changes] [204335] trunk/LayoutTests

Title: [204335] trunk/LayoutTests Revision 204335 Author sbar...@apple.com Date 2016-08-10 10:19:31 -0700 (Wed, 10 Aug 2016) Log Message Unreviewed. Skip a JSC test that's timing out and an inspector test that needs to be rebased after r204321 * TestExpectations: *

[webkit-changes] [204321] trunk

Title: [204321] trunk Revision 204321 Author sbar...@apple.com Date 2016-08-09 20:39:05 -0700 (Tue, 09 Aug 2016) Log Message JSBoundFunction should lazily generate its name string https://bugs.webkit.org/show_bug.cgi?id=160678 Reviewed by Mark Lam. JSTests: *

[webkit-changes] [204305] trunk

Title: [204305] trunk Revision 204305 Author sbar...@apple.com Date 2016-08-09 15:03:28 -0700 (Tue, 09 Aug 2016) Log Message Parser::parseFunctionInfo() has the wrong info about captured vars when a function is not cached. https://bugs.webkit.org/show_bug.cgi?id=160671 Reviewed by Mark

[webkit-changes] [204206] trunk

Title: [204206] trunk Revision 204206 Author sbar...@apple.com Date 2016-08-05 17:46:50 -0700 (Fri, 05 Aug 2016) Log Message various math operations don't properly check for an exception after calling toNumber() on the lhs https://bugs.webkit.org/show_bug.cgi?id=160154 Reviewed by Mark

[webkit-changes] [204182] trunk

Title: [204182] trunk Revision 204182 Author sbar...@apple.com Date 2016-08-05 12:16:28 -0700 (Fri, 05 Aug 2016) Log Message Assertion failure when accessing TDZ variable in catch through eval https://bugs.webkit.org/show_bug.cgi?id=160554 Reviewed by Mark Lam and Keith Miller.

[webkit-changes] [204162] trunk

Title: [204162] trunk Revision 204162 Author sbar...@apple.com Date 2016-08-04 23:46:55 -0700 (Thu, 04 Aug 2016) Log Message Restore CodeBlock jettison code to jettison when a CodeBlock has been alive for a long time https://bugs.webkit.org/show_bug.cgi?id=151241 Reviewed by Benjamin

[webkit-changes] [204059] trunk/JSTests

Title: [204059] trunk/JSTests Revision 204059 Author sbar...@apple.com Date 2016-08-02 18:46:03 -0700 (Tue, 02 Aug 2016) Log Message Rename Changelog to ChangeLog Rubber stamped by Keith Miller. * Changelog: Removed. Added Paths trunk/JSTests/ChangeLog Removed Paths

[webkit-changes] [204058] trunk

Title: [204058] trunk Revision 204058 Author sbar...@apple.com Date 2016-08-02 18:28:16 -0700 (Tue, 02 Aug 2016) Log Message update a class extending null w.r.t the ES7 spec https://bugs.webkit.org/show_bug.cgi?id=160417 Reviewed by Keith Miller. Source/_javascript_Core: When a class

[webkit-changes] [203979] trunk/Source/JavaScriptCore

Title: [203979] trunk/Source/_javascript_Core Revision 203979 Author sbar...@apple.com Date 2016-08-01 11:48:14 -0700 (Mon, 01 Aug 2016) Log Message Sub should be a Math IC https://bugs.webkit.org/show_bug.cgi?id=160270 Reviewed by Mark Lam. This makes Sub an IC like Mul and Add. I'm

[webkit-changes] [203793] trunk/Source/JavaScriptCore

Title: [203793] trunk/Source/_javascript_Core Revision 203793 Author sbar...@apple.com Date 2016-07-27 14:11:09 -0700 (Wed, 27 Jul 2016) Log Message We don't optimize for-in properly in baseline JIT (maybe other JITs too) with an object with symbols

[webkit-changes] [203786] trunk/Source/JavaScriptCore

Title: [203786] trunk/Source/_javascript_Core Revision 203786 Author sbar...@apple.com Date 2016-07-27 12:56:28 -0700 (Wed, 27 Jul 2016) Log Message MathICs should be able to emit only a jump along the inline path when they don't have any type data

[webkit-changes] [203758] trunk/Source/JavaScriptCore

Title: [203758] trunk/Source/_javascript_Core Revision 203758 Author sbar...@apple.com Date 2016-07-26 18:23:53 -0700 (Tue, 26 Jul 2016) Log Message rollout r203666 https://bugs.webkit.org/show_bug.cgi?id=160226 Unreviewed rollout. * b3/B3BasicBlock.h:

[webkit-changes] [203697] trunk/Source/JavaScriptCore

Title: [203697] trunk/Source/_javascript_Core Revision 203697 Author sbar...@apple.com Date 2016-07-25 13:40:39 -0700 (Mon, 25 Jul 2016) Log Message MathICs should be able to take and dump stats about code size https://bugs.webkit.org/show_bug.cgi?id=160148 Reviewed by Filip Pizlo.

[webkit-changes] [203693] trunk/Source/JavaScriptCore

Title: [203693] trunk/Source/_javascript_Core Revision 203693 Author sbar...@apple.com Date 2016-07-25 12:04:16 -0700 (Mon, 25 Jul 2016) Log Message op_mul/ArithMul(Untyped,Untyped) should be an IC https://bugs.webkit.org/show_bug.cgi?id=160108 Reviewed by Mark Lam. This patch makes

[webkit-changes] [203615] trunk/Source/JavaScriptCore

Title: [203615] trunk/Source/_javascript_Core Revision 203615 Author sbar...@apple.com Date 2016-07-22 13:38:28 -0700 (Fri, 22 Jul 2016) Log Message REGRESSION(r203537): It made many tests crash on ARMv7 Linux platforms https://bugs.webkit.org/show_bug.cgi?id=160082 Reviewed by Keith

[webkit-changes] [203544] trunk/Source/JavaScriptCore

Title: [203544] trunk/Source/_javascript_Core Revision 203544 Author sbar...@apple.com Date 2016-07-21 18:01:14 -0700 (Thu, 21 Jul 2016) Log Message callOperation(.) variants in the DFG that explicitly take a tag/payload register should take a JSValueRegs instead

[webkit-changes] [203263] trunk

Title: [203263] trunk Revision 203263 Author sbar...@apple.com Date 2016-07-14 19:11:42 -0700 (Thu, 14 Jul 2016) Log Message It should be a syntax error to have a 'use strict' directive inside a function that has a non-simple parameter list https://bugs.webkit.org/show_bug.cgi?id=159790

[webkit-changes] [203087] trunk/Source/JavaScriptCore

Title: [203087] trunk/Source/_javascript_Core Revision 203087 Author sbar...@apple.com Date 2016-07-11 15:08:40 -0700 (Mon, 11 Jul 2016) Log Message some paths in Array.prototype.splice don't account for the array not having certain indexed properties

[webkit-changes] [203015] trunk/Source/JavaScriptCore

Title: [203015] trunk/Source/_javascript_Core Revision 203015 Author sbar...@apple.com Date 2016-07-08 18:29:55 -0700 (Fri, 08 Jul 2016) Log Message We may add a ReadOnly property without setting the corresponding bit on Structure https://bugs.webkit.org/show_bug.cgi?id=159542 Reviewed

[webkit-changes] [202936] trunk/Source/JavaScriptCore

Title: [202936] trunk/Source/_javascript_Core Revision 202936 Author sbar...@apple.com Date 2016-07-07 15:15:04 -0700 (Thu, 07 Jul 2016) Log Message ToThis constant folding in DFG is incorrect when the structure indicates that toThis is overridden

[webkit-changes] [202866] trunk/Source/JavaScriptCore

Title: [202866] trunk/Source/_javascript_Core Revision 202866 Author sbar...@apple.com Date 2016-07-06 11:23:38 -0700 (Wed, 06 Jul 2016) Log Message InlineAccess::sizeForLengthAccess() is wrong on some platforms because it should also consider "length" not being array length

[webkit-changes] [202847] trunk/Source/JavaScriptCore

Title: [202847] trunk/Source/_javascript_Core Revision 202847 Author sbar...@apple.com Date 2016-07-05 22:25:06 -0700 (Tue, 05 Jul 2016) Log Message StackVisitor::unwindToMachineCodeBlockFrame() may unwind past a VM entry frame when catching an exception and the frame has inlined tail

[webkit-changes] [202828] trunk/Source/JavaScriptCore

Title: [202828] trunk/Source/_javascript_Core Revision 202828 Author sbar...@apple.com Date 2016-07-05 13:05:02 -0700 (Tue, 05 Jul 2016) Log Message our parsing for "use strict" is wrong when we first parse other directives that are not "use strict" but are located in a place where "use

[webkit-changes] [202827] trunk/Source/JavaScriptCore

Title: [202827] trunk/Source/_javascript_Core Revision 202827 Author sbar...@apple.com Date 2016-07-05 12:49:19 -0700 (Tue, 05 Jul 2016) Log Message reportAbandonedObjectGraph should report abandoned bytes based on capacity() so it works even if a GC has never happened

[webkit-changes] [202795] trunk/Source

Title: [202795] trunk/Source Revision 202795 Author sbar...@apple.com Date 2016-07-03 14:36:48 -0700 (Sun, 03 Jul 2016) Log Message BytecodeGenerator::getVariablesUnderTDZ is too conservative https://bugs.webkit.org/show_bug.cgi?id=159387 Reviewed by Filip Pizlo.

[webkit-changes] [202768] trunk

Title: [202768] trunk Revision 202768 Author sbar...@apple.com Date 2016-07-01 17:59:38 -0700 (Fri, 01 Jul 2016) Log Message fix "ASSERTION FAILED: currentOffset() >= currentLineStartOffset()" https://bugs.webkit.org/show_bug.cgi?id=158572 Reviewed by Mark Lam.

[webkit-changes] [202714] trunk/Source/JavaScriptCore

Title: [202714] trunk/Source/_javascript_Core Revision 202714 Author sbar...@apple.com Date 2016-06-30 15:35:30 -0700 (Thu, 30 Jun 2016) Log Message missing exception checks in arrayProtoFuncReverse https://bugs.webkit.org/show_bug.cgi?id=159319 Reviewed by Filip Pizlo. *

[webkit-changes] [202710] trunk/Source/JavaScriptCore

Title: [202710] trunk/Source/_javascript_Core Revision 202710 Author sbar...@apple.com Date 2016-06-30 15:06:44 -0700 (Thu, 30 Jun 2016) Log Message get_by_id_with_this does not trigger a to_this in caller. https://bugs.webkit.org/show_bug.cgi?id=159226 Reviewed by Keith Miller. This

[webkit-changes] [202693] trunk/Source/JavaScriptCore

Title: [202693] trunk/Source/_javascript_Core Revision 202693 Author sbar...@apple.com Date 2016-06-30 11:46:23 -0700 (Thu, 30 Jun 2016) Log Message We need to to_this when an inner arrow function uses 'this' https://bugs.webkit.org/show_bug.cgi?id=159290 Reviewed by Geoffrey Garen.

[webkit-changes] [202664] trunk/Source/JavaScriptCore

Title: [202664] trunk/Source/_javascript_Core Revision 202664 Author sbar...@apple.com Date 2016-06-29 20:55:34 -0700 (Wed, 29 Jun 2016) Log Message JSGlobalLexicalEnvironment needs a toThis implementation https://bugs.webkit.org/show_bug.cgi?id=159285 Reviewed by Mark Lam. This was a

[webkit-changes] [202654] trunk/Source/JavaScriptCore

Title: [202654] trunk/Source/_javascript_Core Revision 202654 Author sbar...@apple.com Date 2016-06-29 15:34:03 -0700 (Wed, 29 Jun 2016) Log Message We don't emit TDZ checks for call_eval https://bugs.webkit.org/show_bug.cgi?id=159277 Reviewed by Benjamin Poulain. This is a problem if

[webkit-changes] [202648] trunk

Title: [202648] trunk Revision 202648 Author sbar...@apple.com Date 2016-06-29 14:48:17 -0700 (Wed, 29 Jun 2016) Log Message Destructuring variable declaration is missing a validation of the syntax of a sub production when there is a rhs https://bugs.webkit.org/show_bug.cgi?id=159267

[webkit-changes] [202602] trunk/Source/JavaScriptCore

Title: [202602] trunk/Source/_javascript_Core Revision 202602 Author sbar...@apple.com Date 2016-06-28 19:06:22 -0700 (Tue, 28 Jun 2016) Log Message Assertion failure or crash when accessing let-variable in TDZ with eval with a function in it that returns let variable

[webkit-changes] [202402] trunk/Source/JavaScriptCore

Title: [202402] trunk/Source/_javascript_Core Revision 202402 Author sbar...@apple.com Date 2016-06-23 16:28:50 -0700 (Thu, 23 Jun 2016) Log Message DFGSpeculativeJIT's m_slowPathLambdas should restore the current node field and DFG OSR entry functions should use DeferGCForAWhile instead

[webkit-changes] [202366] trunk/Tools

Title: [202366] trunk/Tools Revision 202366 Author sbar...@apple.com Date 2016-06-22 22:46:10 -0700 (Wed, 22 Jun 2016) Log Message run-_javascript_core-tests should have some environment variables for commonly used settings https://bugs.webkit.org/show_bug.cgi?id=159047 Reviewed by

[webkit-changes] [202364] trunk

Title: [202364] trunk Revision 202364 Author sbar...@apple.com Date 2016-06-22 20:24:18 -0700 (Wed, 22 Jun 2016) Log Message TypeProfiler and TypeProfilerLog don't play nicely with the concurrent JIT https://bugs.webkit.org/show_bug.cgi?id=159037 Reviewed by Benjamin Poulain.

[webkit-changes] [202288] trunk/Source/JavaScriptCore

Title: [202288] trunk/Source/_javascript_Core Revision 202288 Author sbar...@apple.com Date 2016-06-21 13:14:00 -0700 (Tue, 21 Jun 2016) Log Message CodeBlock::shrinkToFit is racy https://bugs.webkit.org/show_bug.cgi?id=158994 Reviewed by Filip Pizlo. To see why this is racy, consider

[webkit-changes] [202286] trunk/Source/JavaScriptCore

Title: [202286] trunk/Source/_javascript_Core Revision 202286 Author sbar...@apple.com Date 2016-06-21 12:03:22 -0700 (Tue, 21 Jun 2016) Log Message LLInt doesn't throw stack exception overflow from parent frame https://bugs.webkit.org/show_bug.cgi?id=158962 Reviewed by Filip Pizlo.

[webkit-changes] [202214] trunk/Source/JavaScriptCore

Title: [202214] trunk/Source/_javascript_Core Revision 202214 Author sbar...@apple.com Date 2016-06-19 12:42:18 -0700 (Sun, 19 Jun 2016) Log Message We should be able to generate more types of ICs inline https://bugs.webkit.org/show_bug.cgi?id=158719 Reviewed by Filip Pizlo. This

[webkit-changes] [202055] trunk/Source/WebInspectorUI

Title: [202055] trunk/Source/WebInspectorUI Revision 202055 Author sbar...@apple.com Date 2016-06-14 11:42:17 -0700 (Tue, 14 Jun 2016) Log Message Follow up to: Web Inspector: Call Trees view should have a 'Top Functions'-like mode https://bugs.webkit.org/show_bug.cgi?id=158555

[webkit-changes] [202021] trunk/Source/JavaScriptCore

Title: [202021] trunk/Source/_javascript_Core Revision 202021 Author sbar...@apple.com Date 2016-06-13 19:29:26 -0700 (Mon, 13 Jun 2016) Log Message The sampling profiler should further protect itself against certain forms of sampling bias that arise due to the sampling interval being in

[webkit-changes] [202010] trunk/Source/WebInspectorUI

Title: [202010] trunk/Source/WebInspectorUI Revision 202010 Author sbar...@apple.com Date 2016-06-13 15:43:20 -0700 (Mon, 13 Jun 2016) Log Message Web Inspector: Call Trees view should have a 'Top Functions'-like mode https://bugs.webkit.org/show_bug.cgi?id=158555 Reviewed by Timothy

[webkit-changes] [201776] trunk/Source/JavaScriptCore

Title: [201776] trunk/Source/_javascript_Core Revision 201776 Author sbar...@apple.com Date 2016-06-07 16:45:53 -0700 (Tue, 07 Jun 2016) Log Message InvalidationPointInjectionPhase creates bogus InvalidationPoints that may even be inserted when it's not OK to exit

[webkit-changes] [201768] trunk/Source/JavaScriptCore

Title: [201768] trunk/Source/_javascript_Core Revision 201768 Author sbar...@apple.com Date 2016-06-07 13:07:56 -0700 (Tue, 07 Jun 2016) Log Message operationProcessTypeProfilerLogDFG doesn't update topCallFrame https://bugs.webkit.org/show_bug.cgi?id=158428 Reviewed by Mark Lam. *

[webkit-changes] [201738] trunk/Source/WTF

Title: [201738] trunk/Source/WTF Revision 201738 Author sbar...@apple.com Date 2016-06-06 20:24:54 -0700 (Mon, 06 Jun 2016) Log Message equal(StringView, StringView) for strings should have a fast path for pointer equality https://bugs.webkit.org/show_bug.cgi?id=158452 Reviewed by

[webkit-changes] [201672] trunk/Source/JavaScriptCore

Title: [201672] trunk/Source/_javascript_Core Revision 201672 Author sbar...@apple.com Date 2016-06-03 17:34:27 -0700 (Fri, 03 Jun 2016) Log Message Proxy.ownKeys should no longer throw an exception when duplicate keys are returned and the target is non-extensible

[webkit-changes] [201670] trunk/Source/JavaScriptCore

Title: [201670] trunk/Source/_javascript_Core Revision 201670 Author sbar...@apple.com Date 2016-06-03 16:51:25 -0700 (Fri, 03 Jun 2016) Log Message Some shadow chicken code is wrong when run on a big endian CPU https://bugs.webkit.org/show_bug.cgi?id=158361 Reviewed by Mark Lam. This

[webkit-changes] [201628] trunk/Source/JavaScriptCore

Title: [201628] trunk/Source/_javascript_Core Revision 201628 Author sbar...@apple.com Date 2016-06-02 16:52:03 -0700 (Thu, 02 Jun 2016) Log Message global lexical environment variables are not accessible through functions created using the function constructor

[webkit-changes] [201622] trunk/Source/JavaScriptCore

Title: [201622] trunk/Source/_javascript_Core Revision 201622 Author sbar...@apple.com Date 2016-06-02 15:18:27 -0700 (Thu, 02 Jun 2016) Log Message Teach bytecode liveness about the debugger https://bugs.webkit.org/show_bug.cgi?id=158288 Reviewed by Filip Pizlo. There was a bug where

[webkit-changes] [201520] trunk/Source/JavaScriptCore

Title: [201520] trunk/Source/_javascript_Core Revision 201520 Author sbar...@apple.com Date 2016-05-31 12:45:10 -0700 (Tue, 31 May 2016) Log Message Web Inspector: capturing with Allocations timeline causes GC to take 100x longer and cause frame drops

[webkit-changes] [201495] trunk/Source/JavaScriptCore

Title: [201495] trunk/Source/_javascript_Core Revision 201495 Author sbar...@apple.com Date 2016-05-29 12:01:36 -0700 (Sun, 29 May 2016) Log Message Stack overflow crashes with deep or cyclic proxy prototype chains https://bugs.webkit.org/show_bug.cgi?id=157087 Reviewed by Filip Pizlo

[webkit-changes] [201473] trunk

Title: [201473] trunk Revision 201473 Author sbar...@apple.com Date 2016-05-27 16:42:08 -0700 (Fri, 27 May 2016) Log Message DebuggerCallFrame crashes when updated with the globalExec because neither ShadowChicken's algorithm nor StackVisitor's algorithm reasons about the globalExec

[webkit-changes] [201465] trunk

Title: [201465] trunk Revision 201465 Author sbar...@apple.com Date 2016-05-27 13:26:06 -0700 (Fri, 27 May 2016) Log Message ShadowChicken/DebuggerCallFrame don't properly handle when the entry stack frame is a tail deleted frame https://bugs.webkit.org/show_bug.cgi?id=158131 Reviewed

[webkit-changes] [201359] trunk/Source/JavaScriptCore

Title: [201359] trunk/Source/_javascript_Core Revision 201359 Author sbar...@apple.com Date 2016-05-24 15:28:20 -0700 (Tue, 24 May 2016) Log Message We can cache lookups to JSScope::abstractResolve inside CodeBlock::finishCreation https://bugs.webkit.org/show_bug.cgi?id=158036 Reviewed

[webkit-changes] [201301] trunk/Source/JavaScriptCore

Title: [201301] trunk/Source/_javascript_Core Revision 201301 Author sbar...@apple.com Date 2016-05-23 15:46:41 -0700 (Mon, 23 May 2016) Log Message The baseline JIT crashes when compiling "(1,1)/1" https://bugs.webkit.org/show_bug.cgi?id=157933 Reviewed by Benjamin Poulain. op_div in

[webkit-changes] [201293] trunk/Source/JavaScriptCore

Title: [201293] trunk/Source/_javascript_Core Revision 201293 Author sbar...@apple.com Date 2016-05-23 13:27:28 -0700 (Mon, 23 May 2016) Log Message String template don't handle let initialization properly inside eval https://bugs.webkit.org/show_bug.cgi?id=157991 Reviewed by Oliver

[webkit-changes] [201266] trunk/Source/JavaScriptCore

Title: [201266] trunk/Source/_javascript_Core Revision 201266 Author sbar...@apple.com Date 2016-05-22 21:02:22 -0700 (Sun, 22 May 2016) Log Message Unreviewed. Fixed debug assertion failures from r201235. * runtime/JSScope.cpp: (JSC::abstractAccess): Modified Paths

[webkit-changes] [201254] trunk

Title: [201254] trunk Revision 201254 Author sbar...@apple.com Date 2016-05-22 12:13:23 -0700 (Sun, 22 May 2016) Log Message REGRESSION(r199075): String.prototype.replace fails after being used many times with different replace values https://bugs.webkit.org/show_bug.cgi?id=157968

[webkit-changes] [201235] trunk/Source/JavaScriptCore

Title: [201235] trunk/Source/_javascript_Core Revision 201235 Author sbar...@apple.com Date 2016-05-20 17:17:30 -0700 (Fri, 20 May 2016) Log Message JSScope::abstractAccess doesn't need to copy the SymbolTableEntry, it can use it by reference

[webkit-changes] [201176] trunk/Source/JavaScriptCore

Title: [201176] trunk/Source/_javascript_Core Revision 201176 Author sbar...@apple.com Date 2016-05-19 13:09:47 -0700 (Thu, 19 May 2016) Log Message arrow function lexical environment should reuse the same environment as the function's lexical environment where possible

[webkit-changes] [201122] trunk/Source/JavaScriptCore

Title: [201122] trunk/Source/_javascript_Core Revision 201122 Author sbar...@apple.com Date 2016-05-18 18:27:49 -0700 (Wed, 18 May 2016) Log Message Function with default parameter values that are arrow functions that capture this isn't working

[webkit-changes] [201121] trunk/Source/WTF

Title: [201121] trunk/Source/WTF Revision 201121 Author sbar...@apple.com Date 2016-05-18 18:01:21 -0700 (Wed, 18 May 2016) Log Message StringBuilder::appendQuotedJSONString doesn't properly protect against the math it's doing. Make the math fit the assertion.

[webkit-changes] [201069] trunk/LayoutTests

Title: [201069] trunk/LayoutTests Revision 201069 Author sbar...@apple.com Date 2016-05-17 19:53:45 -0700 (Tue, 17 May 2016) Log Message LayoutTest inspector/debugger/tail-recursion.html failing on WK2 debug https://bugs.webkit.org/show_bug.cgi?id=157801 Rubber-stamped by Joseph

[webkit-changes] [200997] trunk

Title: [200997] trunk Revision 200997 Author sbar...@apple.com Date 2016-05-16 22:31:35 -0700 (Mon, 16 May 2016) Log Message ShadowChicken crashes when reading a scope from the frame during a stack overflow exception https://bugs.webkit.org/show_bug.cgi?id=157770 Reviewed by Filip

[webkit-changes] [200984] trunk/Source/JavaScriptCore

Title: [200984] trunk/Source/_javascript_Core Revision 200984 Author sbar...@apple.com Date 2016-05-16 17:29:40 -0700 (Mon, 16 May 2016) Log Message Unreviewed Cloop build fix. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex): Modified Paths

[webkit-changes] [200980] trunk/Source/JavaScriptCore

Title: [200980] trunk/Source/_javascript_Core Revision 200980 Author sbar...@apple.com Date 2016-05-16 16:27:27 -0700 (Mon, 16 May 2016) Log Message TypeSet/StructureShape have a flawed sense of JS prototype chains https://bugs.webkit.org/show_bug.cgi?id=157760 Reviewed by Joseph

[webkit-changes] [200906] trunk/Source/JavaScriptCore

Title: [200906] trunk/Source/_javascript_Core Revision 200906 Author sbar...@apple.com Date 2016-05-13 19:03:10 -0700 (Fri, 13 May 2016) Log Message DFG/FTL have a few bugs in their reasoning about the scope https://bugs.webkit.org/show_bug.cgi?id=157696 Reviewed by Benjamin Poulain.

[webkit-changes] [200701] trunk/Source/JavaScriptCore

Title: [200701] trunk/Source/_javascript_Core Revision 200701 Author sbar...@apple.com Date 2016-05-11 13:54:09 -0700 (Wed, 11 May 2016) Log Message Air may decide to put the result register of an arithmetic snippet in the tag register https://bugs.webkit.org/show_bug.cgi?id=157548

[webkit-changes] [200632] trunk/Source/JavaScriptCore

Title: [200632] trunk/Source/_javascript_Core Revision 200632 Author sbar...@apple.com Date 2016-05-10 11:56:33 -0700 (Tue, 10 May 2016) Log Message Make super-property-access.js test run for less time because it was timing out in debug builds. Rubber stamped by Filip Pizlo. *

[webkit-changes] [200166] trunk/Source/WebCore

Title: [200166] trunk/Source/WebCore Revision 200166 Author sbar...@apple.com Date 2016-04-27 18:54:12 -0700 (Wed, 27 Apr 2016) Log Message Move the implementation of Settings::globalConstRedeclarationShouldThrow into the cpp file https://bugs.webkit.org/show_bug.cgi?id=157109

[webkit-changes] [200121] trunk/Source

Title: [200121] trunk/Source Revision 200121 Author sbar...@apple.com Date 2016-04-27 00:12:06 -0700 (Wed, 27 Apr 2016) Log Message JSC should have an option to allow global const redeclarations https://bugs.webkit.org/show_bug.cgi?id=157006 Reviewed by Geoffrey Garen.

[webkit-changes] [200038] trunk/Source/JavaScriptCore

Title: [200038] trunk/Source/_javascript_Core Revision 200038 Author sbar...@apple.com Date 2016-04-25 12:08:53 -0700 (Mon, 25 Apr 2016) Log Message We don't have to parse a function's parameters every time if the function is in the source provider cache

[webkit-changes] [199864] trunk/Source/JavaScriptCore

Title: [199864] trunk/Source/_javascript_Core Revision 199864 Author sbar...@apple.com Date 2016-04-21 21:26:09 -0700 (Thu, 21 Apr 2016) Log Message LLInt CallSiteIndex off by 1 https://bugs.webkit.org/show_bug.cgi?id=156886 Reviewed by Benjamin Poulain. I think was done for historical

[webkit-changes] [199848] trunk/Source

Title: [199848] trunk/Source Revision 199848 Author sbar...@apple.com Date 2016-04-21 17:09:36 -0700 (Thu, 21 Apr 2016) Log Message Lets do less locking of symbol tables in the BytecodeGenerator where we don't have race conditions https://bugs.webkit.org/show_bug.cgi?id=156821 Reviewed

[webkit-changes] [199845] trunk/Source/JavaScriptCore

Title: [199845] trunk/Source/_javascript_Core Revision 199845 Author sbar...@apple.com Date 2016-04-21 16:30:36 -0700 (Thu, 21 Apr 2016) Log Message Remove some unnecessary RefPtrs in the parser https://bugs.webkit.org/show_bug.cgi?id=156865 Reviewed by Filip Pizlo. The IdentifierArena

[webkit-changes] [199800] trunk/Source/JavaScriptCore

Title: [199800] trunk/Source/_javascript_Core Revision 199800 Author sbar...@apple.com Date 2016-04-20 17:55:03 -0700 (Wed, 20 Apr 2016) Log Message Improve sampling profiler CLI JSC tool https://bugs.webkit.org/show_bug.cgi?id=156824 Reviewed by Mark Lam. This patch enhances the

[webkit-changes] [199787] trunk/Source/JavaScriptCore

Title: [199787] trunk/Source/_javascript_Core Revision 199787 Author sbar...@apple.com Date 2016-04-20 14:47:39 -0700 (Wed, 20 Apr 2016) Log Message We don't need a manual stack for an RAII object when the machine's stack will do just fine https://bugs.webkit.org/show_bug.cgi?id=156807

[webkit-changes] [199768] trunk/Source/JavaScriptCore

Title: [199768] trunk/Source/_javascript_Core Revision 199768 Author sbar...@apple.com Date 2016-04-20 01:44:43 -0700 (Wed, 20 Apr 2016) Log Message Remove unused m_writtenVariables from the parser and related bits https://bugs.webkit.org/show_bug.cgi?id=156784 Reviewed by Yusuke

[webkit-changes] [199763] trunk/Source/JavaScriptCore

Title: [199763] trunk/Source/_javascript_Core Revision 199763 Author sbar...@apple.com Date 2016-04-19 22:49:31 -0700 (Tue, 19 Apr 2016) Log Message Unreviewed, fix cloop build after r199754. * jsc.cpp: (jscmain): Modified Paths trunk/Source/_javascript_Core/ChangeLog

[webkit-changes] [199755] trunk/Source/JavaScriptCore

Title: [199755] trunk/Source/_javascript_Core Revision 199755 Author sbar...@apple.com Date 2016-04-19 19:41:00 -0700 (Tue, 19 Apr 2016) Log Message Add a couple UNLIKELY macros in parseMemberExpression https://bugs.webkit.org/show_bug.cgi?id=156775 Reviewed by Filip Pizlo. These

[webkit-changes] [199754] trunk/Source/JavaScriptCore

Title: [199754] trunk/Source/_javascript_Core Revision 199754 Author sbar...@apple.com Date 2016-04-19 19:24:53 -0700 (Tue, 19 Apr 2016) Log Message allow jsc shell to dump sampling profiler data https://bugs.webkit.org/show_bug.cgi?id=156725 Reviewed by Benjamin Poulain. This patch

[webkit-changes] [199699] trunk/Source/JavaScriptCore

Title: [199699] trunk/Source/_javascript_Core Revision 199699 Author sbar...@apple.com Date 2016-04-18 18:38:30 -0700 (Mon, 18 Apr 2016) Log Message implement dynamic scope accesses in the DFG/FTL https://bugs.webkit.org/show_bug.cgi?id=156567 Reviewed by Geoffrey Garen. This patch

[webkit-changes] [199394] trunk/Source/JavaScriptCore

Title: [199394] trunk/Source/_javascript_Core Revision 199394 Author sbar...@apple.com Date 2016-04-12 15:42:06 -0700 (Tue, 12 Apr 2016) Log Message Lets not iterate over the constant pool twice every time we link a code block https://bugs.webkit.org/show_bug.cgi?id=156517 Reviewed by

[webkit-changes] [199384] trunk/Source/JavaScriptCore

Title: [199384] trunk/Source/_javascript_Core Revision 199384 Author sbar...@apple.com Date 2016-04-12 13:47:24 -0700 (Tue, 12 Apr 2016) Log Message isLocked() assertion broke builds because ConcurrentJITLock isn't always a real lock. Rubber-stamped by Filip Pizlo. *

[webkit-changes] [199376] trunk/Source/JavaScriptCore

Title: [199376] trunk/Source/_javascript_Core Revision 199376 Author sbar...@apple.com Date 2016-04-12 11:38:16 -0700 (Tue, 12 Apr 2016) Log Message There is a race with the compiler thread and the main thread with result profiles https://bugs.webkit.org/show_bug.cgi?id=156503 Reviewed

[webkit-changes] [199352] trunk

Title: [199352] trunk Revision 199352 Author sbar...@apple.com Date 2016-04-12 08:21:51 -0700 (Tue, 12 Apr 2016) Log Message We incorrectly parse arrow function expressions https://bugs.webkit.org/show_bug.cgi?id=156373 Reviewed by Mark Lam. Source/_javascript_Core: This patch removes

[webkit-changes] [199277] trunk/Source/JavaScriptCore

Title: [199277] trunk/Source/_javascript_Core Revision 199277 Author sbar...@apple.com Date 2016-04-09 17:26:25 -0700 (Sat, 09 Apr 2016) Log Message Allocation sinking SSA Defs are allowed to have replacements https://bugs.webkit.org/show_bug.cgi?id=156444 Reviewed by Filip Pizlo.

[webkit-changes] [199249] trunk/Source/JavaScriptCore

Title: [199249] trunk/Source/_javascript_Core Revision 199249 Author sbar...@apple.com Date 2016-04-08 14:21:25 -0700 (Fri, 08 Apr 2016) Log Message Debugger may dereference m_currentCallFrame even after the VM has gone idle https://bugs.webkit.org/show_bug.cgi?id=156413 Reviewed by

[webkit-changes] [199182] trunk/Source/JavaScriptCore

Title: [199182] trunk/Source/_javascript_Core Revision 199182 Author sbar...@apple.com Date 2016-04-07 14:25:21 -0700 (Thu, 07 Apr 2016) Log Message Invalid assertion inside DebuggerScope::getOwnPropertySlot https://bugs.webkit.org/show_bug.cgi?id=156357 Reviewed by Keith Miller. The

[webkit-changes] [199179] trunk

Title: [199179] trunk Revision 199179 Author sbar...@apple.com Date 2016-04-07 14:01:42 -0700 (Thu, 07 Apr 2016) Log Message Initial implementation of annex b.3.3 behavior was incorrect https://bugs.webkit.org/show_bug.cgi?id=156276 Reviewed by Keith Miller. Source/_javascript_Core: I

[webkit-changes] [199135] trunk

Title: [199135] trunk Revision 199135 Author sbar...@apple.com Date 2016-04-06 18:50:09 -0700 (Wed, 06 Apr 2016) Log Message jsc-layout-tests.yaml/js/script-tests/regress-141098.js failing on Yosemite Debug after r198989 https://bugs.webkit.org/show_bug.cgi?id=156187 Reviewed by Keith

[webkit-changes] [199092] trunk/Source/JavaScriptCore

Title: [199092] trunk/Source/_javascript_Core Revision 199092 Author sbar...@apple.com Date 2016-04-05 20:55:11 -0700 (Tue, 05 Apr 2016) Log Message JSC SamplingProfiler: Use a thread + sleep loop instead of WTF::WorkQueue for taking samples https://bugs.webkit.org/show_bug.cgi?id=154017

[webkit-changes] [199070] trunk/Source/JavaScriptCore

Title: [199070] trunk/Source/_javascript_Core Revision 199070 Author sbar...@apple.com Date 2016-04-05 13:05:02 -0700 (Tue, 05 Apr 2016) Log Message jsc-layout-tests.yaml/js/script-tests/regress-141098.js failing on Yosemite Debug after r198989

[webkit-changes] [198989] trunk

Title: [198989] trunk Revision 198989 Author sbar...@apple.com Date 2016-04-03 12:45:05 -0700 (Sun, 03 Apr 2016) Log Message Implement Annex B.3.3 function hoisting rules for function code https://bugs.webkit.org/show_bug.cgi?id=155672 Reviewed by Geoffrey Garen.

[webkit-changes] [198932] trunk/Source

Title: [198932] trunk/Source Revision 198932 Author sbar...@apple.com Date 2016-03-31 17:24:18 -0700 (Thu, 31 Mar 2016) Log Message Revert rewrite const as var workaround https://bugs.webkit.org/show_bug.cgi?id=155393 Reviewed by Mark Lam. Source/_javascript_Core: * parser/Parser.h:

<    5   6   7   8   9   10   11   12   >