[webkit-changes] [238326] trunk

2018-11-16 Thread fpizlo
Title: [238326] trunk Revision 238326 Author fpi...@apple.com Date 2018-11-16 16:42:44 -0800 (Fri, 16 Nov 2018) Log Message All users of ArrayBuffer should agree on the same max size https://bugs.webkit.org/show_bug.cgi?id=191771 Reviewed by Mark Lam. JSTests: *

[webkit-changes] [238324] trunk/JSTests

2018-11-16 Thread fpizlo
Title: [238324] trunk/JSTests Revision 238324 Author fpi...@apple.com Date 2018-11-16 16:22:39 -0800 (Fri, 16 Nov 2018) Log Message Unreviewed, make some more tests not crash my computer by only running on instance of it. These tests do not need to run for each JSC config since they're

[webkit-changes] [238310] trunk/JSTests

2018-11-16 Thread fpizlo
Title: [238310] trunk/JSTests Revision 238310 Author fpi...@apple.com Date 2018-11-16 15:17:10 -0800 (Fri, 16 Nov 2018) Log Message Unreviewed, make some tests not crash my computer by only running on instance of it. These tests do not need to run for each JSC config since they're

[webkit-changes] [234097] trunk/Source/JavaScriptCore

2018-07-23 Thread fpizlo
Title: [234097] trunk/Source/_javascript_Core Revision 234097 Author fpi...@apple.com Date 2018-07-23 09:13:40 -0700 (Mon, 23 Jul 2018) Log Message Unreviewed, fix no-JIT build. * bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeFor): * bytecode/CodeBlock.cpp:

[webkit-changes] [233714] trunk/Source/JavaScriptCore

2018-07-10 Thread fpizlo
Title: [233714] trunk/Source/_javascript_Core Revision 233714 Author fpi...@apple.com Date 2018-07-10 17:16:07 -0700 (Tue, 10 Jul 2018) Log Message Change the reoptimization backoff base to 1.3 from 2 https://bugs.webkit.org/show_bug.cgi?id=187540 Reviewed by Saam Barati. I

[webkit-changes] [233631] trunk/Tools

2018-07-08 Thread fpizlo
Title: [233631] trunk/Tools Revision 233631 Author fpi...@apple.com Date 2018-07-08 16:18:47 -0700 (Sun, 08 Jul 2018) Log Message run-benchmark should run ARES-6 1.0.1 https://bugs.webkit.org/show_bug.cgi?id=187452 Reviewed by Sam Weinig. We forgot to update this when we released

[webkit-changes] [232598] trunk/Source/JavaScriptCore

2018-06-07 Thread fpizlo
Title: [232598] trunk/Source/_javascript_Core Revision 232598 Author fpi...@apple.com Date 2018-06-07 14:01:19 -0700 (Thu, 07 Jun 2018) Log Message FunctionRareData::m_objectAllocationProfileWatchpoint is racy https://bugs.webkit.org/show_bug.cgi?id=186237 Reviewed by Saam Barati. We

[webkit-changes] [232227] trunk/Source/WTF

2018-05-26 Thread fpizlo
Title: [232227] trunk/Source/WTF Revision 232227 Author fpi...@apple.com Date 2018-05-26 13:59:04 -0700 (Sat, 26 May 2018) Log Message testair sometimes crashes due to races in initialization of ARC4RandomNumberGenerator https://bugs.webkit.org/show_bug.cgi?id=186014 Reviewed by Yusuke

[webkit-changes] [232132] trunk/Source

2018-05-23 Thread fpizlo
Title: [232132] trunk/Source Revision 232132 Author fpi...@apple.com Date 2018-05-23 15:34:18 -0700 (Wed, 23 May 2018) Log Message Speed up JetStream/base64 https://bugs.webkit.org/show_bug.cgi?id=185914 Reviewed by Michael Saboff. Source/_javascript_Core: Make allocation fast

[webkit-changes] [232074] trunk/Source

2018-05-22 Thread fpizlo
Title: [232074] trunk/Source Revision 232074 Author fpi...@apple.com Date 2018-05-22 12:20:05 -0700 (Tue, 22 May 2018) Log Message Get rid of TLCs https://bugs.webkit.org/show_bug.cgi?id=185846 Rubber stamped by Geoffrey Garen. Source/_javascript_Core: This removes support for

[webkit-changes] [232008] trunk/Source/JavaScriptCore

2018-05-20 Thread fpizlo
Title: [232008] trunk/Source/_javascript_Core Revision 232008 Author fpi...@apple.com Date 2018-05-20 17:51:10 -0700 (Sun, 20 May 2018) Log Message Revert the B3 compiler pipeline's treatment of taildup https://bugs.webkit.org/show_bug.cgi?id=185808 Reviewed by Yusuke Suzuki.

[webkit-changes] [232000] trunk/Source

2018-05-19 Thread fpizlo
Title: [232000] trunk/Source Revision 232000 Author fpi...@apple.com Date 2018-05-19 15:00:21 -0700 (Sat, 19 May 2018) Log Message DFG should inline InstanceOf ICs https://bugs.webkit.org/show_bug.cgi?id=185695 Reviewed by Yusuke Suzuki. Source/_javascript_Core: This teaches

[webkit-changes] [231871] trunk

2018-05-16 Thread fpizlo
Title: [231871] trunk Revision 231871 Author fpi...@apple.com Date 2018-05-16 14:02:49 -0700 (Wed, 16 May 2018) Log Message DFG models InstanceOf incorrectly https://bugs.webkit.org/show_bug.cgi?id=185694 Reviewed by Keith Miller. JSTests: * stress/instanceof-proxy-check-structure.js:

[webkit-changes] [231743] trunk/Source/WTF

2018-05-13 Thread fpizlo
Title: [231743] trunk/Source/WTF Revision 231743 Author fpi...@apple.com Date 2018-05-13 11:57:03 -0700 (Sun, 13 May 2018) Log Message Disable pointer poisoning https://bugs.webkit.org/show_bug.cgi?id=185586 Reviewed by Yusuke Suzuki. This seems like a 0.3% speed-up on

[webkit-changes] [231741] trunk/Source/JavaScriptCore

2018-05-13 Thread fpizlo
Title: [231741] trunk/Source/_javascript_Core Revision 231741 Author fpi...@apple.com Date 2018-05-13 09:54:55 -0700 (Sun, 13 May 2018) Log Message CachedCall::call() should be faster https://bugs.webkit.org/show_bug.cgi?id=185583 Reviewed by Yusuke Suzuki. CachedCall is an

[webkit-changes] [231665] trunk/Source/JavaScriptCore

2018-05-10 Thread fpizlo
Title: [231665] trunk/Source/_javascript_Core Revision 231665 Author fpi...@apple.com Date 2018-05-10 15:23:12 -0700 (Thu, 10 May 2018) Log Message DFG CFA should pick the right time to inject OSR entry data https://bugs.webkit.org/show_bug.cgi?id=185530 Reviewed by Saam Barati.

[webkit-changes] [231660] trunk/Source/JavaScriptCore

2018-05-10 Thread fpizlo
Title: [231660] trunk/Source/_javascript_Core Revision 231660 Author fpi...@apple.com Date 2018-05-10 14:31:49 -0700 (Thu, 10 May 2018) Log Message InPlaceAbstractState::beginBasicBlock shouldn't copy all m_variables every time https://bugs.webkit.org/show_bug.cgi?id=185452 Reviewed by

[webkit-changes] [231607] trunk/Source/JavaScriptCore

2018-05-09 Thread fpizlo
Title: [231607] trunk/Source/_javascript_Core Revision 231607 Author fpi...@apple.com Date 2018-05-09 16:31:14 -0700 (Wed, 09 May 2018) Log Message Speed up AbstractInterpreter::executeEdges https://bugs.webkit.org/show_bug.cgi?id=185457 Reviewed by Saam Barati. This patch started out

[webkit-changes] [231522] trunk/Source/JavaScriptCore

2018-05-08 Thread fpizlo
Title: [231522] trunk/Source/_javascript_Core Revision 231522 Author fpi...@apple.com Date 2018-05-08 16:30:31 -0700 (Tue, 08 May 2018) Log Message DFG::FlowMap::resize() shouldn't resize the shadow map unless we're in SSA https://bugs.webkit.org/show_bug.cgi?id=185453 Reviewed by

[webkit-changes] [231514] trunk

2018-05-08 Thread fpizlo
Title: [231514] trunk Revision 231514 Author fpi...@apple.com Date 2018-05-08 14:49:09 -0700 (Tue, 08 May 2018) Log Message InPlaceAbstractState::beginBasicBlock shouldn't have to clear any abstract values https://bugs.webkit.org/show_bug.cgi?id=185365 Reviewed by Saam Barati.

[webkit-changes] [231468] trunk

2018-05-07 Thread fpizlo
Title: [231468] trunk Revision 231468 Author fpi...@apple.com Date 2018-05-07 17:07:20 -0700 (Mon, 07 May 2018) Log Message InPlaceAbstractState::beginBasicBlock shouldn't have to clear any abstract values https://bugs.webkit.org/show_bug.cgi?id=185365 Reviewed by Saam Barati.

[webkit-changes] [231467] trunk/Source/JavaScriptCore

2018-05-07 Thread fpizlo
Title: [231467] trunk/Source/_javascript_Core Revision 231467 Author fpi...@apple.com Date 2018-05-07 17:05:08 -0700 (Mon, 07 May 2018) Log Message DFG AI doesn't need to merge valuesAtTail - it can just assign them https://bugs.webkit.org/show_bug.cgi?id=185355 Reviewed by Mark Lam.

[webkit-changes] [231399] trunk/Source/JavaScriptCore

2018-05-05 Thread fpizlo
Title: [231399] trunk/Source/_javascript_Core Revision 231399 Author fpi...@apple.com Date 2018-05-05 18:06:09 -0700 (Sat, 05 May 2018) Log Message DFG CFA phase should only do clobber asserts in debug https://bugs.webkit.org/show_bug.cgi?id=185354 Reviewed by Saam Barati.

[webkit-changes] [231338] trunk/Source/JavaScriptCore

2018-05-03 Thread fpizlo
Title: [231338] trunk/Source/_javascript_Core Revision 231338 Author fpi...@apple.com Date 2018-05-03 17:41:58 -0700 (Thu, 03 May 2018) Log Message Make it easy to log compile times for all optimizing tiers https://bugs.webkit.org/show_bug.cgi?id=185270 Reviewed by Keith Miller.

[webkit-changes] [231283] trunk

2018-05-02 Thread fpizlo
Title: [231283] trunk Revision 231283 Author fpi...@apple.com Date 2018-05-02 17:37:30 -0700 (Wed, 02 May 2018) Log Message JSC should know how to cache custom getter accesses on the prototype chain https://bugs.webkit.org/show_bug.cgi?id=185213 Reviewed by Keith Miller. JSTests: *

[webkit-changes] [231250] trunk/Source/JavaScriptCore

2018-05-02 Thread fpizlo
Title: [231250] trunk/Source/_javascript_Core Revision 231250 Author fpi...@apple.com Date 2018-05-02 11:51:16 -0700 (Wed, 02 May 2018) Log Message JSC should be able to cache custom setter calls on the prototype chain https://bugs.webkit.org/show_bug.cgi?id=185174 Reviewed by Saam

[webkit-changes] [231204] trunk/Source/JavaScriptCore

2018-05-01 Thread fpizlo
Title: [231204] trunk/Source/_javascript_Core Revision 231204 Author fpi...@apple.com Date 2018-05-01 12:55:59 -0700 (Tue, 01 May 2018) Log Message B3::demoteValues should be able to handle patchpoint terminals https://bugs.webkit.org/show_bug.cgi?id=185151 Reviewed by Saam Barati.

[webkit-changes] [231185] trunk

2018-04-30 Thread fpizlo
Title: [231185] trunk Revision 231185 Author fpi...@apple.com Date 2018-04-30 17:04:44 -0700 (Mon, 30 Apr 2018) Log Message LICM shouldn't hoist nodes if hoisted nodes exited in that code block https://bugs.webkit.org/show_bug.cgi?id=185126 Reviewed by Saam Barati. JSTests: I

[webkit-changes] [231154] trunk/Source/JavaScriptCore

2018-04-29 Thread fpizlo
Title: [231154] trunk/Source/_javascript_Core Revision 231154 Author fpi...@apple.com Date 2018-04-29 16:41:55 -0700 (Sun, 29 Apr 2018) Log Message B3 should run tail duplication at the bitter end https://bugs.webkit.org/show_bug.cgi?id=185123 Reviewed by Geoffrey Garen. Also

[webkit-changes] [231116] trunk/Source/JavaScriptCore

2018-04-27 Thread fpizlo
Title: [231116] trunk/Source/_javascript_Core Revision 231116 Author fpi...@apple.com Date 2018-04-27 16:43:30 -0700 (Fri, 27 Apr 2018) Log Message Also run foldPathConstants before mussing up SSA https://bugs.webkit.org/show_bug.cgi?id=185069 Reviewed by Saam Barati. This

[webkit-changes] [230975] trunk/Source/JavaScriptCore

2018-04-24 Thread fpizlo
Title: [230975] trunk/Source/_javascript_Core Revision 230975 Author fpi...@apple.com Date 2018-04-24 15:29:39 -0700 (Tue, 24 Apr 2018) Log Message MultiByOffset should emit one fewer branches in the case that the set of structures is proved already

[webkit-changes] [230964] trunk/Source/JavaScriptCore

2018-04-24 Thread fpizlo
Title: [230964] trunk/Source/_javascript_Core Revision 230964 Author fpi...@apple.com Date 2018-04-24 11:54:47 -0700 (Tue, 24 Apr 2018) Log Message DFG CSE should know how to decay a MultiGetByOffset https://bugs.webkit.org/show_bug.cgi?id=159859 Reviewed by Keith Miller. This

[webkit-changes] [230956] trunk/Source/JavaScriptCore

2018-04-24 Thread fpizlo
Title: [230956] trunk/Source/_javascript_Core Revision 230956 Author fpi...@apple.com Date 2018-04-24 08:53:15 -0700 (Tue, 24 Apr 2018) Log Message $vm.totalGCTime() should be a thing https://bugs.webkit.org/show_bug.cgi?id=184916 Reviewed by Sam Weinig. When debugging

[webkit-changes] [230929] trunk/Source/JavaScriptCore

2018-04-23 Thread fpizlo
Title: [230929] trunk/Source/_javascript_Core Revision 230929 Author fpi...@apple.com Date 2018-04-23 15:26:50 -0700 (Mon, 23 Apr 2018) Log Message Unreviewed, revert accidental change to verbose flag. * dfg/DFGByteCodeParser.cpp: Modified Paths trunk/Source/_javascript_Core/ChangeLog

[webkit-changes] [230928] trunk/Source/JavaScriptCore

2018-04-23 Thread fpizlo
Title: [230928] trunk/Source/_javascript_Core Revision 230928 Author fpi...@apple.com Date 2018-04-23 15:25:29 -0700 (Mon, 23 Apr 2018) Log Message Roll out r226655 because it broke OSR entry when the pre-header is inadequately profiled. Rubber stamped by Saam Barati. This is a

[webkit-changes] [230813] trunk/Source

2018-04-19 Thread fpizlo
Title: [230813] trunk/Source Revision 230813 Author fpi...@apple.com Date 2018-04-19 12:33:03 -0700 (Thu, 19 Apr 2018) Log Message The InternalFunction hierarchy should be in IsoSubspaces https://bugs.webkit.org/show_bug.cgi?id=184721 Reviewed by Saam Barati. Source/_javascript_Core:

[webkit-changes] [230726] trunk/Source/JavaScriptCore

2018-04-17 Thread fpizlo
Title: [230726] trunk/Source/_javascript_Core Revision 230726 Author fpi...@apple.com Date 2018-04-17 12:56:33 -0700 (Tue, 17 Apr 2018) Log Message JSGenericTypedArrayView<>::visitChildren has a race condition reading m_mode and m_vector https://bugs.webkit.org/show_bug.cgi?id=184705

[webkit-changes] [230725] trunk

2018-04-17 Thread fpizlo
Title: [230725] trunk Revision 230725 Author fpi...@apple.com Date 2018-04-17 12:53:30 -0700 (Tue, 17 Apr 2018) Log Message PutStackSinkingPhase should know that KillStack means ConflictingFlush https://bugs.webkit.org/show_bug.cgi?id=184672 Reviewed by Michael Saboff. JSTests: *

[webkit-changes] [230723] trunk/Source/JavaScriptCore

2018-04-17 Thread fpizlo
Title: [230723] trunk/Source/_javascript_Core Revision 230723 Author fpi...@apple.com Date 2018-04-17 11:59:00 -0700 (Tue, 17 Apr 2018) Log Message JSWebAssemblyCodeBlock should be in an IsoSubspace https://bugs.webkit.org/show_bug.cgi?id=184704 Reviewed by Mark Lam. Previously

[webkit-changes] [230695] trunk/Source/WebCore

2018-04-16 Thread fpizlo
Title: [230695] trunk/Source/WebCore Revision 230695 Author fpi...@apple.com Date 2018-04-16 18:56:15 -0700 (Mon, 16 Apr 2018) Log Message MutationObserver should be in an IsoHeap https://bugs.webkit.org/show_bug.cgi?id=184671 Reviewed by Sam Weinig. No new tests because no new

[webkit-changes] [230662] trunk

2018-04-15 Thread fpizlo
Title: [230662] trunk Revision 230662 Author fpi...@apple.com Date 2018-04-15 10:38:01 -0700 (Sun, 15 Apr 2018) Log Message Function.prototype.caller shouldn't return generator bodies https://bugs.webkit.org/show_bug.cgi?id=184630 Reviewed by Yusuke Suzuki. JSTests: *

[webkit-changes] [230494] trunk/Source/JavaScriptCore

2018-04-10 Thread fpizlo
Title: [230494] trunk/Source/_javascript_Core Revision 230494 Author fpi...@apple.com Date 2018-04-10 14:16:21 -0700 (Tue, 10 Apr 2018) Log Message Unreviewed, fix cloop build. * dfg/DFGAbstractInterpreterClobberState.cpp: Modified Paths trunk/Source/_javascript_Core/ChangeLog

[webkit-changes] [230488] trunk

2018-04-10 Thread fpizlo
Title: [230488] trunk Revision 230488 Author fpi...@apple.com Date 2018-04-10 12:45:54 -0700 (Tue, 10 Apr 2018) Log Message DFG AI and clobberize should agree with each other https://bugs.webkit.org/show_bug.cgi?id=184440 Reviewed by Saam Barati. JSTests: Add tests for all of

[webkit-changes] [230486] trunk/Source/JavaScriptCore

2018-04-10 Thread fpizlo
Title: [230486] trunk/Source/_javascript_Core Revision 230486 Author fpi...@apple.com Date 2018-04-10 11:04:07 -0700 (Tue, 10 Apr 2018) Log Message ExecutableToCodeBlockEdge::visitChildren() should be cool with m_codeBlock being null since we clear it in finalizeUnconditionally()

[webkit-changes] [230485] trunk/Source/JavaScriptCore

2018-04-10 Thread fpizlo
Title: [230485] trunk/Source/_javascript_Core Revision 230485 Author fpi...@apple.com Date 2018-04-10 10:57:29 -0700 (Tue, 10 Apr 2018) Log Message REGRESSION(r227341 and r227742): AI and clobberize should be precise and consistent about the effectfulness of CompareEq

[webkit-changes] [230465] trunk/Source/JavaScriptCore

2018-04-09 Thread fpizlo
Title: [230465] trunk/Source/_javascript_Core Revision 230465 Author fpi...@apple.com Date 2018-04-09 19:42:27 -0700 (Mon, 09 Apr 2018) Log Message Executing known edge types may reveal a contradiction causing us to emit an exit at a node that is not allowed to exit

[webkit-changes] [230287] trunk

2018-04-04 Thread fpizlo
Title: [230287] trunk Revision 230287 Author fpi...@apple.com Date 2018-04-04 17:30:48 -0700 (Wed, 04 Apr 2018) Log Message REGRESSION(r222563): removed DoubleReal type check causes tons of crashes because CSE has never known how to handle SaneChain

[webkit-changes] [230273] trunk/Source/JavaScriptCore

2018-04-04 Thread fpizlo
Title: [230273] trunk/Source/_javascript_Core Revision 230273 Author fpi...@apple.com Date 2018-04-04 13:29:43 -0700 (Wed, 04 Apr 2018) Log Message Remove poisoning of typed array vector https://bugs.webkit.org/show_bug.cgi?id=184313 Reviewed by Saam Barati. * dfg/DFGFixupPhase.cpp:

[webkit-changes] [230266] trunk/Source/JavaScriptCore

2018-04-04 Thread fpizlo
Title: [230266] trunk/Source/_javascript_Core Revision 230266 Author fpi...@apple.com Date 2018-04-04 10:55:44 -0700 (Wed, 04 Apr 2018) Log Message Don't do index masking or poisoning for DirectArguments https://bugs.webkit.org/show_bug.cgi?id=184280 Reviewed by Saam Barati. *

[webkit-changes] [230264] trunk/Source/JavaScriptCore

2018-04-04 Thread fpizlo
Title: [230264] trunk/Source/_javascript_Core Revision 230264 Author fpi...@apple.com Date 2018-04-04 10:42:11 -0700 (Wed, 04 Apr 2018) Log Message JSArray::appendMemcpy seems to be missing a barrier https://bugs.webkit.org/show_bug.cgi?id=184290 Reviewed by Mark Lam. If you

[webkit-changes] [230226] trunk/Source

2018-04-03 Thread fpizlo
Title: [230226] trunk/Source Revision 230226 Author fpi...@apple.com Date 2018-04-03 16:52:09 -0700 (Tue, 03 Apr 2018) Log Message GC shouldn't do object distancing https://bugs.webkit.org/show_bug.cgi?id=184195 Reviewed by Saam Barati. Source/_javascript_Core: This rolls out

[webkit-changes] [230145] trunk/Source/JavaScriptCore

2018-04-01 Thread fpizlo
Title: [230145] trunk/Source/_javascript_Core Revision 230145 Author fpi...@apple.com Date 2018-04-01 12:46:05 -0700 (Sun, 01 Apr 2018) Log Message Raise the for-call inlining threshold to 190 to fix JetStream/richards regression https://bugs.webkit.org/show_bug.cgi?id=184228 Reviewed

[webkit-changes] [230143] trunk

2018-04-01 Thread fpizlo
Title: [230143] trunk Revision 230143 Author fpi...@apple.com Date 2018-04-01 10:08:39 -0700 (Sun, 01 Apr 2018) Log Message JSC crash in JIT code with for-of loop and Array/Set iterators https://bugs.webkit.org/show_bug.cgi?id=183174 Reviewed by Saam Barati. JSTests: *

[webkit-changes] [230130] trunk/Source

2018-03-31 Thread fpizlo
Title: [230130] trunk/Source Revision 230130 Author fpi...@apple.com Date 2018-03-31 08:55:38 -0700 (Sat, 31 Mar 2018) Log Message Strings and Vectors shouldn't do index masking https://bugs.webkit.org/show_bug.cgi?id=184193 Reviewed by Mark Lam. Source/_javascript_Core: *

[webkit-changes] [230115] trunk

2018-03-30 Thread fpizlo
Title: [230115] trunk Revision 230115 Author fpi...@apple.com Date 2018-03-30 13:31:00 -0700 (Fri, 30 Mar 2018) Log Message Bytecode generator should not get_from_scope something that may be a hole into a variable that is already live https://bugs.webkit.org/show_bug.cgi?id=184189

[webkit-changes] [229987] trunk

2018-03-26 Thread fpizlo
Title: [229987] trunk Revision 229987 Author fpi...@apple.com Date 2018-03-26 14:01:16 -0700 (Mon, 26 Mar 2018) Log Message DFG should know that CreateThis can be effectful https://bugs.webkit.org/show_bug.cgi?id=184013 Reviewed by Saam Barati. JSTests: *

[webkit-changes] [229842] trunk

2018-03-21 Thread fpizlo
Title: [229842] trunk Revision 229842 Author fpi...@apple.com Date 2018-03-21 19:15:44 -0700 (Wed, 21 Mar 2018) Log Message ScopedArguments should do poisoning and index masking https://bugs.webkit.org/show_bug.cgi?id=183863 Reviewed by Mark Lam. JSTests: Adds another stress

[webkit-changes] [229545] trunk/Source/JavaScriptCore

2018-03-12 Thread fpizlo
Title: [229545] trunk/Source/_javascript_Core Revision 229545 Author fpi...@apple.com Date 2018-03-12 13:19:53 -0700 (Mon, 12 Mar 2018) Log Message Unreviewed, fix simple goof that was causing 32-bit DFG crashes. * dfg/DFGSpeculativeJIT.cpp:

[webkit-changes] [229518] trunk/Source

2018-03-11 Thread fpizlo
Title: [229518] trunk/Source Revision 229518 Author fpi...@apple.com Date 2018-03-11 14:09:20 -0700 (Sun, 11 Mar 2018) Log Message Split DirectArguments into JSValueOOB and JSValueStrict parts https://bugs.webkit.org/show_bug.cgi?id=183458 Reviewed by Yusuke Suzuki.

[webkit-changes] [229516] trunk/Source/bmalloc

2018-03-11 Thread fpizlo
Title: [229516] trunk/Source/bmalloc Revision 229516 Author fpi...@apple.com Date 2018-03-11 10:45:49 -0700 (Sun, 11 Mar 2018) Log Message PerProcess<> should be safe by default https://bugs.webkit.org/show_bug.cgi?id=183545 Reviewed by Yusuke Suzuki. This makes PerProcess<>

[webkit-changes] [229436] trunk/Source

2018-03-08 Thread fpizlo
Title: [229436] trunk/Source Revision 229436 Author fpi...@apple.com Date 2018-03-08 14:58:23 -0800 (Thu, 08 Mar 2018) Log Message bmalloc mutex should be adaptive https://bugs.webkit.org/show_bug.cgi?id=177839 Reviewed by Michael Saboff. Source/bmalloc: This pulls the

[webkit-changes] [229412] trunk/Source

2018-03-08 Thread fpizlo
Title: [229412] trunk/Source Revision 229412 Author fpi...@apple.com Date 2018-03-08 09:11:51 -0800 (Thu, 08 Mar 2018) Log Message Make it possible to randomize register allocation https://bugs.webkit.org/show_bug.cgi?id=183416 Reviewed by Keith Miller. Source/_javascript_Core:

[webkit-changes] [229366] trunk/Source/JavaScriptCore

2018-03-07 Thread fpizlo
Title: [229366] trunk/Source/_javascript_Core Revision 229366 Author fpi...@apple.com Date 2018-03-07 10:14:02 -0800 (Wed, 07 Mar 2018) Log Message MarkedArgumentsBuffer should allocate from the JSValue Gigacage https://bugs.webkit.org/show_bug.cgi?id=183377 Reviewed by Michael Saboff.

[webkit-changes] [228693] trunk/Source/JavaScriptCore

2018-02-19 Thread fpizlo
Title: [228693] trunk/Source/_javascript_Core Revision 228693 Author fpi...@apple.com Date 2018-02-19 09:39:52 -0800 (Mon, 19 Feb 2018) Log Message GetArrayMask should support constant folding https://bugs.webkit.org/show_bug.cgi?id=182907 Reviewed by Saam Barati. Implement

[webkit-changes] [228576] trunk/Source

2018-02-16 Thread fpizlo
Title: [228576] trunk/Source Revision 228576 Author fpi...@apple.com Date 2018-02-16 13:38:53 -0800 (Fri, 16 Feb 2018) Log Message Unreviewed, roll out r228306 (custom memcpy/memset) because the bots say that it was not a progression. Source/bmalloc: * bmalloc/Algorithm.h:

[webkit-changes] [228552] trunk/Source/JavaScriptCore

2018-02-15 Thread fpizlo
Title: [228552] trunk/Source/_javascript_Core Revision 228552 Author fpi...@apple.com Date 2018-02-15 21:27:39 -0800 (Thu, 15 Feb 2018) Log Message Objects that contain dangerous things should be allocated far away from objects that can do OOB

[webkit-changes] [228538] trunk

2018-02-15 Thread fpizlo
Title: [228538] trunk Revision 228538 Author fpi...@apple.com Date 2018-02-15 15:38:15 -0800 (Thu, 15 Feb 2018) Log Message Unreviewed, roll out r228366 since it did not progress anything. JSTests: * stress/gc-error-stack.js: Removed. * stress/no-gc-error-stack.js: Removed.

[webkit-changes] [228420] trunk/Source/JavaScriptCore

2018-02-13 Thread fpizlo
Title: [228420] trunk/Source/_javascript_Core Revision 228420 Author fpi...@apple.com Date 2018-02-13 09:02:45 -0800 (Tue, 13 Feb 2018) Log Message Lock down JSFunction https://bugs.webkit.org/show_bug.cgi?id=182652 Reviewed by Saam Barati. This poisons pointers in JSFunction

[webkit-changes] [228366] trunk

2018-02-11 Thread fpizlo
Title: [228366] trunk Revision 228366 Author fpi...@apple.com Date 2018-02-10 15:49:54 -0800 (Sat, 10 Feb 2018) Log Message Don't waste memory for error.stack https://bugs.webkit.org/show_bug.cgi?id=182656 Reviewed by Saam Barati. JSTests: Tests the policy. *

[webkit-changes] [228306] trunk/Source

2018-02-08 Thread fpizlo
Title: [228306] trunk/Source Revision 228306 Author fpi...@apple.com Date 2018-02-08 18:13:01 -0800 (Thu, 08 Feb 2018) Log Message Experiment with alternative implementation of memcpy/memset https://bugs.webkit.org/show_bug.cgi?id=182563 Reviewed by Michael Saboff and Mark Lam.

[webkit-changes] [228149] trunk/Source

2018-02-05 Thread fpizlo
Title: [228149] trunk/Source Revision 228149 Author fpi...@apple.com Date 2018-02-05 19:50:30 -0800 (Mon, 05 Feb 2018) Log Message Global objects should be able to use TLCs to allocate from different blocks from each other https://bugs.webkit.org/show_bug.cgi?id=182227

[webkit-changes] [227718] trunk/Source/JavaScriptCore

2018-01-28 Thread fpizlo
Title: [227718] trunk/Source/_javascript_Core Revision 227718 Author fpi...@apple.com Date 2018-01-28 11:08:08 -0800 (Sun, 28 Jan 2018) Log Message Make MarkedBlock::Footer bigger https://bugs.webkit.org/show_bug.cgi?id=182220 Reviewed by JF Bastien. This makes the block footer

[webkit-changes] [227717] trunk/Source/JavaScriptCore

2018-01-27 Thread fpizlo
Title: [227717] trunk/Source/_javascript_Core Revision 227717 Author fpi...@apple.com Date 2018-01-27 18:23:25 -0800 (Sat, 27 Jan 2018) Log Message MarkedBlock should have a footer instead of a header https://bugs.webkit.org/show_bug.cgi?id=182217 Reviewed by JF Bastien. This

[webkit-changes] [227683] trunk/Source

2018-01-26 Thread fpizlo
Title: [227683] trunk/Source Revision 227683 Author fpi...@apple.com Date 2018-01-26 10:42:52 -0800 (Fri, 26 Jan 2018) Log Message Disable TLS-based TLCs https://bugs.webkit.org/show_bug.cgi?id=182175 Reviewed by Saam Barati. Source/_javascript_Core: Check for the new

[webkit-changes] [227643] trunk/Source

2018-01-25 Thread fpizlo
Title: [227643] trunk/Source Revision 227643 Author fpi...@apple.com Date 2018-01-25 16:05:57 -0800 (Thu, 25 Jan 2018) Log Message DirectArguments should protect itself using dynamic poisoning and precise index masking https://bugs.webkit.org/show_bug.cgi?id=182086 Reviewed by Saam

[webkit-changes] [227462] trunk/Source/JavaScriptCore

2018-01-23 Thread fpizlo
Title: [227462] trunk/Source/_javascript_Core Revision 227462 Author fpi...@apple.com Date 2018-01-23 16:40:12 -0800 (Tue, 23 Jan 2018) Log Message Use precise index masking for FTL GetByArgumentByVal https://bugs.webkit.org/show_bug.cgi?id=182006 Reviewed by Keith Miller. This

[webkit-changes] [227431] trunk/Source/JavaScriptCore

2018-01-23 Thread fpizlo
Title: [227431] trunk/Source/_javascript_Core Revision 227431 Author fpi...@apple.com Date 2018-01-23 12:16:56 -0800 (Tue, 23 Jan 2018) Log Message DFG should always flush `this` https://bugs.webkit.org/show_bug.cgi?id=181999 Reviewed by Saam Barati and Mark Lam. This is going

[webkit-changes] [227424] trunk/Source

2018-01-23 Thread fpizlo
Title: [227424] trunk/Source Revision 227424 Author fpi...@apple.com Date 2018-01-23 10:26:35 -0800 (Tue, 23 Jan 2018) Log Message JSC should use a speculation fence on VM entry/exit https://bugs.webkit.org/show_bug.cgi?id=181991 Reviewed by JF Bastien and Mark Lam.

[webkit-changes] [227417] trunk/JSTests

2018-01-23 Thread fpizlo
Title: [227417] trunk/JSTests Revision 227417 Author fpi...@apple.com Date 2018-01-23 09:11:40 -0800 (Tue, 23 Jan 2018) Log Message Unreviewed, retire some microbenchmarks that are proportionately very slow. Benchmark running time should be proportional to their value. Microbenchmarks

[webkit-changes] [226784] trunk/Source/WTF

2018-01-11 Thread fpizlo
Title: [226784] trunk/Source/WTF Revision 226784 Author fpi...@apple.com Date 2018-01-11 09:58:46 -0800 (Thu, 11 Jan 2018) Log Message Reserve a fast TLS key for GC TLC https://bugs.webkit.org/show_bug.cgi?id=181539 Reviewed by Alexey Proskuryakov. Who knew that thread-local

[webkit-changes] [226068] trunk/Source

2017-12-18 Thread fpizlo
Title: [226068] trunk/Source Revision 226068 Author fpi...@apple.com Date 2017-12-18 12:15:41 -0800 (Mon, 18 Dec 2017) Log Message Vector index masking https://bugs.webkit.org/show_bug.cgi?id=180909 Reviewed by Keith Miller. Source/_javascript_Core: Adopt index masking for

[webkit-changes] [225893] trunk/Source/JavaScriptCore

2017-12-13 Thread fpizlo
Title: [225893] trunk/Source/_javascript_Core Revision 225893 Author fpi...@apple.com Date 2017-12-13 22:04:51 -0800 (Wed, 13 Dec 2017) Log Message Octane/richards regressed by a whopping 20% because eliminateCommonSubexpressions has a weird fixpoint requirement

[webkit-changes] [225887] trunk/Source/JavaScriptCore

2017-12-13 Thread fpizlo
Title: [225887] trunk/Source/_javascript_Core Revision 225887 Author fpi...@apple.com Date 2017-12-13 17:12:03 -0800 (Wed, 13 Dec 2017) Log Message InferredValue should use IsoSubspace https://bugs.webkit.org/show_bug.cgi?id=180738 Reviewed by Keith Miller. This moves

[webkit-changes] [225835] trunk/Source/JavaScriptCore

2017-12-12 Thread fpizlo
Title: [225835] trunk/Source/_javascript_Core Revision 225835 Author fpi...@apple.com Date 2017-12-12 19:26:39 -0800 (Tue, 12 Dec 2017) Log Message Structure, StructureRareData, and PropertyTable should be in IsoSubspaces https://bugs.webkit.org/show_bug.cgi?id=180732 Rubber stamped by

[webkit-changes] [225831] trunk/Source

2017-12-12 Thread fpizlo
Title: [225831] trunk/Source Revision 225831 Author fpi...@apple.com Date 2017-12-12 18:35:54 -0800 (Tue, 12 Dec 2017) Log Message It should be possible to flag a cell for unconditional finalization https://bugs.webkit.org/show_bug.cgi?id=180636 Reviewed by Saam Barati.

[webkit-changes] [225734] trunk/Source/JavaScriptCore

2017-12-10 Thread fpizlo
Title: [225734] trunk/Source/_javascript_Core Revision 225734 Author fpi...@apple.com Date 2017-12-10 17:10:32 -0800 (Sun, 10 Dec 2017) Log Message Harden a few assertions in GC sweep https://bugs.webkit.org/show_bug.cgi?id=180634 Reviewed by Saam Barati. This turns one dynamic

[webkit-changes] [225725] trunk/Source/JavaScriptCore

2017-12-09 Thread fpizlo
Title: [225725] trunk/Source/_javascript_Core Revision 225725 Author fpi...@apple.com Date 2017-12-09 11:48:04 -0800 (Sat, 09 Dec 2017) Log Message InferredType should not use UnconditionalFinalizer https://bugs.webkit.org/show_bug.cgi?id=180456 Reviewed by Saam Barati. This

[webkit-changes] [225551] trunk/Source

2017-12-05 Thread fpizlo
Title: [225551] trunk/Source Revision 225551 Author fpi...@apple.com Date 2017-12-05 14:50:47 -0800 (Tue, 05 Dec 2017) Log Message bmalloc IsoHeap needs to allow a thread to deallocate some size for the first time https://bugs.webkit.org/show_bug.cgi?id=180443 Reviewed by Saam Barati.

[webkit-changes] [225540] trunk/Source/JavaScriptCore

2017-12-05 Thread fpizlo
Title: [225540] trunk/Source/_javascript_Core Revision 225540 Author fpi...@apple.com Date 2017-12-05 13:55:08 -0800 (Tue, 05 Dec 2017) Log Message IsoAlignedMemoryAllocator needs to free all of its memory when the VM destructs https://bugs.webkit.org/show_bug.cgi?id=180425 Reviewed by

[webkit-changes] [225315] trunk/Source/JavaScriptCore

2017-11-29 Thread fpizlo
Title: [225315] trunk/Source/_javascript_Core Revision 225315 Author fpi...@apple.com Date 2017-11-29 20:48:52 -0800 (Wed, 29 Nov 2017) Log Message CodeBlockSet::deleteUnmarkedAndUnreferenced can be a little more efficient https://bugs.webkit.org/show_bug.cgi?id=180108 Reviewed by Saam

[webkit-changes] [225180] trunk/Source/bmalloc

2017-11-27 Thread fpizlo
Title: [225180] trunk/Source/bmalloc Revision 225180 Author fpi...@apple.com Date 2017-11-27 10:24:56 -0800 (Mon, 27 Nov 2017) Log Message Don't crash in forEachEntry when DebugHeap is enabled. Unreviewed, fixing crashes on leaks bots by removing an assertion. * bmalloc/IsoTLS.cpp:

[webkit-changes] [225125] trunk/Source/bmalloc

2017-11-23 Thread fpizlo
Title: [225125] trunk/Source/bmalloc Revision 225125 Author fpi...@apple.com Date 2017-11-23 16:47:58 -0800 (Thu, 23 Nov 2017) Log Message Isolated Heaps caused an increase in reported leaks on the bots https://bugs.webkit.org/show_bug.cgi?id=179463 Reviewed by Darin Adler.

[webkit-changes] [224562] trunk/Source/WTF

2017-11-07 Thread fpizlo
Title: [224562] trunk/Source/WTF Revision 224562 Author fpi...@apple.com Date 2017-11-07 17:30:14 -0800 (Tue, 07 Nov 2017) Log Message Disable isoheaps on iOS Reviewed by Ryosuke Niwa. * wtf/IsoMalloc.h: Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/IsoMalloc.h

[webkit-changes] [224349] trunk

2017-11-02 Thread fpizlo
Title: [224349] trunk Revision 224349 Author fpi...@apple.com Date 2017-11-02 12:17:25 -0700 (Thu, 02 Nov 2017) Log Message AI does not correctly model the clobber case of ArithClz32 https://bugs.webkit.org/show_bug.cgi?id=179188 Reviewed by Michael Saboff. JSTests: *

[webkit-changes] [223586] trunk/Source/bmalloc

2017-10-17 Thread fpizlo
Title: [223586] trunk/Source/bmalloc Revision 223586 Author fpi...@apple.com Date 2017-10-17 16:49:40 -0700 (Tue, 17 Oct 2017) Log Message You can't vmDeallocate null Reviewed by Michael Saboff. After failing allocation, we would try to deallocate the thing we failed to

[webkit-changes] [223415] trunk/Source

2017-10-16 Thread fpizlo
Title: [223415] trunk/Source Revision 223415 Author fpi...@apple.com Date 2017-10-16 10:19:11 -0700 (Mon, 16 Oct 2017) Log Message Make some asserts into release asserts https://bugs.webkit.org/show_bug.cgi?id=178324 Reviewed by Saam Barati. Source/_javascript_Core: These

[webkit-changes] [223239] trunk

2017-10-12 Thread fpizlo
Title: [223239] trunk Revision 223239 Author fpi...@apple.com Date 2017-10-12 09:02:45 -0700 (Thu, 12 Oct 2017) Log Message Enable gigacage on iOS https://bugs.webkit.org/show_bug.cgi?id=177586 Reviewed by JF Bastien. JSTests: Add tests for when Gigacage gets runtime disabled.

[webkit-changes] [223121] trunk/Source/bmalloc

2017-10-09 Thread fpizlo
Title: [223121] trunk/Source/bmalloc Revision 223121 Author fpi...@apple.com Date 2017-10-09 21:28:18 -0700 (Mon, 09 Oct 2017) Log Message Use one virtual allocation for all gigacages and their runways https://bugs.webkit.org/show_bug.cgi?id=178050 Reviewed by Saam Barati. *

[webkit-changes] [223116] trunk/Source/JavaScriptCore

2017-10-09 Thread fpizlo
Title: [223116] trunk/Source/_javascript_Core Revision 223116 Author fpi...@apple.com Date 2017-10-09 19:48:39 -0700 (Mon, 09 Oct 2017) Log Message JSCell::didBecomePrototype is racy https://bugs.webkit.org/show_bug.cgi?id=178110 Reviewed by Saam Barati. The indexing type can

[webkit-changes] [223113] trunk

2017-10-09 Thread fpizlo
Title: [223113] trunk Revision 223113 Author fpi...@apple.com Date 2017-10-09 18:40:53 -0700 (Mon, 09 Oct 2017) Log Message Enable gigacage on iOS https://bugs.webkit.org/show_bug.cgi?id=177586 Reviewed by JF Bastien. JSTests: Add tests for when Gigacage gets runtime disabled.

  1   2   3   4   5   6   7   8   9   10   >