2021-08-23 06:28:16 +00:00
2021-08-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove already-shipped wasm option flags
https://bugs.webkit.org/show_bug.cgi?id=229386
Reviewed by Ross Kirsling.
* wasm/references/element_active_mod.js:
* wasm/references/element_parsing.js:
* wasm/references/externref_globals.js:
* wasm/references/externref_modules.js:
* wasm/references/externref_table.js:
* wasm/references/externref_table_import.js:
* wasm/references/func_ref.js:
* wasm/references/globals.js:
* wasm/references/is_null.js:
* wasm/references/memory_copy.js:
* wasm/references/memory_copy_shared.js:
* wasm/references/memory_fill_shared.js:
* wasm/references/multitable.js:
* wasm/references/parse_unreachable.js:
* wasm/references/table_js_api.js:
* wasm/references/table_misc.js:
* wasm/references/validation.js:
* wasm/stress/immutable-globals.js:
* wasm/stress/local-ref.js:
* wasm/stress/mutable-globals.js:
* wasm/stress/table-grow-table-size.js:
2021-08-23 01:06:11 +00:00
2021-08-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove already-shipped JS feature flags
https://bugs.webkit.org/show_bug.cgi?id=229387
Reviewed by Ross Kirsling.
* microbenchmarks/class-fields-private/get-private-name.js:
* microbenchmarks/class-fields-private/monomorphic-get-private-field.js:
* microbenchmarks/class-fields-private/polymorphic-get-private-field.js:
* microbenchmarks/class-fields-private/polymorphic-put-private-field.js:
* microbenchmarks/class-fields-private/put-private-field.js:
* stress/class-fields-private-as-function.js:
* stress/class-fields-private-cached-bytecode.js:
* stress/class-fields-private-freeze-out-of-line.js:
* stress/class-fields-private-freeze.js:
* stress/class-fields-private-harmony.js:
* stress/class-fields-private-on-proxy.js:
* stress/class-fields-private-out-of-line.js:
* stress/class-fields-private-prevent-extensions-out-of-line.js:
* stress/class-fields-private-prevent-extensions.js:
* stress/class-fields-private-seal-out-of-line.js:
* stress/class-fields-private-seal.js:
* stress/class-fields-private-use-eval.js:
* stress/class-fields-static-harmony.js:
* stress/class-fields-static-private-harmony.js:
* stress/class-fields-stress-instance.js:
* stress/class-private-method-access.js:
* stress/dfg-get-private-name-by-id-generic.js:
* stress/dfg-get-private-name-by-id-osr-bad-identifier.js:
* stress/dfg-get-private-name-by-id.js:
* stress/dfg-get-private-name-by-offset-osr-bad-identifier.js:
* stress/dfg-get-private-name-by-offset-osr-bad-structure.js:
* stress/dfg-get-private-name-by-offset.js:
* stress/dfg-get-private-name-by-val-generic.js:
* stress/dfg-put-private-name-check-barrier-insertion.js:
* stress/dfg-put-private-name-compiled-as-put-by-id-direct.js:
* stress/dfg-put-private-name-compiled-as-put-private-name-by-id.js:
* stress/ftl-get-private-name-by-id.js:
* stress/ftl-get-private-name-by-offset-multi.js:
* stress/get-private-name-cache-failure.js:
* stress/get-private-name-with-constant-ident.js:
* stress/get-private-name-with-constant-symbol.js:
* stress/get-private-name-with-different-symbol.js:
* stress/get-private-name-with-primitive.js:
* stress/get-private-name.js:
* stress/optional-chaining-and-private-fields.js:
* stress/private-accesor-duplicate-name-early-errors.js:
* stress/private-accessor-static-non-static.js:
* stress/private-brand-installed-after-super-call-from-arrow-function.js:
* stress/private-brand-installed-after-super-call-from-eval.js:
* stress/private-getter-brand-check.js:
* stress/private-getter-inner-class.js:
* stress/private-in-error.js:
* stress/private-in.js:
* stress/private-members-get-and-set.js:
* stress/private-method-and-field-named-constructor.js:
* stress/private-method-brand-check.js:
* stress/private-method-change-attribute-from-branded-structure.js:
* stress/private-method-change-prototype-from-branded-structure.js:
* stress/private-method-check-private-brand-ic.js:
* stress/private-method-check-structure-miss.js:
* stress/private-method-comparison.js:
* stress/private-method-delete-property-from-branded-structure.js:
* stress/private-method-extends-brand-check.js:
* stress/private-method-get-and-call.js:
* stress/private-method-invalid-multiple-brand-installation.js:
* stress/private-method-invalidate-compiled-with-constant-symbol.js:
* stress/private-method-nested-class.js:
* stress/private-method-on-sealed-objects.js:
* stress/private-method-on-uncacheable-dictionary.js:
* stress/private-method-polymorphic-with-constant-symbol.js:
* stress/private-method-set-brand-should-have-write-barrier.js:
* stress/private-method-untyped-use.js:
* stress/private-method-with-uncacheable-dictionary-transition.js:
* stress/private-methods-and-accessors-postfix-node.js:
* stress/private-methods-and-accessors-prefix-node.js:
* stress/private-methods-inline-cache.js:
* stress/private-methods-megamorphic-ic.js:
* stress/private-methods-on-proxy.js:
* stress/private-methods-poly-ic-multiple-classes.js:
* stress/private-methods-poly-ic-single-class.js:
* stress/private-name-access-in-computed-property.js:
* stress/private-names-available-on-direct-eval.js:
* stress/private-names-available-on-eval-during-field-initialization.js:
* stress/private-setter-brand-check.js:
* stress/private-setter-inner-class.js:
* stress/put-by-val-direct-addprivate.js:
* stress/put-by-val-direct-putprivate.js:
* stress/put-private-name-by-id-set-do-not-add-structure-trasition.js:
* stress/put-private-name-check-structure-miss.js:
* stress/put-private-name-constant-folding-to-mult-put-by-offset.js:
* stress/put-private-name-constant-folding-to-put-by-offset.js:
* stress/put-private-name-generic.js:
* stress/put-private-name-invalid-define.js:
* stress/put-private-name-invalid-store.js:
* stress/put-private-name-invalidate-compiled-with-constant-symbol.js:
* stress/put-private-name-polymorphic-with-constant-symbol.js:
* stress/put-private-name-untyped-use.js:
* stress/put-private-name-with-constant-symbol.js:
* stress/put-private-name-with-different-identifier.js:
* stress/put-private-name-with-primitive.js:
* stress/static-private-methods-and-accessor-inner-class.js:
* stress/static-private-methods-and-accessor-multiple-evaluation.js:
* stress/static-private-methods-and-accessors-postfix-node.js:
* stress/static-private-methods-and-accessors-prefix-node.js:
* stress/v8-cleanup-from-different-realm.js:
* stress/v8-cleanup-proxy-from-different-realm.js:
* stress/v8-finalization-registry-basics.js:
* stress/v8-finalizationregistry-and-weakref.js:
* stress/v8-finalizationregistry-keeps-holdings-alive.js:
* stress/v8-finalizationregistry-scheduled-for-cleanup-multiple-times.js:
* stress/v8-multiple-dirty-finalization-registries.js:
* stress/v8-reentrant-gc-from-cleanup.js:
* stress/v8-stress-finalizationregistry-dirty-enqueue.js:
* stress/v8-undefined-holdings.js:
* stress/v8-unregister-after-cleanup.js:
* stress/v8-unregister-before-cleanup.js:
* stress/v8-unregister-called-twice.js:
* stress/v8-unregister-inside-cleanup2.js:
* stress/v8-unregister-inside-cleanup3.js:
* stress/v8-unregister-many.js:
* stress/v8-weak-unregistertoken.js:
* test262/config.yaml:
2021-08-22 22:09:52 +00:00
2021-08-22 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, speculative fix for old ICU
https://bugs.webkit.org/show_bug.cgi?id=229385
* stress/intl-locale-info.js:
(shouldBe):
2021-08-22 00:26:53 +00:00
2021-08-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove Intl runtime feature flags for already shipped ones
https://bugs.webkit.org/show_bug.cgi?id=229371
Reviewed by Ross Kirsling.
* stress/intl-datetimeformat-day-period.js:
* test262/config.yaml:
2021-08-21 16:17:02 +00:00
2021-08-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Intl.DisplayNames v2
https://bugs.webkit.org/show_bug.cgi?id=227832
Reviewed by Ross Kirsling.
* stress/intl-displaynames-v2.js: Added.
(shouldBe):
(shouldThrow):
(vm.icuVersion):
* stress/intl-displaynames.js:
(vm.icuVersion):
* test262/config.yaml:
* test262/expectations.yaml:
2021-08-21 14:33:08 +00:00
2021-08-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Intl Locale Info
https://bugs.webkit.org/show_bug.cgi?id=227830
Reviewed by Ross Kirsling.
* stress/intl-locale-info.js: Added.
(shouldBe):
(throw.new.Error):
(let.enGB.new.Intl.Locale.shouldBe):
(let.l.new.Intl.Locale.shouldBe):
* test262/config.yaml:
2021-08-21 13:02:32 +00:00
2021-08-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Extend Intl TimeZoneName Option
https://bugs.webkit.org/show_bug.cgi?id=227831
Reviewed by Ross Kirsling.
* stress/intl-extended-timezone-names.js: Added.
(shouldBe):
(timeZoneTest):
* test262/config.yaml:
2021-08-21 12:10:09 +00:00
2021-08-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Enable Array#findLast method
https://bugs.webkit.org/show_bug.cgi?id=229355
Reviewed by Saam Barati.
* stress/unscopables.js:
2021-08-17 19:23:23 +00:00
2021-08-17 Mikhail R. Gadelha <mikhail@igalia.com>
Unreviewed. Skip failing MIPS tests
https://bugs.webkit.org/show_bug.cgi?id=229198
* ChakraCore.yaml:
2021-08-13 19:29:04 +00:00
2021-08-13 Keith Miller <keith_miller@apple.com>
EnumeratorNextUpdatePropertyName always needs to be able to handle IndexedMode
https://bugs.webkit.org/show_bug.cgi?id=229087
Reviewed by Filip Pizlo.
* stress/for-in-own-structure-and-generic-with-late-add-indexed.js: Added.
(test):
(Foo):
2021-08-11 07:39:26 +00:00
2021-08-11 Yusuke Suzuki <ysuzuki@apple.com>
WTFCrash in JSC::Lexer<char16_t>::append8
https://bugs.webkit.org/show_bug.cgi?id=228982
Reviewed by Mark Lam.
* stress/directive-includes-non-latin1.js: Added.
2021-08-10 06:56:17 +00:00
2021-08-09 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] super-Latin1 white space and line terminator after regular expression literal misinterpreted as flags
https://bugs.webkit.org/show_bug.cgi?id=227944
Reviewed by Alexey Shvayka.
* test262/expectations.yaml:
2021-08-08 20:43:12 +00:00
2021-08-08 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Clean up test262 expectations
https://bugs.webkit.org/show_bug.cgi?id=228903
Reviewed by Ross Kirsling.
* test262/config.yaml:
* test262/expectations.yaml:
for-in should only emit one loop in bytecode
https://bugs.webkit.org/show_bug.cgi?id=227989
Reviewed by Yusuke Suzuki.
JSTests:
* microbenchmarks/for-in-double-array-with-own-named.js: Added.
(test):
* microbenchmarks/for-in-double-array.js: Added.
(test):
* microbenchmarks/for-in-getters.js: Added.
(test):
* microbenchmarks/for-in-int32-array-with-own-named.js: Added.
(test):
* microbenchmarks/for-in-int32-array.js: Added.
(test):
* microbenchmarks/for-in-int32-object-with-own-named-and-getters.js: Added.
(test):
* microbenchmarks/for-in-int32-object-with-own-named.js: Added.
(test):
* microbenchmarks/for-in-object-with-own-named.js: Added.
(sum):
(opaqueSet):
* microbenchmarks/for-in-string-array.js: Added.
(test):
* microbenchmarks/for-of-iterate-array-map-set.js: Added.
(sum):
(let.generator):
* stress/for-in-array-mode.js:
(test):
* stress/for-in-base-reassigned-later.js:
* stress/for-in-delete-during-iteration.js:
* stress/for-in-primitive-index-on-prototype.js: Added.
(test):
* stress/for-in-tests.js:
* stress/has-own-property-structure-for-in-loop-correctness.js:
(test5):
Source/JavaScriptCore:
This patch redesigns how we implement for-in loops. Before this patch we would emit three copies of the for-in loop body. One for the indexed properties, one for the named-own properties, and one for generic properties (anything else). This had a couple of problems. Firstly, it meant bytecode size grew exponentially to number of nested for-in loops. This in turn meant DFG/FTL compilation took much longer.
Going off our experience with fast for-of, this patch turns for-in loops specializations into
a "fused" opcode that internally switches on the enumeration mode it currently sees. For example, if we are enumerating an own-named property, the new enumerator_get_by_val bytecode will check the enumerator cell's cached structure matches the base's then load the property offset directly.
There are four new opcodes this patch adds, which replace the various operations we had for the specialized loops previously. The new opcodes are EnumeratorGetByVal, EnumeratorInByVal, EnumeratorHasOwnProperty, and EnumeratorNext. The first three correspond to GetByVal, InByVal, and HasOwnProperty respectively. The EnumeratorNext opcode has three results in bytecode, the next enumeration value's mode, the index of the property name, and the property name string itself. When enumeration is done EnumeratorNext returns JS null as the property name string. Since the DFG doesn't support tuples yet this opcode is spilt into four new nodes. The first computes the updated index and mode for the next enumeration key, which is encoded into a single JS number. Then there are two nodes that extract the mode and index. Finally, the last new node produces the property name string or null based on the extracted mode and index.
Since, in most benchmarks, any given enumeration opcode tends to profile exactly one enumeration mode. This patch focuses primarily on reimplementing all the optimizations we have for any one specific mode. This means there are still potential optimizations for the multi-mode flavors of each new opcode.
The main optimizations implemented for each new opcode are:
EnumeratorNext:
1) IndexedMode loops are loaded and checked for presence inline (DFG/FTL).
2) NamedMode is computed inline as long as the cached structure on the enumerator cell matches the base (Baseline+). This can only differ if there's a transition.
3) property names are extracted from the cached buffer inline (Baseline+).
EnumeratorGetByVal:
EnumeratorInByVal:
EnumeratorHasOwnProperty:
1) IndexedMode has all the optimizations of a normal XByVal on indexed properties (DFG/FTL).
2) NamedMode will extract the value directly from the inline/out-of-line offset if the structure matches the enumerator's (Baseline+).
There are also a few interesting changes worth mentioning here:
1) If a for-in loop would produce an empty enumerator we now always
return the VMs empty enumerator. This has two benefits, most importantly, it distingishes between an unprofiled for-in loop and empty enumeration, which prevents OSR exit loops. Also, it means that the various Enumerator opcodes no longer need to handle undefined/null when `toObject`ing the base value.
2) The enumerator now contains a bit set of all the modes it will produce. This removes a few extra branches when speculating on the modes we will see in EnumeratorNext.
3) In the DFG, enumerator GetByVal relies on compileGetByVal to set the result it also passes a prefix callback which emits code after the various cases set up their operands but before code is emitting to help satisfy the branch over register allocation validation. Also, the array mode branch in compileGetByVal passes the data format that it would prefer, which for normal GetByVal is returned. For EnumeratorGetByVal, that preference is completely ignored and it always returns DataFormatJS.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::or8):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::or8):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::rshift64):
(JSC::MacroAssemblerX86_64::or8): Deleted.
* builtins/BuiltinNames.h:
* bytecode/BytecodeList.rb:
* bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/LinkTimeConstant.h:
* bytecode/Opcode.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::recordHasOwnPropertyInForInLoop):
(JSC::BytecodeGenerator::emitInByVal):
(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::emitEnumeratorNext):
(JSC::BytecodeGenerator::emitEnumeratorHasOwnProperty):
(JSC::BytecodeGenerator::pushForInScope):
(JSC::BytecodeGenerator::popForInScope):
(JSC::rewriteOp):
(JSC::ForInContext::finalize):
(JSC::BytecodeGenerator::findForInContext):
(JSC::BytecodeGenerator::recordHasOwnStructurePropertyInForInLoop): Deleted.
(JSC::BytecodeGenerator::emitGetEnumerableLength): Deleted.
(JSC::BytecodeGenerator::emitHasEnumerableIndexedProperty): Deleted.
(JSC::BytecodeGenerator::emitHasEnumerableStructureProperty): Deleted.
(JSC::BytecodeGenerator::emitHasEnumerableProperty): Deleted.
(JSC::BytecodeGenerator::emitHasOwnStructureProperty): Deleted.
(JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName): Deleted.
(JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName): Deleted.
(JSC::BytecodeGenerator::emitToIndexString): Deleted.
(JSC::BytecodeGenerator::pushIndexedForInScope): Deleted.
(JSC::BytecodeGenerator::popIndexedForInScope): Deleted.
(JSC::BytecodeGenerator::pushStructureForInScope): Deleted.
(JSC::BytecodeGenerator::popStructureForInScope): Deleted.
(JSC::StructureForInContext::finalize): Deleted.
(JSC::IndexedForInContext::finalize): Deleted.
(JSC::BytecodeGenerator::findStructureForInContext): Deleted.
* bytecompiler/BytecodeGenerator.h:
(JSC::ForInContext::isValid const):
(JSC::ForInContext::invalidate):
(JSC::ForInContext::local const):
(JSC::ForInContext::propertyName const):
(JSC::ForInContext::propertyOffset const):
(JSC::ForInContext::enumerator const):
(JSC::ForInContext::mode const):
(JSC::ForInContext::ForInContext):
(JSC::ForInContext::bodyBytecodeStartOffset const):
(JSC::ForInContext::type const): Deleted.
(JSC::ForInContext::isIndexedForInContext const): Deleted.
(JSC::ForInContext::isStructureForInContext const): Deleted.
(JSC::ForInContext::asIndexedForInContext): Deleted.
(JSC::ForInContext::asStructureForInContext): Deleted.
(JSC::StructureForInContext::StructureForInContext): Deleted.
(JSC::StructureForInContext::index const): Deleted.
(JSC::StructureForInContext::property const): Deleted.
(JSC::StructureForInContext::enumerator const): Deleted.
(JSC::StructureForInContext::baseVariable const): Deleted.
(JSC::StructureForInContext::addGetInst): Deleted.
(JSC::StructureForInContext::addInInst): Deleted.
(JSC::StructureForInContext::addHasOwnPropertyJump): Deleted.
(JSC::IndexedForInContext::IndexedForInContext): Deleted.
(JSC::IndexedForInContext::index const): Deleted.
(JSC::IndexedForInContext::addGetInst): Deleted.
* bytecompiler/NodesCodegen.cpp:
(JSC::HasOwnPropertyFunctionCallDotNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::isSaneChain const):
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::injectOSR):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::setJSArraySaneChainIfPossible):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGIntegerRangeOptimizationPhase.cpp:
* dfg/DFGMayExit.cpp:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasStorageChild const):
(JSC::DFG::Node::storageChildIndex):
(JSC::DFG::Node::hasArrayMode):
(JSC::DFG::Node::hasEnumeratorMetadata const):
(JSC::DFG::Node::enumeratorMetadata):
* dfg/DFGNodeType.h:
* dfg/DFGOpInfo.h:
(JSC::DFG::OpInfo::OpInfo):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSSALoweringPhase.cpp:
(JSC::DFG::SSALoweringPhase::handleNode):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::JSValueRegsTemporary::JSValueRegsTemporary):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::setIntTypedArrayLoadResult):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValForObjectWithString):
(JSC::DFG::SpeculativeJIT::compileGetByValForObjectWithSymbol):
(JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
(JSC::DFG::SpeculativeJIT::compileGetByValOnScopedArguments):
(JSC::DFG::SpeculativeJIT::compileEnumeratorNextUpdateIndexAndMode):
(JSC::DFG::SpeculativeJIT::compileEnumeratorNextExtractIndex):
(JSC::DFG::SpeculativeJIT::compileEnumeratorNextExtractMode):
(JSC::DFG::SpeculativeJIT::compileEnumeratorNextUpdatePropertyName):
(JSC::DFG::SpeculativeJIT::compileEnumeratorGetByVal):
(JSC::DFG::SpeculativeJIT::compileEnumeratorHasProperty):
(JSC::DFG::SpeculativeJIT::compileEnumeratorInByVal):
(JSC::DFG::SpeculativeJIT::compileEnumeratorHasOwnProperty):
(JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
(JSC::DFG::SpeculativeJIT::compileGetEnumerableLength): Deleted.
(JSC::DFG::SpeculativeJIT::compileHasEnumerableProperty): Deleted.
(JSC::DFG::SpeculativeJIT::compileToIndexString): Deleted.
(JSC::DFG::SpeculativeJIT::compileHasEnumerableStructureProperty): Deleted.
(JSC::DFG::SpeculativeJIT::compileHasOwnStructurePropertyImpl): Deleted.
(JSC::DFG::SpeculativeJIT::compileHasOwnStructureProperty): Deleted.
(JSC::DFG::SpeculativeJIT::compileInStructureProperty): Deleted.
(JSC::DFG::SpeculativeJIT::compileGetEnumeratorPname): Deleted.
(JSC::DFG::SpeculativeJIT::compileGetDirectPname): Deleted.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::allocate):
(JSC::DFG::JSValueOperand::regs):
(JSC::DFG::JSValueOperand::gpr):
(JSC::DFG::StorageOperand::StorageOperand):
(JSC::DFG::StorageOperand::~StorageOperand):
(JSC::DFG::StorageOperand::emplace):
(JSC::DFG::JSValueRegsTemporary::operator bool):
(JSC::DFG::JSValueRegsTemporary::JSValueRegsTemporary):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAtImpl):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOutput.h:
(JSC::FTL::Output::phi):
* generator/DSL.rb:
* interpreter/Register.h:
* interpreter/RegisterInlines.h:
(JSC::Register::operator=):
* jit/AssemblyHelpers.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileHasIndexedProperty):
(JSC::JIT::emit_op_has_structure_propertyImpl): Deleted.
(JSC::JIT::emit_op_has_enumerable_structure_property): Deleted.
(JSC::JIT::emit_op_has_own_structure_property): Deleted.
(JSC::JIT::emit_op_in_structure_property): Deleted.
(JSC::JIT::emit_op_has_enumerable_indexed_property): Deleted.
(JSC::JIT::emitSlow_op_has_enumerable_indexed_property): Deleted.
(JSC::JIT::emit_op_get_direct_pname): Deleted.
(JSC::JIT::emit_op_enumerator_structure_pname): Deleted.
(JSC::JIT::emit_op_enumerator_generic_pname): Deleted.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileHasIndexedProperty):
(JSC::JIT::emit_op_has_structure_propertyImpl): Deleted.
(JSC::JIT::emit_op_has_enumerable_structure_property): Deleted.
(JSC::JIT::emit_op_has_own_structure_property): Deleted.
(JSC::JIT::emit_op_in_structure_property): Deleted.
(JSC::JIT::emit_op_has_enumerable_indexed_property): Deleted.
(JSC::JIT::emitSlow_op_has_enumerable_indexed_property): Deleted.
(JSC::JIT::emit_op_get_direct_pname): Deleted.
(JSC::JIT::emit_op_enumerator_structure_pname): Deleted.
(JSC::JIT::emit_op_enumerator_generic_pname): Deleted.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::generateGetByValSlowCase):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emitSlow_op_enumerator_get_by_val):
(JSC::JIT::emit_enumerator_has_propertyImpl):
(JSC::JIT::emit_op_enumerator_in_by_val):
(JSC::JIT::emit_op_enumerator_has_own_property):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emitSlow_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_in_by_val):
(JSC::JIT::emit_op_enumerator_has_own_property):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
* runtime/CommonSlowPaths.h:
* runtime/FileBasedFuzzerAgent.cpp:
(JSC::FileBasedFuzzerAgent::getPredictionInternal):
* runtime/FileBasedFuzzerAgentBase.cpp:
(JSC::FileBasedFuzzerAgentBase::opcodeAliasForLookupKey):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator):
(JSC::JSPropertyNameEnumerator::computeNext):
* runtime/JSPropertyNameEnumerator.h:
(JSC::propertyNameEnumerator):
* runtime/PredictionFileCreatingFuzzerAgent.cpp:
(JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal):
Canonical link: https://commits.webkit.org/240345@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280760 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-08-07 21:38:59 +00:00
2021-08-07 Keith Miller <keith_miller@apple.com>
for-in should only emit one loop in bytecode
https://bugs.webkit.org/show_bug.cgi?id=227989
Reviewed by Yusuke Suzuki.
* microbenchmarks/for-in-double-array-with-own-named.js: Added.
(test):
* microbenchmarks/for-in-double-array.js: Added.
(test):
* microbenchmarks/for-in-getters.js: Added.
(test):
* microbenchmarks/for-in-int32-array-with-own-named.js: Added.
(test):
* microbenchmarks/for-in-int32-array.js: Added.
(test):
* microbenchmarks/for-in-int32-object-with-own-named-and-getters.js: Added.
(test):
* microbenchmarks/for-in-int32-object-with-own-named.js: Added.
(test):
* microbenchmarks/for-in-object-with-own-named.js: Added.
(sum):
(opaqueSet):
* microbenchmarks/for-in-string-array.js: Added.
(test):
* microbenchmarks/for-of-iterate-array-map-set.js: Added.
(sum):
(let.generator):
* stress/for-in-array-mode.js:
(test):
* stress/for-in-base-reassigned-later.js:
* stress/for-in-delete-during-iteration.js:
* stress/for-in-primitive-index-on-prototype.js: Added.
(test):
* stress/for-in-tests.js:
* stress/has-own-property-structure-for-in-loop-correctness.js:
(test5):
2021-08-06 01:59:40 +00:00
2021-08-05 Mikhail R. Gadelha <mikhail@igalia.com>
Assertion failure when checking array in DFG (32 bits)
https://bugs.webkit.org/show_bug.cgi?id=228839
Reviewed by Yusuke Suzuki.
* stress/check-array-empty-32.js: Added.
(a.b.catch.print.c):
(a.b):
(a.e):
(a):
2021-08-02 23:43:16 +00:00
2021-08-02 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Yarr BoyerMoore search should support character-class
https://bugs.webkit.org/show_bug.cgi?id=228613
Reviewed by Saam Barati.
* stress/regexp-bm-search-character-non-fixed-size.js: Added.
(shouldBe):
* stress/regexp-bm-search-many-candidate-zero-length.js: Added.
(shouldBe):
(regexp.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.0.1.2.3.4.5.6.7.8.9.t.v.n.r):
* stress/regexp-bm-search-non-fixed-size.js: Added.
(shouldBe):
2021-08-02 18:41:17 +00:00
2021-08-02 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Update test262
https://bugs.webkit.org/show_bug.cgi?id=228709
Reviewed by Mark Lam.
* test262/latest-changes-summary.txt:
* test262/test/built-ins/Error/prototype/constructor/S15.11.4.1_A1_T1.js: Removed.
* test262/test/built-ins/Error/prototype/message/15.11.4.3-1.js: Removed.
* test262/test/built-ins/Error/prototype/message/S15.11.4.3_A1.js: Removed.
* test262/test/built-ins/Error/prototype/message/S15.11.4.3_A2.js: Removed.
* test262/test/built-ins/Error/prototype/name/15.11.4.2-1.js: Removed.
* test262/test/built-ins/Error/prototype/name/S15.11.4.2_A1.js: Removed.
* test262/test/built-ins/Error/prototype/name/S15.11.4.2_A2.js: Removed.
* test262/test/built-ins/Error/prototype/toString/S15.11.4.4_A1.js: Removed.
* test262/test/built-ins/TypedArray/prototype/findLast/return-abrupt-from-this-out-of-bounds.js:
* test262/test/built-ins/TypedArray/prototype/findLastIndex/return-abrupt-from-this-out-of-bounds.js:
* test262/test/harness/sta-error.js: Removed.
* test262/test/harness/sta-override-error.js: Removed.
* test262/test262-Revision.txt:
2021-07-31 09:43:51 +00:00
2021-07-29 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Upgrade test262
https://bugs.webkit.org/show_bug.cgi?id=228627
Reviewed by Ross Kirsling.
2021-07-31 01:40:05 +00:00
2021-07-30 Robin Morisset <rmorisset@apple.com>
Improve OSR entry into Wasm loops with arguments
https://bugs.webkit.org/show_bug.cgi?id=228595
Reviewed by Yusuke Suzuki.
Just a straightforward test that counts to 1M in a loop, to exercise both OSR entry and a loop with an argument at the same time.
100k iterations was not enough to reliably complete an OSR entry.
* wasm/stress/osr-entry-with-loop-arguments.js: Added.
(async test):
2021-07-31 01:33:44 +00:00
2021-07-30 Tadeu Zagallo <tzagallo@apple.com>
putInlineFastReplacingStaticPropertyIfNeeded should handle custom values
https://bugs.webkit.org/show_bug.cgi?id=227963
Reviewed by Alexey Shvayka.
* stress/reflect-set-custom-value.js:
2021-07-30 02:00:36 +00:00
2021-07-29 Tadeu Zagallo <tzagallo@apple.com>
definePropertyOnReceiver should check if receiver canPerformFastPutInline
https://bugs.webkit.org/show_bug.cgi?id=227963
<rdar://80259710>
Reviewed by Alexey Shvayka.
* stress/reflect-set-custom-value.js: Added.
2021-07-30 01:36:31 +00:00
2021-07-29 Yusuke Suzuki <ysuzuki@apple.com> and Alexey Shvayka <shvaikalesh@gmail.com>
[JSC] Legacy RegExp fields should be accessors
https://bugs.webkit.org/show_bug.cgi?id=220233
Reviewed by Tadeu Zagallo.
* ChakraCore/test/Lib/forin_lib_v3.baseline-jsc:
* microbenchmarks/assign-custom-setter-polymorphic.js:
* microbenchmarks/assign-custom-setter.js:
* microbenchmarks/custom-setter-getter-as-put-get-by-id.js:
* microbenchmarks/custom-value-2.js:
* microbenchmarks/custom-value.js:
* microbenchmarks/get-custom-getter.js:
* stress/custom-value-delete-property-1.js:
* stress/custom-value-delete-property-2.js:
* stress/custom-value-delete-property-3.js:
* stress/object-assign-fast-path.js:
* stress/reflect-set.js:
* stress/regexp-constructor-dollar-getters-are-unique.js: Added.
* stress/regexp-setter-realm.js: Added.
* stress/static-put-in-prototype-chain.js: Added.
* test262/config.yaml:
* test262/expectations.yaml:
[JSC] Yarr should perform BoyerMoore search
https://bugs.webkit.org/show_bug.cgi?id=228301
Reviewed by Saam Barati.
JSTests:
* microbenchmarks/jquery-todomvc-regexp.js:
* stress/regexp--bm-search-long-character.js: Added.
(shouldBe):
* stress/regexp--bm-search-long-map.js: Added.
(shouldBe):
* stress/regexp-bitvector-reuse.js: Added.
(shouldBe):
* stress/regexp-non-ascii-bm-search-character.js: Added.
(shouldBe):
* stress/regexp-non-ascii-bm-search-map.js: Added.
(shouldBe):
Source/JavaScriptCore:
This patch emits skipping fast-path at the beginning of body alternatives with a large stride. So we can quickly discard unrelated characters
and attempt to find possibly related sequence in the long sequence. The method is derived from V8's implementation (with some extensions).
If we have a searching pattern /abcdef/, then we can check the 6th character against a set of {a, b, c, d, e, f}.
If it does not match, we can shift 6 characters. We use this strategy since this way can be extended easily to support
disjunction, character-class, and ignore-cases. For example, in the case of /(?:abc|def)/, we can check 3rd character
against {a, b, c, d, e, f} and shift 3 characters if it does not match.
Then, the best way to perform the above shifting is that finding the longest character sequence which does not have
many candidates. In the case of /[a-z]aaaaaaa[a-z]/, we can extract "aaaaaaa" sequence and check 8th character against {a}.
If it does not match, then we can shift 7 characters (length of "aaaaaaa"). This shifting is better than using "[a-z]aaaaaaa[a-z]"
sequence and {a-z} set since {a-z} set will almost always match.
We first collect possible characters for each character position. Then, apply heuristics to extract good character sequence from
that and construct fast searching with long stride.
Microbenchmark which performs RegExp ops in Speedometer2/jQuery-TodoMVC shows 25% improvement.
ToT Patched
jquery-todomvc-regexp 723.9739+-1.3997 ^ 579.1698+-1.2505 ^ definitely 1.2500x faster
This improves Speedometer2/jQuery-TodoMVC by 3%.
----------------------------------------------------------------------------------------------------------------------------------
| subtest | ms | ms | b / a | pValue (significance using False Discovery Rate) |
----------------------------------------------------------------------------------------------------------------------------------
| Elm-TodoMVC |123.365625 |123.456250 |1.000735 | 0.804077 |
| VueJS-TodoMVC |26.912500 |26.925000 |1.000464 | 0.969603 |
| EmberJS-TodoMVC |127.540625 |127.562500 |1.000172 | 0.960474 |
| BackboneJS-TodoMVC |50.606250 |50.518750 |0.998271 | 0.670313 |
| Preact-TodoMVC |21.018750 |20.850000 |0.991971 | 0.563818 |
| AngularJS-TodoMVC |136.943750 |137.271875 |1.002396 | 0.531513 |
| Vanilla-ES2015-TodoMVC |68.521875 |68.593750 |1.001049 | 0.701376 |
| Inferno-TodoMVC |65.559375 |65.803125 |1.003718 | 0.414418 |
| Flight-TodoMVC |77.284375 |76.715625 |0.992641 | 0.219870 |
| Angular2-TypeScript-TodoMVC |40.725000 |40.318750 |0.990025 | 0.281212 |
| VanillaJS-TodoMVC |55.209375 |54.715625 |0.991057 | 0.056921 |
| jQuery-TodoMVC |266.396875 |258.471875 |0.970251 | 0.000000 (significant) |
| EmberJS-Debug-TodoMVC |341.550000 |341.856250 |1.000897 | 0.618140 |
| React-TodoMVC |88.731250 |88.871875 |1.001585 | 0.512407 |
| React-Redux-TodoMVC |150.340625 |150.065625 |0.998171 | 0.412940 |
| Vanilla-ES2015-Babel-Webpack-TodoMVC |65.390625 |65.362500 |0.999570 | 0.834760 |
----------------------------------------------------------------------------------------------------------------------------------
a mean = 245.96997
b mean = 246.86366
pValue = 0.0061448402
(Bigger means are better.)
1.004 times better
Results ARE significant
* runtime/OptionsList.h:
* yarr/YarrJIT.cpp:
(JSC::Yarr::BoyerMooreInfo::BoyerMooreInfo):
(JSC::Yarr::BoyerMooreInfo::length const):
(JSC::Yarr::BoyerMooreInfo::set):
(JSC::Yarr::BoyerMooreInfo::index const):
(JSC::Yarr::BoyerMooreInfo::setIndex):
(JSC::Yarr::BoyerMooreInfo::create):
(JSC::Yarr::BoyerMooreInfo::findBestCharacterSequence const):
(JSC::Yarr::BoyerMooreInfo::findWorthwhileCharacterSequenceForLookahead const):
(JSC::Yarr::BoyerMooreInfo::createCandidateBitmap const):
* yarr/YarrJIT.h:
(JSC::Yarr::BoyerMooreBitmap::count const):
(JSC::Yarr::BoyerMooreBitmap::map const):
(JSC::Yarr::BoyerMooreBitmap::isMaskEffective const):
(JSC::Yarr::BoyerMooreBitmap::add):
(JSC::Yarr::BoyerMooreByteVector::BoyerMooreByteVector):
(JSC::Yarr::YarrCodeBlock::set8BitCode):
(JSC::Yarr::YarrCodeBlock::set16BitCode):
(JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
(JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
(JSC::Yarr::YarrCodeBlock::clear):
(JSC::Yarr::YarrCodeBlock::findSameVector const):
Source/WTF:
* wtf/BitVector.cpp:
(WTF::BitVector::dump const):
* wtf/Bitmap.h:
(WTF::WordType>::dump const):
* wtf/UniqueRef.h:
(WTF::makeUniqueRefFromNonNullUniquePtr):
(WTF::UniqueRef::UniqueRef):
Canonical link: https://commits.webkit.org/240087@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280452 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-07-29 22:26:13 +00:00
2021-07-28 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Yarr should perform BoyerMoore search
https://bugs.webkit.org/show_bug.cgi?id=228301
Reviewed by Saam Barati.
* microbenchmarks/jquery-todomvc-regexp.js:
* stress/regexp--bm-search-long-character.js: Added.
(shouldBe):
* stress/regexp--bm-search-long-map.js: Added.
(shouldBe):
* stress/regexp-bitvector-reuse.js: Added.
(shouldBe):
* stress/regexp-non-ascii-bm-search-character.js: Added.
(shouldBe):
* stress/regexp-non-ascii-bm-search-map.js: Added.
(shouldBe):
Partly implement Function.prototype.{caller,arguments} reflection proposal
https://bugs.webkit.org/show_bug.cgi?id=158116
Reviewed by Yusuke Suzuki.
JSTests:
* ChakraCore/test/strict/19.function.baseline:
* ChakraCore/test/strict/22.callerCalleeArguments.baseline-jsc:
* microbenchmarks/function-prototype-get.js: Added.
* microbenchmarks/reflect-own-keys-function.js: Added.
* stress/for-in-shadow-non-enumerable.js:
* stress/function-hidden-as-caller.js:
* stress/has-own-property-arguments.js:
* stress/object-assign-fast-path.js:
* stress/put-to-proto-chain-overrides-put.js:
* stress/reflect-set.js:
* test262/config.yaml: Skip 3 test cases that are now incorrect.
* test262/expectations.yaml: Mark 2 test cases as passing.
Source/JavaScriptCore:
To ensure web-compatibility, only the safe subset of Function.prototype.{caller,arguments}
reflection proposal [1] is implemented, which is currently shipped in SpiderMonkey.
Complete list of differences from the proposed spec:
1. Cross-realm receiver function is allowed instead of throwing a TypeError.
Throwing is likely safe to ship, but #225997 needs to be fixed first for
custom properties to receive correct global object.
2. Cross-realm caller function is returned instead of `null`.
Hiding cross-realm caller may break things: we currently have a test for
the opposite behavior.
3. Defines "caller" and "arguments" setters that throw for disallowed receivers,
instead failing silently in sloppy mode.
This is actually more restrictive than the spec, which is preferable,
and aligns with V8 and SM.
Most importantly, this patch removes own "caller" and "arguments" properties from
sloppy mode ES5 functions. They were non-configurable, making it harder to use
their holder as a [[ProxyTarget]]. They were also non-writable, with a constantly
changing [[Value]], which violated the invariants of internal methods [2].
As a result, JSFunction methods are greatly simplified, especially defineOwnProperty()
and getOwnSpecialPropertyNames(). The latter is now 2.1x faster according to the
provided microbenchmark. Also, removes double "prototype" lookup from [[Get]],
which is a 10% progression.
[1]: https://github.com/claudepache/es-legacy-function-reflection
[2]: https://tc39.es/ecma262/#sec-invariants-of-the-essential-internal-methods
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::materializeSpecials):
* runtime/FunctionExecutable.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
(JSC::isAllowedReceiverFunctionForCallerAndArguments):
(JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
(JSC::RetrieveArgumentsFunctor::result const):
(JSC::RetrieveArgumentsFunctor::operator() const):
(JSC::retrieveArguments):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::RetrieveCallerFunctionFunctor::result const):
(JSC::RetrieveCallerFunctionFunctor::operator() const):
(JSC::retrieveCallerFunction):
(JSC::JSC_DEFINE_CUSTOM_SETTER):
(JSC::FunctionPrototype::initRestrictedProperties): Deleted.
* runtime/FunctionPrototype.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getOwnSpecialPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::deleteProperty):
(JSC::JSFunction::defineOwnProperty):
(JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor): Deleted.
(JSC::RetrieveArgumentsFunctor::result const): Deleted.
(JSC::RetrieveArgumentsFunctor::operator() const): Deleted.
(JSC::retrieveArguments): Deleted.
(JSC::JSC_DEFINE_CUSTOM_GETTER): Deleted.
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor): Deleted.
(JSC::RetrieveCallerFunctionFunctor::result const): Deleted.
(JSC::RetrieveCallerFunctionFunctor::operator() const): Deleted.
(JSC::retrieveCallerFunction): Deleted.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* runtime/JSGlobalObject.h:
Remove unused m_throwTypeErrorGetterSetter and make [[ThrowTypeError]] lazily-created.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSGlobalObjectFunctions.h:
* runtime/JSObject.cpp:
(JSC::JSObject::putDirectCustomGetterSetterWithoutTransition):
* runtime/JSObject.h:
LayoutTests:
* inspector/model/remote-object-get-properties-expected.txt:
* inspector/runtime/getDisplayableProperties-expected.txt:
* inspector/runtime/getProperties-expected.txt:
* js/Object-getOwnPropertyNames-expected.txt:
* js/basic-strict-mode-expected.txt:
* js/kde/function_arguments-expected.txt:
* js/kde/script-tests/function_arguments.js:
* js/non-strict-function-properties-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:
* js/script-tests/basic-strict-mode.js:
* js/script-tests/non-strict-function-properties.js:
* js/script-tests/throw-type-error-is-unique.js:
Canonical link: https://commits.webkit.org/239947@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280289 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-07-25 22:32:20 +00:00
2021-07-25 Alexey Shvayka <shvaikalesh@gmail.com>
Partly implement Function.prototype.{caller,arguments} reflection proposal
https://bugs.webkit.org/show_bug.cgi?id=158116
Reviewed by Yusuke Suzuki.
* ChakraCore/test/strict/19.function.baseline:
* ChakraCore/test/strict/22.callerCalleeArguments.baseline-jsc:
* microbenchmarks/function-prototype-get.js: Added.
* microbenchmarks/reflect-own-keys-function.js: Added.
* stress/for-in-shadow-non-enumerable.js:
* stress/function-hidden-as-caller.js:
* stress/has-own-property-arguments.js:
* stress/object-assign-fast-path.js:
* stress/put-to-proto-chain-overrides-put.js:
* stress/reflect-set.js:
* test262/config.yaml: Skip 3 test cases that are now incorrect.
* test262/expectations.yaml: Mark 2 test cases as passing.
2021-07-24 03:40:46 +00:00
2021-07-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Add Speedometer2 jQuery-TodoMVC RegExp microbenchmark
https://bugs.webkit.org/show_bug.cgi?id=228257
Reviewed by Mark Lam.
I instrumented JSC and extracted executed RegExp evaluations from Speedometer2/jQuery-TodoMVC
to easily test RegExp performance.
* microbenchmarks/jquery-todomvc-regexp.js: Added.
(x00.test):
[JSC] Call custom accessors / values with their holder's global object
https://bugs.webkit.org/show_bug.cgi?id=225997
Reviewed by Yusuke Suzuki.
JSTests:
* stress/custom-get-set-proto-chain-put.js:
* stress/getter-setter-globalobject-in-ic-2.js: Added.
LayoutTests/imported/w3c:
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value-cross-realm-expected.txt: Added.
* web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value-cross-realm.html: Added.
* web-platform-tests/WebIDL/ecmascript-binding/invalid-this-value-cross-realm-expected.txt: Added.
* web-platform-tests/WebIDL/ecmascript-binding/invalid-this-value-cross-realm.html: Added.
* web-platform-tests/WebIDL/ecmascript-binding/support/create-realm.js: Added.
* web-platform-tests/WebIDL/ecmascript-binding/support/dummy-iframe.html: Added.
* web-platform-tests/html/browsers/origin/cross-origin-objects/window-location-and-location-href-cross-realm-set-expected.txt: Added.
* web-platform-tests/html/browsers/origin/cross-origin-objects/window-location-and-location-href-cross-realm-set.html: Added.
* web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
* web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-javascript-job-queue/promise-job-incumbent-expected.txt:
* web-platform-tests/service-workers/service-worker/fetch-request-css-cross-origin.https-expected.txt:
* web-platform-tests/webrtc-encoded-transform/sframe-transform-readable.html:
All these are confirmed progressions.
* web-platform-tests/performance-timeline/supportedEntryTypes-cross-realm-access-expected.txt: Added.
* web-platform-tests/performance-timeline/supportedEntryTypes-cross-realm-access.html: Added.
Source/JavaScriptCore:
Just like JS built-ins, getter / setter functions of WebIDL attributes are created in realm
of their holder interface [1][2], which is their _current_ realm for throwing an error [3].
With this patch, custom properties get correct global object instead of lexical, including
when inline cached, aligning them with functions and regular accessors.
The latter allowed switching JS built-ins to CustomAccessor (e.g. Symbol#description),
which is slightly more efficient to call from C++, doesn't need reification on first access,
and has nicer signature.
Also, renames WASM accessors to drop "func" and removes unused function length parameter.
[1]: https://heycam.github.io/webidl/#dfn-attribute-getter (step 2)
[2]: https://heycam.github.io/webidl/#dfn-attribute-setter (step 5)
[3]: https://heycam.github.io/webidl/#ecmascript-throw
* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* create_hash_table:
* interpreter/CallFrame.cpp:
(JSC::CallFrame::globalObjectOfClosestCodeBlock):
* interpreter/CallFrame.h:
* runtime/IntlCollatorPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/IntlLocalePrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/JSDataViewPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/JSObject.cpp:
(JSC::JSObject::putInlineSlow):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::customGetter const):
* runtime/PropertySlot.h:
(JSC::PropertySlot::getValue const):
* runtime/SymbolPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* tools/JSDollarVM.cpp:
* wasm/js/WebAssemblyInstancePrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::JSC_DEFINE_HOST_FUNCTION): Deleted.
* wasm/js/WebAssemblyMemoryPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* wasm/js/WebAssemblyTablePrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
Source/WebCore:
This patch fixes cross-realm yet same-origin WebIDL attributes to throw errors in realm of
their accessor, while ensuring that `window.location` and `location.href` setters don't leak
cross-origin Object.prototype via thrown error.
Since Location setters relied on lexical global object to pass outgoing `document.referrer`,
they were updated to use IncumbentWindow as per spec [1]. callerGlobalObject() was reworked
to skip native / built-in callers and rely on VMEntryScope to accomodate top-level <script>
code navigating via Location setter, making the helper more versatile.
globalObjectOfClosestCodeBlock() fixed JSCustomSetterFunction instances and Location's
assign() / replace() methods to pass correct referrer.
Also, this change fixes static attributes like `PerformanceObserver.supportedEntryTypes`
to return wrappers of their realm instead of lexical.
[1] https://html.spec.whatwg.org/multipage/history.html#location-object-navigate (step 2)
Tests: imported/w3c/web-platform-tests/WebIDL/ecmascript-binding/global-object-implicit-this-value-cross-realm.html
imported/w3c/web-platform-tests/WebIDL/ecmascript-binding/invalid-this-value-cross-realm.html
imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/window-location-and-location-href-cross-realm-set.html
imported/w3c/web-platform-tests/performance-timeline/supportedEntryTypes-cross-realm-access.html
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::callerGlobalObject): Deleted.
* bindings/js/JSDOMGlobalObject.h:
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::incumbentDOMWindow):
* bindings/js/JSDOMWindowBase.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::put):
* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::put):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateNamedGetterLambda):
(GenerateCallWithUsingReferences):
(GenerateCallWith):
Ensure IncumbentWindow comes before FirstWindow.
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/TestObj.idl:
Remove attributes that relied on CallFrame since custom getters don't have it.
* page/Location.idl:
Remove [LegacyUnforgeable] from ancestorOrigins because it's set on the interface.
LayoutTests:
* fast/dom/HTMLObjectElement/object-as-frame-expected.txt:
* fast/dom/HTMLObjectElement/object-as-frame.html:
* fast/dom/HTMLObjectElement/resources: Added.
* fast/dom/HTMLObjectElement/resources/dummy-frame-1.html: Added.
* fast/dom/HTMLObjectElement/resources/dummy-frame-2.html: Added.
* fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html:
* fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html:
These tests used to pass as is, probably, due to combination of old (incorrect) behavior and
some implementation details of run-webkit-tests. They fail on MiniBrowser / Chrome / Firefox
unless modified not to use data:// protocol, which is not system under test.
* fast/frames/sandboxed-iframe-navigation-parent-expected.txt:
* fast/frames/sandboxed-iframe-navigation-parent.html:
* http/tests/security/frameNavigation/context-for-location-assign-expected.txt:
Revert the changes made in r174996. Location::assign() now uses correct (incumbent) Window
to set outgoing referrer and perform security checks, aligning WebKit with Chrome / Firefox.
* http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt: Added.
* http/tests/security/frameNavigation/context-for-location-href-gopd.html: Added.
Canonical link: https://commits.webkit.org/239923@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280256 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-07-23 20:13:31 +00:00
2021-07-23 Alexey Shvayka <shvaikalesh@gmail.com>
[JSC] Call custom accessors / values with their holder's global object
https://bugs.webkit.org/show_bug.cgi?id=225997
Reviewed by Yusuke Suzuki.
* stress/custom-get-set-proto-chain-put.js:
* stress/getter-setter-globalobject-in-ic-2.js: Added.
2021-07-23 03:17:51 +00:00
2021-07-22 Saam Barati <sbarati@apple.com>
JSTests/stress/test-out-of-memory shouldn't assume that we always OOM
https://bugs.webkit.org/show_bug.cgi?id=228213
Reviewed by Mark Lam.
* stress/test-out-of-memory.js:
2021-07-23 03:17:00 +00:00
2021-07-22 Yusuke Suzuki <ysuzuki@apple.com>
Reduce iteration of microbenchmarks/memcpy-typed-loop.js
https://bugs.webkit.org/show_bug.cgi?id=228214
Reviewed by Saam Barati.
Observing frequent timeout (e.g. https://ews-build.webkit.org/#/builders/1/builds/44698).
We do not need to have such a large # of iterations.
* microbenchmarks/memcpy-typed-loop.js:
2021-07-22 21:37:02 +00:00
2021-07-22 Saam Barati <sbarati@apple.com>
AirStackSlot's uint16_t byte size is too small
https://bugs.webkit.org/show_bug.cgi?id=228193
<rdar://80888059>
Reviewed by Mark Lam.
* stress/stack-slot-needs-to-use-more-than-uint16.js: Added.
2021-07-20 19:35:56 +00:00
2021-07-20 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] invalidParameterInstanceofSourceAppender should care direct call of Symbol.hasInstance
https://bugs.webkit.org/show_bug.cgi?id=228075
rdar://80762879
Reviewed by Frédéric Wang.
* stress/symbol-hasinstance-error.js: Added.
(shouldThrow):
(let.a):
2021-07-20 00:48:54 +00:00
2021-07-19 Mark Lam <mark.lam@apple.com>
DFG's parseIntResult() should check for negative zero.
https://bugs.webkit.org/show_bug.cgi?id=228068
rdar://80788603
Reviewed by Yusuke Suzuki.
* stress/dfg-parseIntResult-should-check-for-negative-zero.js: Added.
2021-07-19 22:17:56 +00:00
2021-07-19 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] InByStatus / InByVariant should visit CacheableIdentifier
https://bugs.webkit.org/show_bug.cgi?id=228088
rdar://80794604
Reviewed by Mark Lam.
* stress/in-by-variant-should-mark-cacheable-identifier.js: Added.
(foo):
(let.handler.has):
2021-07-17 00:15:32 +00:00
2021-07-16 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Simplify sampling-profiler-regexp.js test
https://bugs.webkit.org/show_bug.cgi?id=228040
Reviewed by Saam Barati.
In this new test case, only thing we care is regexp appears on sampling-profiler regardless of whether the other functions are inlined / tail-called or not.
We change the sampling-profiler/samplingProfiler.js runTest to add a mode which searches specific signature in the call tree.
* stress/sampling-profiler-regexp.js:
(platformSupportsSamplingProfiler):
* stress/sampling-profiler/samplingProfiler.js:
(doesTreeHaveStackTrace):
(runTest):
2021-07-16 23:40:00 +00:00
2021-07-16 Saam Barati <sbarati@apple.com>
Grab the lock in FTL::Thunks::keyForSlowPathCallThunk
https://bugs.webkit.org/show_bug.cgi?id=227988
<rdar://problem/80627901>
Reviewed by Mark Lam.
* stress/thunks-hash-map-should-grab-lock.js: Added.
2021-07-16 21:01:16 +00:00
2021-07-16 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] RegExp::dumpToStream must not ref Strings since it is called concurrently
https://bugs.webkit.org/show_bug.cgi?id=228031
rdar://80686425
Reviewed by Mark Lam.
* stress/regexp-dump-concurrently.js: Added.
(let.code):
2021-07-16 04:10:49 +00:00
2021-07-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] SamplingProfiler should recognize RegExp execution
https://bugs.webkit.org/show_bug.cgi?id=201702
Reviewed by Saam Barati.
* stress/sampling-profiler-regexp.js: Added.
(platformSupportsSamplingProfiler.getText):
(platformSupportsSamplingProfiler.test):
(platformSupportsSamplingProfiler.baz):
(platformSupportsSamplingProfiler):
* stress/sampling-profiler/samplingProfiler.js: Extend samplingProfiler to show better error information when VERBOSE = true.
(doesTreeHaveStackTrace):
2021-07-15 20:44:57 +00:00
2021-07-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Harden defaultTimeZone retrieval
https://bugs.webkit.org/show_bug.cgi?id=227996
Reviewed by Mark Lam.
* complex.yaml:
* complex/intl-timezone-check.js: Added.
(shouldBe):
2021-07-15 20:42:53 +00:00
2021-07-15 Mark Lam <mark.lam@apple.com>
JITWorklist::waitUntilAllPlansForVMAreReady() should also be notified when plans are cancelled.
https://bugs.webkit.org/show_bug.cgi?id=228003
rdar://78314543
Reviewed by Yusuke Suzuki.
* stress/waitUntilAllPlansForVMAreReady-should-be-notified-of-cancelled-plans-too.js: Added.
2021-07-15 03:11:53 +00:00
2021-07-14 Devin Rousso <drousso@apple.com>
Implement Array.prototype.findLast and Array.prototype.findLastIndex
https://bugs.webkit.org/show_bug.cgi?id=227939
Reviewed by Yusuke Suzuki.
* stress/typedarray-findLast.js: Added.
(keepEven):
(keepEvenAndChange):
(isBigEnoughAndException):
* stress/typedarray-findLastIndex.js: Added.
(keepEven):
(keepEvenAndChange):
(isBigEnoughAndException):
2021-07-14 22:04:39 +00:00
2021-07-14 Keith Miller <keith_miller@apple.com>
Unreviewed, test gardening.
* stress/bit-op-with-object-returning-int32.js:
* stress/bitwise-not-fixup-rules.js:
(jscOptions):
2021-07-14 19:15:56 +00:00
2021-07-14 Mark Lam <mark.lam@apple.com>
Check for out of memory in JSC::globalFuncEscape() and JSC::globalFuncUnescape().
https://bugs.webkit.org/show_bug.cgi?id=227962
rdar://78392251
Reviewed by Yusuke Suzuki.
* stress/out-of-memory-in-globalFuncUnescape.js: Added.
2021-07-14 17:25:44 +00:00
2021-07-14 Mark Lam <mark.lam@apple.com>
Placate exception checker validation in operationObjectAssignUntyped.
https://bugs.webkit.org/show_bug.cgi?id=227955
rdar://80503746
Reviewed by Michael Saboff.
* stress/exception-check-in-operationObjectAssignUntyped.js: Added.
2021-07-14 15:00:39 +00:00
2021-07-14 Keith Miller <keith_miller@apple.com>
Fix more tests around fuzzing executable allocations
https://bugs.webkit.org/show_bug.cgi?id=226663
Reviewed by Mark Lam.
* stress/bit-op-with-object-returning-int32.js:
(numberOfDFGCompiles): Deleted.
* stress/bitwise-not-fixup-rules.js:
(jscOptions):
(numberOfDFGCompiles): Deleted.
2021-07-12 19:05:55 +00:00
2021-07-12 Saam Barati <sbarati@apple.com>
Run some tests for fewer iterations to prevent test timeouts
https://bugs.webkit.org/show_bug.cgi?id=227879
Reviewed by Mark Lam.
* microbenchmarks/get-by-val-negative-array-index.js:
* microbenchmarks/memcpy-typed-loop-small.js:
* microbenchmarks/put-by-val-negative-array-index.js:
2021-07-12 18:02:45 +00:00
2021-07-12 Saam Barati <sbarati@apple.com>
stress/wasm-loop-consistency.js should require the --useExecutableAllocationFuzz=false JSC option
https://bugs.webkit.org/show_bug.cgi?id=227876
Reviewed by Mark Lam.
* stress/wasm-loop-consistency.js:
2021-07-10 21:00:38 +00:00
2021-07-10 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Update test262
https://bugs.webkit.org/show_bug.cgi?id=227851
Reviewed by Mark Lam.
* test262/config.yaml:
* test262/expectations.yaml:
* test262/harness/compareArray.js:
(assert.compareArray):
* test262/harness/regExpUtils.js:
(buildString):
(): Deleted.
* test262/harness/sta.js:
(Test262Error.thrower):
* test262/harness/testIntl.js:
(getLocaleSupportInfo):
* test262/latest-changes-summary.txt:
* test262/test/annexB/language/literals/regexp/legacy-octal-escape.js:
* test262/test/built-ins/ArrayBuffer/options-maxbytelength-diminuitive.js: Added.
* test262/test/built-ins/ArrayBuffer/options-maxbytelength-excessive.js: Added.
* test262/test/built-ins/ArrayBuffer/options-maxbytelength-negative.js: Added.
* test262/test/built-ins/ArrayBuffer/options-maxbytelength-object.js: Added.
(options.maxByteLength.toString):
(options.maxByteLength.valueOf):
* test262/test/built-ins/ArrayBuffer/options-maxbytelength-poisoned.js: Added.
(options.get maxByteLength):
* test262/test/built-ins/ArrayBuffer/options-maxbytelength-undefined.js: Added.
* test262/test/built-ins/ArrayBuffer/options-non-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/detached-buffer.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/invoked-as-accessor.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/invoked-as-func.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/length.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/name.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/prop-desc.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/return-maxbytelength-non-resizable.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/return-maxbytelength-resizable.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/this-has-no-arraybufferdata-internal.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/this-is-not-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/maxByteLength/this-is-sharedarraybuffer.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/detached-buffer.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/invoked-as-accessor.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/invoked-as-func.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/length.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/name.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/prop-desc.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/return-resizable.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/this-has-no-arraybufferdata-internal.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/this-is-not-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resizable/this-is-sharedarraybuffer.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/descriptor.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/extensible.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/length.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/name.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/new-length-excessive.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/new-length-negative.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/new-length-non-number.js: Added.
(newLength.toString):
(newLength.valueOf):
* test262/test/built-ins/ArrayBuffer/prototype/resize/nonconstructor.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-grow.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-same-size-zero-explicit.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-same-size-zero-implicit.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-same-size.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-shrink-zero-explicit.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-shrink-zero-implicit.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/resize-shrink.js: Added.
(catch):
* test262/test/built-ins/ArrayBuffer/prototype/resize/this-is-detached.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/this-is-not-arraybuffer-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/this-is-not-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/this-is-not-resizable-arraybuffer-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/resize/this-is-sharedarraybuffer.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/descriptor.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/extensible.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-fixed-to-larger.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-fixed-to-same.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-fixed-to-smaller.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-fixed-to-zero.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-resizable-to-larger.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-resizable-to-same.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-resizable-to-smaller.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/from-resizable-to-zero.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/length.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/name.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/new-length-excessive.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/new-length-non-number.js: Added.
(newLength.toString):
(newLength.valueOf):
* test262/test/built-ins/ArrayBuffer/prototype/transfer/nonconstructor.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/this-is-detached.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/this-is-not-arraybuffer-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/this-is-not-object.js: Added.
* test262/test/built-ins/ArrayBuffer/prototype/transfer/this-is-sharedarraybuffer.js: Added.
* test262/test/built-ins/DataView/prototype/byteLength/resizable-array-buffer-auto.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/byteLength/resizable-array-buffer-fixed.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/byteOffset/resizable-array-buffer-auto.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/byteOffset/resizable-array-buffer-fixed.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getBigInt64/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getBigUint64/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getFloat32/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getFloat64/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getInt16/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getInt32/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getInt8/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getUint16/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getUint32/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/getUint8/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setBigInt64/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setBigUint64/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setFloat32/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setFloat64/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setInt16/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setInt32/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setInt8/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setUint16/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setUint32/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/DataView/prototype/setUint8/resizable-buffer.js: Added.
(catch):
* test262/test/built-ins/Error/cause_abrupt.js:
(has):
(options.get cause):
* test262/test/built-ins/Object/hasOwn/descriptor.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_exists.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter.js: Added.
(base.get foo):
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_and_setter.js: Added.
(base.get foo):
(base.set foo):
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_and_setter_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_and_setter_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_and_setter_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_and_setter_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_getter_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_nonwritable_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_nonwritable_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_nonwritable_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_nonwritable_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_setter.js: Added.
(base.set foo):
* test262/test/built-ins/Object/hasOwn/hasown_inherited_setter_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_setter_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_setter_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_setter_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_writable_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_writable_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_writable_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_inherited_writable_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_nonexistent.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter.js: Added.
(o.get foo):
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_and_setter.js: Added.
(o.get foo):
(o.set foo):
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_and_setter_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_and_setter_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_and_setter_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_and_setter_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_getter_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_nonwritable_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_nonwritable_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_nonwriteable_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_nonwriteable_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_property_exists.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_setter.js: Added.
(o.set foo):
* test262/test/built-ins/Object/hasOwn/hasown_own_setter_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_setter_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_setter_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_setter_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_writable_configurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_writable_configurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_writable_nonconfigurable_enumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/hasown_own_writable_nonconfigurable_nonenumerable.js: Added.
* test262/test/built-ins/Object/hasOwn/length.js: Added.
* test262/test/built-ins/Object/hasOwn/name.js: Added.
* test262/test/built-ins/Object/hasOwn/not-a-constructor.js: Added.
* test262/test/built-ins/Object/hasOwn/prototype.js: Added.
* test262/test/built-ins/Object/hasOwn/symbol_own_property.js: Added.
* test262/test/built-ins/Object/hasOwn/symbol_property_toPrimitive.js: Added.
(wrapper.Symbol.toPrimitive):
* test262/test/built-ins/Object/hasOwn/symbol_property_toString.js: Added.
(wrapper.toString):
(wrapper.valueOf):
* test262/test/built-ins/Object/hasOwn/symbol_property_valueOf.js: Added.
(wrapper.valueOf):
* test262/test/built-ins/Object/hasOwn/toobject_before_topropertykey.js: Added.
(coercibleKey1.get toString):
(coercibleKey1.get valueOf):
(coercibleKey2.Symbol.toPrimitive):
* test262/test/built-ins/Object/hasOwn/toobject_null.js: Added.
* test262/test/built-ins/Object/hasOwn/toobject_undefined.js: Added.
* test262/test/built-ins/Promise/race/resolve-element-function-extensible.js: Removed.
* test262/test/built-ins/Promise/race/resolve-element-function-name.js: Removed.
* test262/test/built-ins/Promise/race/resolve-element-function-nonconstructor.js: Removed.
* test262/test/built-ins/Promise/race/resolve-element-function-prototype.js: Removed.
* test262/test/built-ins/SharedArrayBuffer/options-maxbytelength-diminuitive.js: Added.
* test262/test/built-ins/SharedArrayBuffer/options-maxbytelength-excessive.js: Added.
* test262/test/built-ins/SharedArrayBuffer/options-maxbytelength-negative.js: Added.
* test262/test/built-ins/SharedArrayBuffer/options-maxbytelength-object.js: Added.
(options.maxByteLength.toString):
(options.maxByteLength.valueOf):
* test262/test/built-ins/SharedArrayBuffer/options-maxbytelength-poisoned.js: Added.
(options.get maxByteLength):
* test262/test/built-ins/SharedArrayBuffer/options-maxbytelength-undefined.js: Added.
* test262/test/built-ins/SharedArrayBuffer/options-non-object.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/descriptor.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/extensible.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/grow-larger-size.js: Added.
(catch):
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/grow-same-size.js: Added.
(catch):
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/grow-smaller-size.js: Added.
(catch):
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/length.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/name.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/new-length-excessive.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/new-length-negative.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/new-length-non-number.js: Added.
(newLength.toString):
(newLength.valueOf):
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/nonconstructor.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/this-is-not-arraybuffer-object.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/this-is-not-object.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/this-is-not-resizable-arraybuffer-object.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/grow/this-is-sharedarraybuffer.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/invoked-as-accessor.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/invoked-as-func.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/length.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/name.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/prop-desc.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/return-growable.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/this-has-no-arraybufferdata-internal.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/this-is-arraybuffer.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/growable/this-is-not-object.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/invoked-as-accessor.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/invoked-as-func.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/length.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/name.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/prop-desc.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/return-maxbytelength-growable.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/return-maxbytelength-non-growable.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/this-has-no-arraybufferdata-internal.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/this-is-arraybuffer.js: Added.
* test262/test/built-ins/SharedArrayBuffer/prototype/maxByteLength/this-is-not-object.js: Added.
* test262/test/built-ins/Symbol/for/description.js: Added.
(symbol.Symbol.toString):
* test262/test/built-ins/Temporal/now/instant/extensible.js: Added.
* test262/test/built-ins/Temporal/now/instant/length.js: Added.
* test262/test/built-ins/Temporal/now/instant/name.js: Added.
* test262/test/built-ins/Temporal/now/instant/not-a-constructor.js: Added.
* test262/test/built-ins/Temporal/now/instant/prop-desc.js: Added.
* test262/test/built-ins/Temporal/now/instant/return-value-distinct.js: Added.
* test262/test/built-ins/Temporal/now/instant/return-value-prototype.js: Added.
* test262/test/built-ins/Temporal/now/instant/return-value-value.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/extensible.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/length.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/name.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/new-object.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/not-a-constructor.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/prop-desc.js: Added.
* test262/test/built-ins/Temporal/now/timeZone/return-value.js: Added.
* test262/test/built-ins/TypedArray/prototype/at/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/byteLength/resizable-array-buffer-auto.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/byteLength/resizable-array-buffer-fixed.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/byteOffset/resizable-array-buffer-auto.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/byteOffset/resizable-array-buffer-fixed.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/copyWithin/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/entries/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/every/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.every):
* test262/test/built-ins/TypedArray/prototype/fill/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/filter/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.filter):
* test262/test/built-ins/TypedArray/prototype/find/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.find):
* test262/test/built-ins/TypedArray/prototype/findIndex/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.findIndex):
* test262/test/built-ins/TypedArray/prototype/forEach/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.forEach):
* test262/test/built-ins/TypedArray/prototype/includes/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/indexOf/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/join/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/keys/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/lastIndexOf/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/length/resizable-array-buffer-auto.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/length/resizable-array-buffer-fixed.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/map/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.map):
* test262/test/built-ins/TypedArray/prototype/reduce/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.reduce):
* test262/test/built-ins/TypedArray/prototype/reduceRight/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.reduceRight):
* test262/test/built-ins/TypedArray/prototype/reverse/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-same-type-resized.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArray/prototype/set/typedarray-arg-target-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/slice/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/some/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
(testWithTypedArrayConstructors.TA.array.some):
* test262/test/built-ins/TypedArray/prototype/sort/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/toLocaleString/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArray/prototype/values/return-abrupt-from-this-out-of-bounds.js: Added.
(testWithTypedArrayConstructors.TA.catch):
* test262/test/built-ins/TypedArrayConstructors/ctors/buffer-arg/excessive-offset-throws-resizable-ab.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/ctors/typedarray-arg/out-of-bounds-when-species-retrieved-different-type.js: Added.
(testWithTypedArrayConstructors.):
(testWithTypedArrayConstructors.get var):
(testWithTypedArrayConstructors.onGetSpecies):
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/ctors/typedarray-arg/out-of-bounds-when-species-retrieved-same-type.js: Added.
(testWithTypedArrayConstructors.):
(testWithTypedArrayConstructors.get var):
(testWithTypedArrayConstructors.onGetSpecies):
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/detached-buffer-realm.js: Removed.
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/detached-buffer-throws-realm.js: Added.
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/detached-buffer-throws.js: Added.
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/key-is-not-numeric-index-throws.js: Added.
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/key-is-numericindex-accessor-desc-throws.js: Added.
(testWithBigIntTypedArrayConstructors.):
(testWithBigIntTypedArrayConstructors.get assert):
(testWithBigIntTypedArrayConstructors.set assert):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/key-is-numericindex-desc-configurable.js:
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/key-is-numericindex-desc-not-configurable-throws.js: Added.
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/key-is-numericindex-desc-not-enumerable-throws.js: Added.
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/key-is-numericindex-desc-not-writable-throws.js: Added.
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt/tonumber-value-detached-buffer.js:
(testWithBigIntTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/detached-buffer-realm.js: Removed.
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/detached-buffer-throws-realm.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/detached-buffer-throws.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/key-is-not-numeric-index-throws.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/key-is-numericindex-accessor-desc-throws.js: Added.
(testWithTypedArrayConstructors.):
(testWithTypedArrayConstructors.get assert):
(testWithTypedArrayConstructors.set assert):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/key-is-numericindex-desc-configurable.js:
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/key-is-numericindex-desc-not-configurable-throws.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/key-is-numericindex-desc-not-enumerable-throws.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/key-is-numericindex-desc-not-writable-throws.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/tonumber-value-detached-buffer.js:
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/Delete/key-is-symbol.js:
* test262/test/built-ins/TypedArrayConstructors/internals/HasProperty/resizable-array-buffer-auto.js: Added.
(inspect):
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/HasProperty/resizable-array-buffer-fixed.js: Added.
(inspect):
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/OwnPropertyKeys/integer-indexes-resizable-array-buffer-auto.js: Added.
(testWithTypedArrayConstructors):
* test262/test/built-ins/TypedArrayConstructors/internals/OwnPropertyKeys/integer-indexes-resizable-array-buffer-fixed.js: Added.
(testWithTypedArrayConstructors):
* test262/test/intl402/DateTimeFormat/constructor-options-style-conflict.js: Added.
* test262/test/intl402/Locale/prototype/calendars/branding.js: Added.
* test262/test/intl402/Locale/prototype/calendars/name.js: Added.
* test262/test/intl402/Locale/prototype/calendars/output-array.js: Added.
* test262/test/intl402/Locale/prototype/calendars/prop-desc.js: Added.
* test262/test/intl402/Locale/prototype/collations/branding.js: Added.
* test262/test/intl402/Locale/prototype/collations/name.js: Added.
* test262/test/intl402/Locale/prototype/collations/output-array-values.js: Added.
* test262/test/intl402/Locale/prototype/collations/output-array.js: Added.
* test262/test/intl402/Locale/prototype/collations/prop-desc.js: Added.
* test262/test/intl402/Locale/prototype/hourCycles/branding.js: Added.
* test262/test/intl402/Locale/prototype/hourCycles/name.js: Added.
* test262/test/intl402/Locale/prototype/hourCycles/output-array-values.js: Added.
* test262/test/intl402/Locale/prototype/hourCycles/output-array.js: Added.
* test262/test/intl402/Locale/prototype/hourCycles/prop-desc.js: Added.
* test262/test/intl402/Locale/prototype/numberingSystems/branding.js: Added.
* test262/test/intl402/Locale/prototype/numberingSystems/name.js: Added.
* test262/test/intl402/Locale/prototype/numberingSystems/output-array.js: Added.
* test262/test/intl402/Locale/prototype/numberingSystems/prop-desc.js: Added.
* test262/test/intl402/Locale/prototype/textInfo/branding.js: Added.
* test262/test/intl402/Locale/prototype/textInfo/name.js: Added.
* test262/test/intl402/Locale/prototype/textInfo/output-object-keys.js: Added.
* test262/test/intl402/Locale/prototype/textInfo/output-object.js: Added.
* test262/test/intl402/Locale/prototype/textInfo/prop-desc.js: Added.
* test262/test/intl402/Locale/prototype/timeZones/branding.js: Added.
* test262/test/intl402/Locale/prototype/timeZones/name.js: Added.
* test262/test/intl402/Locale/prototype/timeZones/output-array-sorted.js: Added.
* test262/test/intl402/Locale/prototype/timeZones/output-array.js: Added.
* test262/test/intl402/Locale/prototype/timeZones/output-undefined.js: Added.
* test262/test/intl402/Locale/prototype/timeZones/prop-desc.js: Added.
* test262/test/intl402/Locale/prototype/weekInfo/branding.js: Added.
* test262/test/intl402/Locale/prototype/weekInfo/name.js: Added.
* test262/test/intl402/Locale/prototype/weekInfo/output-object-keys.js: Added.
* test262/test/intl402/Locale/prototype/weekInfo/output-object.js: Added.
* test262/test/intl402/Locale/prototype/weekInfo/prop-desc.js: Added.
* test262/test/intl402/Segmenter/constructor/supportedLocalesOf/locales-specific.js:
* test262/test/intl402/Segmenter/prototype/segment/containing/iswordlike.js:
(other_granularities.forEach):
* test262/test/intl402/Segmenter/prototype/segment/containing/one-index.js:
(toString):
(valueOf):
(Symbol.toPrimitive):
* test262/test/intl402/Segmenter/prototype/segment/containing/out-of-bound-index.js:
(toString):
(valueOf):
(Symbol.toPrimitive):
* test262/test/intl402/Segmenter/prototype/segment/containing/word-iswordlike.js:
(inputs.forEach):
* test262/test/intl402/Segmenter/prototype/segment/containing/zero-index.js:
(toString):
(valueOf):
(Symbol.toPrimitive):
* test262/test/intl402/Segmenter/prototype/segment/segment-grapheme-iterable.js:
(const.v.of.seg.segment):
* test262/test/intl402/Segmenter/prototype/segment/segment-sentence-iterable.js:
(const.v.of.seg.segment):
* test262/test/intl402/Segmenter/prototype/segment/segment-word-iterable.js:
(const.v.of.seg.segment):
* test262/test/intl402/fallback-locales-are-supported.js:
(testWithIntlConstructors):
* test262/test/intl402/supportedLocalesOf-consistent-with-resolvedOptions.js:
(testWithIntlConstructors):
* test262/test/intl402/supportedLocalesOf-unicode-extensions-ignored.js:
(testWithIntlConstructors.):
(testWithIntlConstructors):
* test262/test/language/expressions/arrow-function/extensibility.js: Added.
(assert.Object.isExtensible):
* test262/test/language/expressions/arrow-function/syntax/arrowparameters-cover-initialize-2.js:
* test262/test/language/expressions/assignment/S11.13.1_A7_T1.js: Removed.
* test262/test/language/expressions/assignment/S11.13.1_A7_T2.js: Removed.
* test262/test/language/expressions/assignment/target-member-computed-reference-null.js: Added.
(DummyError):
(prop):
(expr):
(prop.toString):
* test262/test/language/expressions/assignment/target-member-computed-reference-undefined.js: Added.
(DummyError):
(prop):
(expr):
(prop.toString):
* test262/test/language/expressions/assignment/target-member-identifier-reference-null.js: Added.
* test262/test/language/expressions/assignment/target-member-identifier-reference-undefined.js: Added.
* test262/test/language/expressions/assignment/target-super-computed-reference-null.js: Added.
(C.m):
(C):
* test262/test/language/expressions/assignment/target-super-identifier-reference-null.js: Added.
(C.m):
(C):
* test262/test/language/expressions/delete/member-computed-reference-null.js: Added.
* test262/test/language/expressions/delete/member-computed-reference-undefined.js: Added.
* test262/test/language/expressions/delete/member-identifier-reference-null.js: Added.
* test262/test/language/expressions/delete/member-identifier-reference-undefined.js: Added.
* test262/test/language/expressions/delete/super-property-null-base.js: Added.
(C.m):
(C):
* test262/test/language/expressions/dynamic-import/2nd-param-assert-enumeration-abrupt.js: Added.
(options.ownKeys):
(options.then):
* test262/test/language/expressions/dynamic-import/2nd-param-assert-enumeration.js: Added.
(options.ownKeys):
(options.get _):
(options.getOwnPropertyDescriptor):
(options.then):
* test262/test/language/expressions/dynamic-import/2nd-param-assert-non-object.js: Added.
(test):
(string_appeared_here.then):
* test262/test/language/expressions/dynamic-import/2nd-param-assert-undefined.js: Added.
(then):
* test262/test/language/expressions/dynamic-import/2nd-param-assert-value-abrupt.js: Added.
(assert.get string_appeared_here):
(then):
* test262/test/language/expressions/dynamic-import/2nd-param-assert-value-non-string.js: Added.
(test):
(string_appeared_here.then):
* test262/test/language/expressions/dynamic-import/2nd-param-await-expr.js: Added.
* test262/test/language/expressions/dynamic-import/2nd-param-await-ident.js: Added.
(await):
(await.undefined.then):
* test262/test/language/expressions/dynamic-import/2nd-param-evaluation-abrupt-return.js: Added.
(iter):
* test262/test/language/expressions/dynamic-import/2nd-param-evaluation-abrupt-throw.js: Added.
(throwError):
* test262/test/language/expressions/dynamic-import/2nd-param-evaluation-sequence.js: Added.
* test262/test/language/expressions/dynamic-import/2nd-param-get-assert-error.js: Added.
(options.get assert):
(options.then):
* test262/test/language/expressions/dynamic-import/2nd-param-in.js: Added.
(promise.then):
* test262/test/language/expressions/dynamic-import/2nd-param-non-object.js: Added.
(test):
(string_appeared_here.then):
* test262/test/language/expressions/dynamic-import/2nd-param-trailing-comma-fulfill.js: Added.
(then):
* test262/test/language/expressions/dynamic-import/2nd-param-trailing-comma-reject.js: Added.
(import.toString):
(then):
* test262/test/language/expressions/dynamic-import/2nd-param-yield-expr.js: Added.
(iter):
(promise.then):
* test262/test/language/expressions/dynamic-import/2nd-param-yield-ident-invalid.js: Added.
* test262/test/language/expressions/dynamic-import/2nd-param-yield-ident-valid.js: Added.
(yield.then):
* test262/test/language/expressions/dynamic-import/2nd-param_FIXTURE.js: Added.
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-not-extensible-args.js:
(let.f):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-await-not-extensible-args.js:
(async await):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-return-await-not-extensible-args.js:
(async await):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-return-await-not-extensible-no-trailing-comma.js: Removed.
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-not-extensible-args.js:
(async f):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-not-extensible-args.js:
(async f):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-return-await-not-extensible-args.js:
(async f):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-return-await-not-extensible-no-trailing-comma.js: Removed.
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-gen-await-not-extensible-args.js:
(async f):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-block-labeled-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-block-not-extensible-args.js:
(DONOTEVALUATE):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-do-while-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-else-braceless-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-else-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-function-not-extensible-args.js:
(fn):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-function-return-not-extensible-args.js:
(fn):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-if-braceless-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-if-braceless-not-extensible-no-trailing-comma.js: Removed.
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-if-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-while-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-with-expression-not-extensible-args.js:
(with.import):
* test262/test/language/expressions/dynamic-import/syntax/invalid/nested-with-not-extensible-args.js:
(with):
* test262/test/language/expressions/dynamic-import/syntax/invalid/top-level-not-extensible-args.js:
* test262/test/language/expressions/dynamic-import/syntax/invalid/top-level-not-extensible-no-trailing-comma.js: Removed.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-arrow-assignment-expression-trailing-comma-first.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-arrow-assignment-expression-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-arrow-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-not-extensible-no-trailing-comma.js.
(let.f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-arrow-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-not-extensible-args.js.
(let.f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-await-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-await-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-await-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-await-not-extensible-args.js.
(async await):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-return-await-trailing-comma-first.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-return-await-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-args.js.
(async await):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-function-await-trailing-comma-first.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-not-extensible-args.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-function-await-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-not-extensible-args.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-function-return-await-trailing-comma-first.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-not-extensible-args.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-function-return-await-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-not-extensible-args.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-function-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-not-extensible-no-trailing-comma.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-function-trailing-comma-second.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-function-not-extensible-no-trailing-comma.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-gen-await-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-gen-await-not-extensible-no-trailing-comma.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-async-gen-await-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-async-gen-await-not-extensible-args.js.
(async f):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-block-labeled-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-block-labeled-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-block-labeled-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-block-labeled-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-block-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-block-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-block-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-block-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-do-while-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-do-while-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-do-while-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-do-while-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-else-braceless-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-else-braceless-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-else-braceless-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-else-braceless-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-else-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-else-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-else-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-else-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-function-return-trailing-comma-first.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-function-return-not-extensible-args.js.
(fn):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-function-return-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-function-return-not-extensible-args.js.
(fn):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-function-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-function-not-extensible-no-trailing-comma.js.
(fn):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-function-trailing-comma-second.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-function-return-not-extensible-no-trailing-comma.js.
(fn):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-if-braceless-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-if-braceless-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-if-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-if-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-if-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-if-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-while-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-while-not-extensible-no-trailing-comma.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-while-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-while-not-extensible-args.js.
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-with-expression-trailing-comma-first.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-with-not-extensible-args.js.
(with.import):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-with-expression-trailing-comma-second.js: Copied from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-with-not-extensible-args.js.
(with.import):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-with-trailing-comma-first.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-with-not-extensible-no-trailing-comma.js.
(with):
* test262/test/language/expressions/dynamic-import/syntax/valid/nested-with-trailing-comma-second.js: Renamed from JSTests/test262/test/language/expressions/dynamic-import/syntax/invalid/nested-with-expression-not-extensible-no-trailing-comma.js.
(with):
* test262/test/language/expressions/dynamic-import/syntax/valid/top-level-trailing-comma-first.js: Added.
* test262/test/language/expressions/dynamic-import/syntax/valid/top-level-trailing-comma-second.js: Added.
* test262/test/language/expressions/dynamic-import/trailing-comma-fulfill.js: Added.
(then):
* test262/test/language/expressions/dynamic-import/trailing-comma-reject.js: Added.
(import.toString):
(then):
* test262/test/language/expressions/template-literal/invalid-legacy-octal-escape-sequence-8.js:
* test262/test/language/expressions/template-literal/invalid-legacy-octal-escape-sequence-9.js:
* test262/test/language/expressions/template-literal/invalid-legacy-octal-escape-sequence.js:
* test262/test/language/import/json-extensibility-array.js: Added.
* test262/test/language/import/json-extensibility-object.js: Added.
* test262/test/language/import/json-idempotency-indirect_FIXTURE.js: Added.
* test262/test/language/import/json-idempotency.js: Added.
(then):
* test262/test/language/import/json-invalid.js: Added.
* test262/test/language/import/json-named-bindings.js: Added.
* test262/test/language/import/json-value-array.js: Added.
* test262/test/language/import/json-value-boolean.js: Added.
* test262/test/language/import/json-value-null.js: Added.
* test262/test/language/import/json-value-number.js: Added.
* test262/test/language/import/json-value-object.js: Added.
* test262/test/language/import/json-value-string.js: Added.
* test262/test/language/import/json-via-namespace.js: Added.
* test262/test/language/literals/numeric/legacy-octal-integer-strict.js:
* test262/test/language/literals/numeric/legacy-octal-integer.js: Renamed from JSTests/test262/test/annexB/language/literals/numeric/legacy-octal-integer.js.
* test262/test/language/literals/numeric/non-octal-decimal-integer-strict.js:
* test262/test/language/literals/numeric/non-octal-decimal-integer.js: Renamed from JSTests/test262/test/annexB/language/literals/numeric/non-octal-decimal-integer.js.
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-1-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-2-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-3-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-4-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-5-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-6-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-7-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-8-non-strict.js: Added.
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-8-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-8-strict.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-9-non-strict.js: Added.
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-9-strict-explicit-pragma.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-9-strict.js:
* test262/test/language/literals/string/legacy-non-octal-escape-sequence-strict.js:
* test262/test/language/literals/string/legacy-octal-escape-sequence-strict.js:
* test262/test/language/literals/string/legacy-octal-escape-sequence.js: Renamed from JSTests/test262/test/annexB/language/literals/string/legacy-octal-escape-sequence.js.
* test262/test/language/module-code/early-dup-assert-key-export.js: Added.
* test262/test/language/module-code/early-dup-assert-key-import-nobinding.js: Added.
* test262/test/language/module-code/early-dup-assert-key-import-withbinding.js: Added.
* test262/test/language/module-code/early-export-ill-formed-string.js:
* test262/test/language/module-code/eval-gtbndng-indirect-faux-assertion.js: Added.
* test262/test/language/module-code/import-assertion-1_FIXTURE.js: Added.
* test262/test/language/module-code/import-assertion-2_FIXTURE.js: Added.
* test262/test/language/module-code/import-assertion-3_FIXTURE.js: Added.
* test262/test/language/module-code/import-assertion-empty.js: Added.
* test262/test/language/module-code/import-assertion-key-identifiername.js: Added.
* test262/test/language/module-code/import-assertion-key-string-double.js: Added.
* test262/test/language/module-code/import-assertion-key-string-single.js: Added.
* test262/test/language/module-code/import-assertion-many.js: Added.
* test262/test/language/module-code/import-assertion-newlines.js: Added.
* test262/test/language/module-code/import-assertion-trlng-comma.js: Added.
* test262/test/language/module-code/import-assertion-value-string-double.js: Added.
* test262/test/language/module-code/import-assertion-value-string-single.js: Added.
* test262/test/language/module-code/instn-star-as-props-dflt-skip.js:
* test262/test/language/module-code/top-level-await/dfs-invariant-async_FIXTURE.js: Added.
* test262/test/language/module-code/top-level-await/dfs-invariant-direct-1_FIXTURE.js: Added.
* test262/test/language/module-code/top-level-await/dfs-invariant-direct-2_FIXTURE.js: Added.
* test262/test/language/module-code/top-level-await/dfs-invariant-indirect_FIXTURE.js: Added.
* test262/test/language/module-code/top-level-await/dfs-invariant.js: Added.
* test262/test/language/statements/for-of/head-lhs-async-escaped.js: Added.
* test262/test/language/statements/for-of/head-lhs-async-parens.js: Added.
* test262/test262-Revision.txt:
2021-07-08 17:05:54 +00:00
2021-07-08 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Update Intl.Locale test after AppleICU update
https://bugs.webkit.org/show_bug.cgi?id=227788
Reviewed by Keith Miller.
This patch fixes Intl.Locale test since AppleICU fixes the ICU bug and starts producing the right results.
* stress/intl-long-locale-id-maximize-minimize.js:
(shouldBe):
2021-07-08 00:55:24 +00:00
2021-07-07 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Fix Object.assign fast path to accept undefined/null
https://bugs.webkit.org/show_bug.cgi?id=227769
rdar://80264271
Reviewed by Saam Barati.
* stress/object-assign-undefined.js: Added.
(test):
2021-07-07 03:12:05 +00:00
2021-07-06 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r279546, r279554, r279558 and r279567.
https://bugs.webkit.org/show_bug.cgi?id=227732
Speedometer/jQuery-TodoMVC 2-3% regression
Reverted changesets:
"[WebIDL] Rework runtime enabled properties leveraging
PropertyCallback"
https://bugs.webkit.org/show_bug.cgi?id=227275
https://commits.webkit.org/r279546
"[WebIDL] Generate constructor's hash table in
GenerateConstructorHelperMethods"
https://bugs.webkit.org/show_bug.cgi?id=227668
https://commits.webkit.org/r279554
"[WebIDL] Simplify generation of runtime conditionally read-
write attributes"
https://bugs.webkit.org/show_bug.cgi?id=227672
https://commits.webkit.org/r279558
"Use AbortSignal's [PrivateIdentifier] whenSignalAborted()
static method"
https://bugs.webkit.org/show_bug.cgi?id=227673
https://commits.webkit.org/r279567
2021-07-06 21:12:55 +00:00
2021-07-06 Saam Barati <sbarati@apple.com>
Run microbenchmarks/memcpy-typed-loop-small.js for fewer iterations to avoid timeouts
https://bugs.webkit.org/show_bug.cgi?id=227717
Reviewed by Robin Morisset.
* microbenchmarks/memcpy-typed-loop-small.js:
2021-07-06 19:25:04 +00:00
2021-07-05 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Optimize Object.assign and putDirectInternal
https://bugs.webkit.org/show_bug.cgi?id=227677
Reviewed by Filip Pizlo.
* microbenchmarks/object-assign-replace.js: Added.
(test):
* microbenchmarks/object-assign-transition.js: Added.
(test):
[WebIDL] Rework runtime enabled properties leveraging PropertyCallback
https://bugs.webkit.org/show_bug.cgi?id=227275
Reviewed by Saam Barati.
JSTests:
* stress/lazy-property-cross-realm.js: Added.
* stress/lazy-property-get-cache.js: Added.
* stress/lazy-property-gopd.js: Added.
* stress/lazy-property-hasownproperty-cache.js: Added.
* stress/lazy-property-put-cache.js: Added.
Source/JavaScriptCore:
To make the implementation of WebIDL runtime enabled properties independent of eager
property reification, this change:
1. Introduces IsLazyPropertyEnabledCallback, which is needed separately from existing
value callback to maintain the invariant that reifyStaticProperty() always puts a
property, and to keep enumeration fast.
Calling disableCaching() isn't enough to achieve correct [[Get]] inline caching,
so isTaintedByOpaqueObject() is leveraged to prohibit caching of runtime disabled
properties, just like in operationTryGetByIdOptimize().
The only case that might seem weird is runtime disabled properties, which were
enabled after all static properties were reified via [[Delete]], are not appearing.
It's fixable, yet there is currently no demand for it.
2. Adds support for LazyPropertyCallback returning GetterSetter / CustomGetterSetter,
ensuring correct structure flags and slot initialization. Previously, the callback
was used to init only objects and constructors, using putDirect() unconditionally.
To avoid mixing other non-basic attributes with PropertyCallback, which would require
hoisting of checks against PropertyCallback and complicating attribute validation in
HashTableValue methods, this patch checks the type of callback's return value instead.
In the future, sticking to this approach will make returning CustomValue impossible
as it can't be distinguished from CustomAccessor. That's fine because all present
CustomValue usages merely do lazy init, which PropertyCallback is better suited for.
Also, this patch:
3. Expands setUpStaticFunctionSlot() to handle constant integers so the code using
`Node.ELEMENT_NODE` & friends doesn't regress (proven by attached microbenchmark).
4. Removes extra checks from setUpStaticPropertySlot(), which is called only on
non-reified properties.
5. Removes invariant that DOMJITAttribute property is read-only, which was broken
by `document.body` having a non-JIT custom setter. This aligns non-reified
properties with structure ones.
* jit/Repatch.cpp:
(JSC::tryCacheGetBy):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):
* runtime/HasOwnPropertyCache.h:
(JSC::HasOwnPropertyCache::tryAdd):
* runtime/JSObject.cpp:
(JSC::lookupPropertyForPut):
(JSC::JSObject::putInlineSlow):
(JSC::JSObject::reifyAllStaticProperties):
* runtime/JSObject.h:
(JSC::JSObject::getOwnNonIndexPropertySlot):
(JSC::JSObject::fillStructurePropertySlot):
* runtime/JSObjectInlines.h:
(JSC::JSObject::getNonReifiedStaticPropertyNames):
* runtime/Lookup.cpp:
(JSC::setUpStaticPropertySlot):
(JSC::setUpStaticFunctionSlot): Deleted.
* runtime/Lookup.h:
(JSC::HashTableValue::isLazyPropertyEnabled const):
(JSC::getStaticPropertySlotFromTable):
(JSC::reifyStaticProperty):
(JSC::reifyStaticProperties):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSDollarVM::finishCreation):
Source/WebCore:
This performance-neutral change makes implementation of runtime enabled properties independent
of eager property reification, slightly optimizing DOM global objects initialization.
A follow-up patch (webkit.org/b/158557) will remove eager property reification of WebIDL
constructors / prototypes, further reducing CPU usage and memory cost on page load.
Provided we reify properties without creating transitions and avoid conversion to a cacheable
dictionary, that should not regress performance & memory usage as well. Non-reified custom
accessors / values are inline-cached, even through JSProxy. DOM methods are reified on first
lookup; the same approach is used for multiple hot JSC built-ins (e.g. StringPrototype).
A huge refactoring was required to keep generation of lazy property callbacks within a single
function. Handling of private identifiers was decoupled from public ones, while hash table
generation for constructors / prototypes / instances was merged into GenerateHashTable.
This approach preserves HashTable's immutability while avoiding addition of extra checks to
entry lookup and memory usage increase. Another important advantage: a feature that was
enabled after its interface was created, immediately becomes usable (no page reload needed).
Also, this change removes all usages of DeletePropertyModeScope from WebCore, which was used
to disable non-configurable constants at runtime, allowing its complete removal in the future.
No new tests, no behavior change.
* bindings/js/JSDOMBuiltinConstructor.h:
* bindings/js/JSDOMConstructor.h:
* bindings/js/JSDOMConstructorNotCallable.h:
* bindings/js/JSDOMConstructorNotConstructable.h:
* bindings/scripts/CodeGeneratorJS.pm:
Extract IDLInterface::className() to avoid passing $className as an argument.
(InstanceOperationCount): Deleted.
(PrototypeOperationCount): Deleted.
(InstancePropertyCount): Deleted.
(PrototypePropertyCount): Deleted.
(PrototypeHasStaticPropertyTable): Deleted.
(ConstructorHasProperties):
(PrototypeHasProperties):
(InstanceHasProperties):
Remove *Count helpers because they were incorrect with constants, overloads, private identifiers,
and Symbol.iterator. Instead, do the count in GeneratePropertiesHashTable to avoid duplicate checks.
(GeneratePropertiesHashTable):
(GenerateHashTableValueArray):
- Compute $hasSetterOrReadonlyProperties early because it's impossible to detect runtime enabled accessors,
which are concealed behind PropertyAttribute::PropertyCallback, in GenerateHashTableValueArray.
- Set HashTable.hasSetterOrReadonlyProperties to `true` if a read-only value (constant) was seen.
(GenerateRuntimeEnableConditionalString):
Always use provided $globalObjectPtr parameter.
(GenerateHashTable):
- Simplify name inference for HashTable's values / indices since hash table names never include ":".
- Nicely simplify generation of hash table kind comment.
- Set HashTable.classForThis to `nullptr` for constructors because they can't have DOMAttribute properties.
(GenerateImplementation):
- Set ReadOnly attribute for runtime read-only accessors that shadow setter from static hash table.
- Reify "entries" property of an iterable interface to ensure its identity with Symbol.iterator method.
(GeneratePrivateIdentifiers):
- Add support for accelerated DOM attributes, which are rather common.
- Add support for static operations, which we have a use case for (see @whenSignalAborted).
(GeneratePrototypeDeclaration):
Set HasStaticPropertyTable structure flag for global interfaces as well, progressing idlharness.js test.
(GenerateConstructorHelperMethods):
Ensure that HasStaticPropertyTable structure flag is set for constructors as well.
(StringifyJSCAttributes):
(GetJSCAttributesForAttribute):
(ShouldBeOnInstance):
(GenerateHeader):
(GetAttributeGetter):
(GetAttributeSetter):
(GetAttributeJSValue):
(GetOperationJSValue):
(GenerateLazyPropertyCallbacks):
(GenerateCallbackImplementationContent):
(GetRuntimeEnabledStaticProperties): Deleted.
* bindings/scripts/test/JS/*: Updated.
* bindings/scripts/test/DOMWindowConstructors.idl:
* bindings/scripts/test/TestEnabledBySetting.idl:
* bindings/scripts/test/TestObj.idl:
Cover [PrivateIdentifiers] with accelerated DOM attributes, static operations, and constructors.
LayoutTests:
* platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
Canonical link: https://commits.webkit.org/239382@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@279546 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-07-03 19:57:46 +00:00
2021-07-03 Alexey Shvayka <shvaikalesh@gmail.com>
[WebIDL] Rework runtime enabled properties leveraging PropertyCallback
https://bugs.webkit.org/show_bug.cgi?id=227275
Reviewed by Saam Barati.
* stress/lazy-property-cross-realm.js: Added.
* stress/lazy-property-get-cache.js: Added.
* stress/lazy-property-gopd.js: Added.
* stress/lazy-property-hasownproperty-cache.js: Added.
* stress/lazy-property-put-cache.js: Added.
2021-07-01 06:07:33 +00:00
2021-06-30 Saam Barati <sbarati@apple.com>
Turn off data ICs by default
https://bugs.webkit.org/show_bug.cgi?id=227334
<rdar://problem/79802812>
Reviewed by Yusuke Suzuki.
* microbenchmarks/deltablue-varargs.js:
* microbenchmarks/richards-try-catch.js:
2021-07-01 02:12:20 +00:00
2021-06-30 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Stop generating default parameter code if class constructor is called without 'new'
https://bugs.webkit.org/show_bug.cgi?id=227547
rdar://78821453
Reviewed by Mark Lam.
* stress/calling-non-callable-constructors.js: Added.
(shouldThrow):
[JSC] Private names should be handled by usedVariables mechanism
https://bugs.webkit.org/show_bug.cgi?id=227476
rdar://76049469
Reviewed by Saam Barati.
Source/JavaScriptCore:
Private name handling in the current parser has many problems.
1. The parser backtracks when it sees destructuring assignment, arrow function etc. In that case, the discarded code
must not have any effect on the outside of that code. However, private name handling is annotating "used" of the
upper scopes, which is wrong.
2. In class expression, private name lookup intentionally skips the class-scope when parsing class heritage. But this
is not correct since CodeBlock will perform lookup on the normal scope chain and this will look into the class-scope
inconsistently. This means that we could encounter different private name at runtime. (it is tested in the added test).
3. We skip inner function parsing when it is parsed previously. At that case, we must preserve private name annotation,
but restored function information does not preserve that.
This patch changes how private name is handled.
1. We were anyway defining #XXX variables which holds private symbols. So we track "use" information by the mechanism used
for usual variables. We remove Used / Declared bits from PrivateNameEntry since they are not necessary at runtime, and
these information is handled / tracked in Parser's Scope. For backtracking, we already have a mechanism to roll-back
m_usedVariables, so using variable mechanism automatically fixes the problem.
2. We define class-head-scope separately from class-scope. class-heritage expression can see class name, but it cannot use
private names. Previously, our implementation attempted to achieve that by hacky way: skipping this class-scope for private
names only while parsing class-heritage. But this was wrong since it does not consider CodeBlock's linking phase as described
in the problem (2). Instead, we just define class-head-scope which holds class constructor name.
3. We clean up popScopeInternal to populate lexical-variables and function-stack. Previously, we are stealing them before popping
the scope when necessary, but this is a hack and a bit wrong since scope's popping operation needs to access these information
in some cases. Instead, popScopeInternal populates them after popping the scope.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::pushClassHeadLexicalScope):
(JSC::BytecodeGenerator::popClassHeadLexicalScope):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ClassExprNode::emitBytecode):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createClassExpr):
(JSC::ASTBuilder::createBlockStatement):
(JSC::ASTBuilder::createForLoop):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createForOfLoop):
(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::createSwitchStatement):
* parser/NodeConstructors.h:
(JSC::ForNode::ForNode):
(JSC::TryNode::TryNode):
(JSC::ClassExprNode::ClassExprNode):
(JSC::SwitchNode::SwitchNode):
(JSC::BlockNode::BlockNode):
(JSC::EnumerationNode::EnumerationNode):
(JSC::ForInNode::ForInNode):
(JSC::ForOfNode::ForOfNode):
* parser/Nodes.cpp:
(JSC::ScopeNode::ScopeNode):
(JSC::ProgramNode::ProgramNode):
(JSC::ModuleProgramNode::ModuleProgramNode):
(JSC::EvalNode::EvalNode):
(JSC::FunctionNode::FunctionNode):
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):
* parser/Nodes.h:
(JSC::VariableEnvironmentNode::VariableEnvironmentNode): Deleted.
* parser/Parser.cpp:
(JSC::isPrivateFieldName):
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseForStatement):
(JSC::Parser<LexerType>::parseSwitchStatement):
(JSC::Parser<LexerType>::parseTryStatement):
(JSC::Parser<LexerType>::parseBlockStatement):
(JSC::Parser<LexerType>::parseFunctionDeclarationStatement):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseBinaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
(JSC::Parser<LexerType>::usePrivateName): Deleted.
* parser/Parser.h:
(JSC::Scope::finalizeLexicalEnvironment):
(JSC::Scope::takeLexicalEnvironment):
(JSC::Scope::takeDeclaredVariables):
(JSC::Scope::takeFunctionDeclarations):
(JSC::Scope::forEachUsedVariable):
(JSC::Scope::usePrivateName):
(JSC::Scope::currentUsedVariablesSize):
(JSC::Parser::popScopeInternal):
(JSC::Parser::popScope):
(JSC::Parser<LexerType>::parse):
(JSC::Scope::copyUndeclaredPrivateNamesTo): Deleted.
(JSC::Scope::hasUsedButUndeclaredPrivateNames const): Deleted.
(JSC::Parser::privateNameScope): Deleted.
(JSC::Parser::copyUndeclaredPrivateNamesToOuterScope): Deleted.
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createClassExpr):
(JSC::SyntaxChecker::createBlockStatement):
(JSC::SyntaxChecker::createForLoop):
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createForOfLoop):
(JSC::SyntaxChecker::createTryStatement):
(JSC::SyntaxChecker::createSwitchStatement):
* parser/VariableEnvironment.cpp:
(JSC::VariableEnvironmentEntry::dump const):
(JSC::VariableEnvironment::declarePrivateField):
(JSC::VariableEnvironment::declarePrivateAccessor):
(JSC::VariableEnvironment::declarePrivateMethod):
(JSC::VariableEnvironment::dump const):
* parser/VariableEnvironment.h:
(JSC::VariableEnvironment::declarePrivateField):
(JSC::VariableEnvironment::privateNameEnvironment):
(JSC::VariableEnvironment::addPrivateNamesFrom):
(JSC::PrivateNameEntry::isUsed const): Deleted.
(JSC::PrivateNameEntry::isDeclared const): Deleted.
(JSC::PrivateNameEntry::setIsUsed): Deleted.
(JSC::PrivateNameEntry::setIsDeclared): Deleted.
(JSC::VariableEnvironment::usePrivateName): Deleted.
(JSC::VariableEnvironment::copyPrivateNamesTo const): Deleted.
(JSC::VariableEnvironment::copyUndeclaredPrivateNamesTo const): Deleted.
Canonical link: https://commits.webkit.org/239303@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@279447 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-07-01 02:03:55 +00:00
2021-06-29 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Private names should be handled by usedVariables mechanism
https://bugs.webkit.org/show_bug.cgi?id=227476
rdar://76049469
Reviewed by Saam Barati.
2021-06-30 14:13:37 +00:00
2021-06-30 Mikhail R. Gadelha <mikhail@igalia.com>
Unskip interpreter-wasm.js on ARM and MIPS
https://bugs.webkit.org/show_bug.cgi?id=227295
Reviewed by Caio Araujo Neponoceno de Lima.
Changed the testcase to be guarded by $vm.isWasmSupported(), so the
test will be executed once wasm is available in the arch
* microbenchmarks/interpreter-wasm.js:
(key.in.Module.Module.hasOwnProperty): Deleted.
(quit_): Deleted.
(locateFile): Deleted.
(ENVIRONMENT_IS_NODE.read_): Deleted.
(ENVIRONMENT_IS_NODE.readBinary): Deleted.
(ENVIRONMENT_IS_NODE.quit_): Deleted.
(ENVIRONMENT_IS_NODE.Module.string_appeared_here): Deleted.
(else.read_): Deleted.
(else.readBinary): Deleted.
(else.quit_): Deleted.
(else): Deleted.
(else.xhr.onload): Deleted.
(else.readAsync): Deleted.
(else.setWindowTitle): Deleted.
(key.in.moduleOverrides.moduleOverrides.hasOwnProperty): Deleted.
(dynamicAlloc): Deleted.
(getNativeTypeSize): Deleted.
(warnOnce): Deleted.
(convertJsFunctionToWasm): Deleted.
(addFunctionWasm): Deleted.
(removeFunctionWasm): Deleted.
(): Deleted.
(setTempRet0): Deleted.
(setValue): Deleted.
(assert): Deleted.
(getCFunc): Deleted.
(toC.string_appeared_here): Deleted.
(convertReturnValue): Deleted.
(ccall): Deleted.
(UTF8ArrayToString): Deleted.
(UTF8ToString): Deleted.
(stringToUTF8Array): Deleted.
(stringToUTF8): Deleted.
(lengthBytesUTF8): Deleted.
(allocateUTF8OnStack): Deleted.
(writeArrayToMemory): Deleted.
(writeAsciiToMemory): Deleted.
(updateGlobalBufferAndViews): Deleted.
(callRuntimeCallbacks): Deleted.
(preRun): Deleted.
(initRuntime): Deleted.
(preMain): Deleted.
(exitRuntime): Deleted.
(postRun): Deleted.
(addOnPreRun): Deleted.
(addOnPostRun): Deleted.
(addRunDependency): Deleted.
(removeRunDependency): Deleted.
(hasPrefix): Deleted.
(isDataURI): Deleted.
(isFileURI): Deleted.
(getBinary): Deleted.
(getBinaryPromise): Deleted.
(createWasm.receiveInstance): Deleted.
(createWasm.receiveInstantiatedSource): Deleted.
(createWasm.instantiateArrayBuffer): Deleted.
(createWasm.instantiateAsync.): Deleted.
(createWasm.instantiateAsync): Deleted.
(createWasm): Deleted.
(__ATINIT__.push.func): Deleted.
(demangle): Deleted.
(demangleAll): Deleted.
(_emscripten_get_sbrk_ptr): Deleted.
(_emscripten_memcpy_big): Deleted.
(abortOnCannotGrowMemory): Deleted.
(_emscripten_resize_heap): Deleted.
(PATH.splitPath): Deleted.
(PATH.normalizeArray): Deleted.
(PATH.normalize): Deleted.
(PATH.dirname): Deleted.
(PATH.basename): Deleted.
(PATH.extname): Deleted.
(PATH.join): Deleted.
(PATH.join2): Deleted.
(SYSCALLS.printChar): Deleted.
(SYSCALLS.getStr): Deleted.
(SYSCALLS.get64): Deleted.
(_fd_write): Deleted.
(_setTempRet0): Deleted.
(___wasm_call_ctors.Module.string_appeared_here): Deleted.
(_main.Module.string_appeared_here): Deleted.
(_malloc.Module.string_appeared_here): Deleted.
(___errno_location.Module.string_appeared_here): Deleted.
(_free.Module.string_appeared_here): Deleted.
(stackSave.Module.string_appeared_here): Deleted.
(stackAlloc.Module.string_appeared_here): Deleted.
(stackRestore.Module.string_appeared_here): Deleted.
(__growWasmMemory.Module.string_appeared_here): Deleted.
(dynCall_ii.Module.string_appeared_here): Deleted.
(dynCall_iiii.Module.string_appeared_here): Deleted.
(dynCall_jiji.Module.string_appeared_here): Deleted.
(ExitStatus): Deleted.
(dependenciesFulfilled): Deleted.
(callMain): Deleted.
(run.doRun): Deleted.
(run): Deleted.
(exit): Deleted.
2021-06-25 23:04:50 +00:00
2021-06-25 Guillaume Emont <guijemont@igalia.com>
Unskip stress/call-apply-exponential-bytecode-size.js on most platforms
https://bugs.webkit.org/show_bug.cgi?id=227354
Reviewed by Yusuke Suzuki.
Instead of skipping, we increase the JIT memory size for this test on
platforms that have less than 64 MB by default.
* stress/call-apply-exponential-bytecode-size.js:
2021-06-25 12:37:49 +00:00
2021-06-25 Mikhail R. Gadelha <mikhail@igalia.com>
Unskip structure-storedPrototype-should-only-assert-on-the-mutator-thread.js on arm and mips
https://bugs.webkit.org/show_bug.cgi?id=227222
Tested with 50 iterations in both arm and mips.
Unreviewed Gardening.
* stress/structure-storedPrototype-should-only-assert-on-the-mutator-thread.js:
2021-06-25 12:28:33 +00:00
2021-06-25 Paulo Matos <pmatos@igalia.com>
Unskip materialized-regexp-has-correct-last-index-set-by-match on arm and mips
https://bugs.webkit.org/show_bug.cgi?id=227213
Unreviewed Gardening.
* stress/materialized-regexp-has-correct-last-index-set-by-match.js:
2021-06-25 09:55:57 +00:00
2021-06-25 Mikhail R. Gadelha <mikhail@igalia.com>
Unskip materialize-regexp-cyclic-regexp.js on ARM and MIPS
https://bugs.webkit.org/show_bug.cgi?id=227223
Tested with 50 iterations in both arm and mips.
Unreviewed Gardening.
* stress/materialize-regexp-cyclic-regexp.js:
2021-06-25 02:23:28 +00:00
2021-06-24 Asumu Takikawa <asumu@igalia.com>
[WASM-Function-References] Add support for (ref null? $t) type constructor
https://bugs.webkit.org/show_bug.cgi?id=226296
Adds additional tests for uses of `(ref $t)` and `(ref null $t)`
types, including with non-null extern/funcrefs.
Reviewed by Yusuke Suzuki.
* wasm/function-references/ref_types.js: Added.
(module):
(async testRefTypeLocal):
(async testNonNullRefTypeLocal):
(async testRefTypeInSignature):
(async testRefTypeParamCheck):
(async testRefGlobalCheck):
(async testExternFuncrefNonNullCheck):
(async testExternrefCompatibility):
(async testNonNullExternrefIncompatible):
(async testFuncrefCompatibility):
(async testNonNullFuncrefIncompatible):
* wasm/wasm.json:
2021-06-24 19:33:31 +00:00
2021-06-24 Guillaume Emont <guijemont@igalia.com>
Improve our checking of NaN values in DataView tests
https://bugs.webkit.org/show_bug.cgi?id=227347
Reviewed by Yusuke Suzuki.
This allows the merging of dataview-jit-set-nan.js and
dataview-jit-set.js.
* stress/dataview-jit-set-nan.js: Removed.
* stress/dataview-jit-set.js:
(test5):
(test6):
2021-06-24 11:43:54 +00:00
2021-06-24 Mikhail R. Gadelha <mikhail@igalia.com>
Unskip arguments-properties-order.js on MIPS
https://bugs.webkit.org/show_bug.cgi?id=227254
No failures after 50 iterations. Also tested on Loongson 3A4000 (in 32-bits mode).
Unreviewed Gardening.
* stress/arguments-properties-order.js:
2021-06-24 08:31:48 +00:00
2021-06-24 Xan Lopez <xan@igalia.com>
[JSC] Implement returnEarlyFromInfiniteLoopsForFuzzing for 32bits
https://bugs.webkit.org/show_bug.cgi?id=227290
Reviewed by Mark Lam.
Now that we can return early from infinite (actual or just
extremely long running) loops on 32bits, we can pass these tests.
* stress/construct-return-early-from-infinite-loop-for-fuzzer.js: unskip for 32bits.
* stress/early-return-from-builtin2.js: ditto.
* stress/validate-does-gc-with-return-early-from-infinite-loop-2.js: ditto.
* stress/validate-does-gc-with-return-early-from-infinite-loop.js: ditto.
2021-06-23 18:49:44 +00:00
2021-06-23 Saam Barati <sbarati@apple.com>
Bound stress/put-by-id-flags with a fixed number of iterations
https://bugs.webkit.org/show_bug.cgi?id=227305
Reviewed by Mark Lam.
* stress/put-by-id-flags.js:
(numberOfDFGCompiles): Deleted.
2021-06-23 18:34:02 +00:00
2021-06-23 Saam Barati <sbarati@apple.com>
Run typedarray-intrinsic-getters-change-prototype for a fixed set of iterations
https://bugs.webkit.org/show_bug.cgi?id=227304
Reviewed by Mark Lam.
* stress/typedarray-intrinsic-getters-change-prototype.js:
(body):
2021-06-22 18:48:07 +00:00
2021-06-22 Saam Barati <sbarati@apple.com>
Don't assume stress/out-of-memory-while-constructing-BytecodeGenerator.js will OOM
https://bugs.webkit.org/show_bug.cgi?id=227263
Reviewed by Yusuke Suzuki.
* stress/out-of-memory-while-constructing-BytecodeGenerator.js:
2021-06-22 18:18:30 +00:00
2021-06-22 Saam Barati <sbarati@apple.com>
Run detach-buffer-during-iteration for fewer iterations
https://bugs.webkit.org/show_bug.cgi?id=227262
Reviewed by Yusuke Suzuki.
* stress/detach-buffer-during-iteration.js:
2021-06-22 18:08:19 +00:00
2021-06-22 Saam Barati <sbarati@apple.com>
Run microbenchmarks/interpreter-wasm under runDefault only
https://bugs.webkit.org/show_bug.cgi?id=227261
Reviewed by Robin Morisset.
* microbenchmarks/interpreter-wasm.js:
2021-06-22 17:48:42 +00:00
2021-06-22 Saam Barati <sbarati@apple.com>
jitCompileAndSetHeuristics shouldn't return true when we fail to compile
https://bugs.webkit.org/show_bug.cgi?id=227155
Reviewed by Tadeu Zagallo.
* microbenchmarks/interpreter-wasm.js:
* microbenchmarks/memcpy-wasm-large.js:
* microbenchmarks/memcpy-wasm-medium.js:
* microbenchmarks/memcpy-wasm-small.js:
* microbenchmarks/memcpy-wasm.js:
* stress/wasm-error-message-cross-threads.js:
2021-06-22 13:01:51 +00:00
2021-06-22 Angelos Oikonomopoulos <angelos@igalia.com>
Unskip stress/elidable-new-object-roflcopter-then-exit.js on MIPS/ARM
https://bugs.webkit.org/show_bug.cgi?id=227251
Unreviewed gardening.
No failures on either platform after 100 iterations.
* stress/elidable-new-object-roflcopter-then-exit.js:
2021-06-22 13:01:27 +00:00
2021-06-22 Angelos Oikonomopoulos <angelos@igalia.com>
Unskip microbenchmarks/redefine-property-data-dictionary.js on MIPS/ARM
https://bugs.webkit.org/show_bug.cgi?id=227252
Unreviewed gardening.
No failures on either platform after 100 iterations.
* microbenchmarks/redefine-property-data-dictionary.js:
2021-06-22 10:58:19 +00:00
2021-06-22 Angelos Oikonomopoulos <angelos@igalia.com>
Unskip stress/array-species-create-should-handle-masquerader.js on mips
https://bugs.webkit.org/show_bug.cgi?id=227249
Unreviewed gardening.
No failure after 60 iterations.
* stress/array-species-create-should-handle-masquerader.js:
2021-06-22 06:41:14 +00:00
2021-06-21 Ross Kirsling <ross.kirsling@sony.com>
[JSC] Add JIT ICs for `#x in obj` feature
https://bugs.webkit.org/show_bug.cgi?id=226146
Reviewed by Saam Barati.
* microbenchmarks/has-private-brand.js: Added.
* microbenchmarks/has-private-name.js: Added.
[JSC] Fix consistency check during stack splitting in Wasm::LLIntGenerator::addLoop
https://bugs.webkit.org/show_bug.cgi?id=226012
Patch by Xan Lopez <xan@igalia.com> on 2021-06-21
Reviewed by Tadeu Zagallo.
JSTests:
* stress/wasm-loop-consistency.js: Added.
(vm.isWasmSupported):
Source/JavaScriptCore:
It is possible for the wasm llint generator to call
checkConsistency() on a stack that is only halfway through being
properly setup. Specifically, when generating a loop block, we use
splitStack() to pop the arguments for the loop into a new stack,
and materializeConstantsAndLocals() to materialize the constants
and aliases in the loop arguments, but the arguments won't be
added back to the stack until the very end of the loop code
generation. Since materializeConstantsAndLocals() will check the
correctness of the expression stack, which isn't yet fully formed,
we'll fail its ASSERT. To workaround this, we create a variant of
materializeConstantsAndLocals() that does not check for
correctness (similar to what we do in push()), and manually check
the correctness of the new split stack in
Wasm::LLIntGenerator::addLoop(), which is the place that knows the
details of this intermediate state.
For more details, see: https://bugs.webkit.org/show_bug.cgi?id=226012#c8
* wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::checkConsistencyOfExpressionStack):
(JSC::Wasm::LLIntGenerator::checkConsistency):
(JSC::Wasm::LLIntGenerator::materializeConstantsAndLocals):
(JSC::Wasm::LLIntGenerator::addLoop):
Canonical link: https://commits.webkit.org/239001@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@279082 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-06-21 21:06:49 +00:00
2021-06-21 Xan Lopez <xan@igalia.com>
[JSC] Fix consistency check during stack splitting in Wasm::LLIntGenerator::addLoop
https://bugs.webkit.org/show_bug.cgi?id=226012
Reviewed by Tadeu Zagallo.
* stress/wasm-loop-consistency.js: Added.
(vm.isWasmSupported):
2021-06-21 19:09:04 +00:00
2021-06-21 Yusuke Suzuki <ysuzuki@apple.com>
Release assert memory in JSC::Wasm::Memory::growShared(JSC::Wasm::PageCount)::<lambda()>
https://bugs.webkit.org/show_bug.cgi?id=227180
Reviewed by Keith Miller.
* stress/shared-wasm-memory-with-zero-byte.js: Added.
2021-06-21 16:04:14 +00:00
2021-06-21 Xan Lopez <xan@igalia.com>
[JSC] Reenable ChakraCore/test/Math/max.js on ARMv7 and MIPS
https://bugs.webkit.org/show_bug.cgi?id=227209
Reviewed by Adrian Perez de Castro.
* ChakraCore.yaml: reenable the test, should be working fine now.
2021-06-20 09:48:03 +00:00
2021-06-20 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Add ValueOf fast path in toPrimitive
https://bugs.webkit.org/show_bug.cgi?id=226948
Reviewed by Ross Kirsling.
* microbenchmarks/valueof-via-toprimitive.js: Added.
2021-06-17 22:12:53 +00:00
2021-06-17 Saam Barati <sbarati@apple.com>
Make microbenchmarks/delete-property-from-prototype-chain not time out on debug builds
https://bugs.webkit.org/show_bug.cgi?id=227148
Reviewed by Mark Lam.
* microbenchmarks/delete-property-from-prototype-chain.js:
2021-06-16 16:09:24 +00:00
2021-06-16 Tadeu Zagallo <tzagallo@apple.com>
AssemblyHelpers should save/restore callee save FPRs
https://bugs.webkit.org/show_bug.cgi?id=227052
<rdar://77080162>
Reviewed by Mark Lam.
* stress/callee-save-fpr.js: Added.
(_f):
(_g):
(_h):
(_i):
(assertEqual):
2021-06-16 04:55:24 +00:00
2021-06-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Optimize JSON.parse with small content by dropping single character Identifier pool
https://bugs.webkit.org/show_bug.cgi?id=227057
Reviewed by Sam Weinig.
* microbenchmarks/flight-todomvc-json.js: Added.
(test):
[JSC] Workaround ICU uloc_addLikelySubtags / uloc_minimizeSubtags bugs
https://bugs.webkit.org/show_bug.cgi?id=226996
rdar://79250513
Reviewed by Ross Kirsling.
JSTests:
* stress/intl-long-locale-id-maximize-minimize.js: Added.
(shouldBe):
(throw.new.Error):
Source/JavaScriptCore:
ICU has bugs that uloc_addLikelySubtags / uloc_minimizeSubtags cannot handle very long locale ID that exceeds ULOC_FULLNAME_CAPACITY,
while these functions can take arbitrary sized buffer for output. This can be achieved simply by (1) attaching many unicode extensions,
or (2) having many variants.
In this patch, we add a workaround: if uloc_addLikelySubtags / uloc_minimizeSubtags failed, we perform them without having locale ID
keywords part. After performing the operations, we append these keywords back.
This is workaround, and still this workaround is not complete since we could have many variants. In that case, uloc_addLikelySubtags / uloc_minimizeSubtags
still fails, and in that case, for now, we give up performing uloc_addLikelySubtags / uloc_minimizeSubtags. Fixing this needs to be
done in ICU side: https://unicode-org.atlassian.net/browse/ICU-21639
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::keywordValue const):
(JSC::IntlLocale::maximal):
(JSC::IntlLocale::minimal):
(JSC::IntlLocale::baseName):
Canonical link: https://commits.webkit.org/238803@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@278859 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-06-15 04:45:09 +00:00
2021-06-14 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Workaround ICU uloc_addLikelySubtags / uloc_minimizeSubtags bugs
https://bugs.webkit.org/show_bug.cgi?id=226996
rdar://79250513
Reviewed by Ross Kirsling.
* stress/intl-long-locale-id-maximize-minimize.js: Added.
(shouldBe):
(throw.new.Error):
2021-06-13 18:29:46 +00:00
2021-06-13 Saam Barati <sbarati@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=226576
<rdar://problem/78810362>
Reviewed by Yusuke Suzuki.
* stress/short-circuit-read-modify-write-cant-write-dst-before-tdz-check.js: Added.
(let.result.eval.try.captureV):
(catch):
2021-06-08 03:22:27 +00:00
2021-06-06 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use ResolvedClosureVar to get brand from scope
https://bugs.webkit.org/show_bug.cgi?id=226677
rdar://78802869
Reviewed by Saam Barati.
* stress/private-access-nested-eval.js: Added.
(shouldThrow):
(shouldThrow.prototype.x):
(shouldThrow.prototype.m.C.prototype.z):
(shouldThrow.prototype.m.C.prototype.a):
(shouldThrow.prototype.m.C):
(shouldThrow.prototype.m):
* stress/private-access-nested.js: Added.
(shouldThrow):
(shouldThrow.prototype.x):
(shouldThrow.prototype.m.C.prototype.z):
(shouldThrow.prototype.m.C.prototype.a):
(shouldThrow.prototype.m.C):
(shouldThrow.prototype.m):
2021-06-08 01:53:46 +00:00
2021-06-07 Alexey Shvayka <shvaikalesh@gmail.com>
Unreviewed, reland r276592 with a fix for put() override in prototype chain of a JSProxy
https://bugs.webkit.org/show_bug.cgi?id=226185
* microbenchmarks/put-slow-no-cache-array.js: Added.
* microbenchmarks/put-slow-no-cache-function.js: Added.
* microbenchmarks/put-slow-no-cache-js-proxy.js: Added.
* microbenchmarks/put-slow-no-cache-long-prototype-chain.js: Added.
* microbenchmarks/put-slow-no-cache.js: Added.
* microbenchmarks/reflect-set-with-receiver.js: Added.
* stress/custom-get-set-proto-chain-put.js:
* stress/module-namespace-access-set-fails.js: Added.
* stress/put-non-reified-static-accessor-or-custom.js: Added.
* stress/put-non-reified-static-function-or-custom.js: Added.
* stress/put-to-primitive-non-reified-static-custom.js: Added.
* stress/put-to-primitive.js: Added.
* stress/put-to-proto-chain-overrides-put.js:
Rework to always test new objects, add JSProxy coverage, and assert that receiver has own property.
* stress/typed-array-canonical-numeric-index-string-set.js: Added.
2021-06-07 23:26:53 +00:00
2021-06-07 Saam Barati <sbarati@apple.com>
Short circuit read modify write nodes emit byte code that uses the wrong locals
https://bugs.webkit.org/show_bug.cgi?id=226576
<rdar://problem/78810362>
Reviewed by Yusuke Suzuki.
* stress/short-circuit-read-modify-should-use-the-write-virtual-registers.js: Added.
(eval):
Optimize compareStrictEq when neither side is a double and at least one is neither a string nor a BigInt
https://bugs.webkit.org/show_bug.cgi?id=226676
Reviewed by Filip Pizlo.
JSTests:
I made two variants of the already existing poly-stricteq microbenchmarks with different types in the array.
I also tweaked all three so that we more reliably reach the FTL.
Finally I added a stress-test to verify that I did not introduce an OSR exit bug.
* microbenchmarks/poly-stricteq-not-double-nor-string.js: Added.
(foo):
(test):
* microbenchmarks/poly-stricteq-not-double.js: Added.
(foo):
(test):
* microbenchmarks/poly-stricteq.js:
(foo):
(test):
* stress/poly-stricteq-not-double-nor-string-fail.js: Added.
(foo):
(test):
Source/JavaScriptCore:
There is exactly one case where x === y must return false despite x and y being JSValues with the same bits:
NaN === NaN
There are a few cases where x === y must return true despite x and y being JSValues with potentially different bits:
Double === Int32
String === String
HeapBigInt === HeapBigInt
HeapBigInt === BigInt32 (if they are enabled)
If we don't have a double on either side, at least one side has neither a String nor a HeapBigInt, and BigInt32 are disabled, we can clearly ignore all of these pathological cases.
This optimization was decided based on looking at DFG graphs of Speedometer2; here is a sample of the compareStrictEq(Untyped, Untyped), courtesy of Phil:
Final|Array|String|Bool, Final|Array|String|Bool
Array|String|Bool, String|Bool (twice)
Array|String|Bool, String|Int32 (once in DFG, once in FTL)
! Array|String|Bool, Array|Bool
! Final|Other, Final|Other
! Int32|Other, Int32
Final|StringIdent, Final|StringIdent (3 times)
Final|StringIdent|BoolInt32, StringIdent|BoolInt32 (twice)
String|Bool, String|Bool (4 times)
DoublePureNaN, String|Bool
! Other, Function|Other
! Final|Other, Final|Function|Other (twice)
Final|String|Bool|Other, Final|String|Bool|Other (3 times, two in the FTL)
Final|String|Int32, String|Int32 (four times)
String|Int32|Bool, Function|String|Int32|Bool (twice)
String|DoublePureNaN, String|Bool (twice)
! Final|Bool|Other, Final|Function|Other (four times, twice in FTL)
I marked with a ! those for which this optimization should apply.
The only slightly interesting part of this patch is DFG::SpeculativeJIT::speculateNeitherDoubleNorHeapBigIntNorString where I took care to skip every test whose result we can predict from the abstract interpreter.
Results on microbenchmarks:
poly-stricteq-not-double 45.5793+-0.5304 ? 46.0306+-0.5621 ?
poly-stricteq-not-double-nor-string 45.5829+-0.5750 ^ 16.9089+-0.3070 ^ definitely 2.6958x faster
poly-stricteq 49.9719+-0.6450 48.9855+-0.5227 might be 1.0201x faster
I also measured the amount of code that we generate in the DFG on JetStream2.
The results here are disappointing but still measurable. Before:
DFG_fast_CompareStrictEq totalBytes: 468425 count: 10951 avg: 42.774632
DFG_fast_CompareStrictEq totalBytes: 468020 count: 10917 avg: 42.870752
DFG_fast_CompareStrictEq totalBytes: 467424 count: 10888 avg: 42.930198
After:
DFG_fast_CompareStrictEq totalBytes: 463946 count: 10917 avg: 42.497573
DFG_fast_CompareStrictEq totalBytes: 474492 count: 11138 avg: 42.601185
DFG_fast_CompareStrictEq totalBytes: 467138 count: 10970 avg: 42.583227
* bytecode/SpeculatedType.h:
(JSC::isNeitherDoubleNorHeapBigIntNorStringSpeculation):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupCompareStrictEqAndSameValue):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateNeitherDoubleNorHeapBigIntNorString):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::compileNotDoubleNeitherDoubleNorHeapBigIntNorStringStrictEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleNotDoubleNeitherDoubleNorHeapBigIntNorStringStrictEquality):
(JSC::DFG::SpeculativeJIT::speculateNotDouble):
(JSC::DFG::SpeculativeJIT::speculateNeitherDoubleNorHeapBigIntNorString):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::checkMayCrashIfInputIsEmpty):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateNeitherDoubleNorHeapBigIntNorString):
Canonical link: https://commits.webkit.org/238566@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@278568 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-06-07 19:55:30 +00:00
2021-06-07 Robin Morisset <rmorisset@apple.com>
Optimize compareStrictEq when neither side is a double and at least one is neither a string nor a BigInt
https://bugs.webkit.org/show_bug.cgi?id=226676
Reviewed by Filip Pizlo.
I made two variants of the already existing poly-stricteq microbenchmarks with different types in the array.
I also tweaked all three so that we more reliably reach the FTL.
Finally I added a stress-test to verify that I did not introduce an OSR exit bug.
* microbenchmarks/poly-stricteq-not-double-nor-string.js: Added.
(foo):
(test):
* microbenchmarks/poly-stricteq-not-double.js: Added.
(foo):
(test):
* microbenchmarks/poly-stricteq.js:
(foo):
(test):
* stress/poly-stricteq-not-double-nor-string-fail.js: Added.
(foo):
(test):
2021-06-04 23:44:21 +00:00
2021-06-04 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Private static method should define privateClassBrandIdentifier in class-scope
https://bugs.webkit.org/show_bug.cgi?id=226656
rdar://78313139
Reviewed by Keith Miller.
* stress/private-in-error.js: Added.
(shouldThrow):
(x):
(prototype.foo):
* stress/private-static-method-declaration-error.js: Added.
(shouldThrow):
(prototype.get x):
(prototype.foo.D.a):
(prototype.foo.D.prototype.b):
(prototype.foo.D):
(prototype.foo):
2021-06-04 17:46:09 +00:00
2021-06-04 Mark Lam <mark.lam@apple.com>
Placate exception checker validation in objectPrototypeHasOwnProperty.
https://bugs.webkit.org/show_bug.cgi?id=226651
rdar://78861296
Reviewed by Keith Miller.
* stress/placate-exception-checker-in-objectPrototypeHasOwnProperty.js: Added.
2021-06-04 16:32:57 +00:00
2021-06-03 Filip Pizlo <fpizlo@apple.com>
DFG should speculate on CompareStrictEq(@x, @x)
https://bugs.webkit.org/show_bug.cgi?id=226621
Reviewed by Mark Lam.
* microbenchmarks/untyped-stricteq-self.js: Added.
(foo):
* stress/untyped-stricteq-self-fail.js: Added.
(bar):
(foo):
2021-06-04 16:08:45 +00:00
2021-06-04 Keith Miller <keith_miller@apple.com>
Fix tests that fail under executable allocation fuzzing
https://bugs.webkit.org/show_bug.cgi?id=226593
Reviewed by Mark Lam.
* microbenchmarks/memcpy-wasm-large.js:
(typeof.WebAssembly.string_appeared_here.try.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array):
(typeof.WebAssembly.string_appeared_here.catch):
(typeof.WebAssembly.string_appeared_here.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array): Deleted.
* microbenchmarks/memcpy-wasm-medium.js:
(typeof.WebAssembly.string_appeared_here.try.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array):
(typeof.WebAssembly.string_appeared_here.catch):
(typeof.WebAssembly.string_appeared_here.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array): Deleted.
* microbenchmarks/memcpy-wasm-small.js:
(typeof.WebAssembly.string_appeared_here.try.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array):
(typeof.WebAssembly.string_appeared_here.catch):
(typeof.WebAssembly.string_appeared_here.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array): Deleted.
* microbenchmarks/memcpy-wasm.js:
(typeof.WebAssembly.string_appeared_here.try.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array):
(typeof.WebAssembly.string_appeared_here.catch):
(typeof.WebAssembly.string_appeared_here.const.1.new.WebAssembly.Instance.new.WebAssembly.Module.new.Uint8Array): Deleted.
* stress/bit-op-with-object-returning-int32.js:
(numberOfDFGCompiles):
(bitOr): Deleted.
(bitXor): Deleted.
(bitNot): Deleted.
(bitLShift): Deleted.
* stress/bitwise-not-fixup-rules.js:
(numberOfDFGCompiles):
(let.o.valueOf): Deleted.
2021-06-04 15:58:13 +00:00
2021-06-04 Tadeu Zagallo <tzagallo@apple.com>
Optimize Function.prototype.toString
https://bugs.webkit.org/show_bug.cgi?id=226418
<rdar://77861846>
Reviewed by Saam Barati.
* microbenchmarks/function-to-string.js: Added.
(f):
(C):
(C.prototype.method1):
(C.prototype.method2):
(test):
(test2):
2021-06-04 03:10:54 +00:00
2021-06-03 Ross Kirsling <ross.kirsling@sony.com>
[JSC] Implement JIT ICs for InByVal
https://bugs.webkit.org/show_bug.cgi?id=226563
Reviewed by Saam Barati.
* microbenchmarks/in-by-val-int32.js: Added.
* microbenchmarks/in-by-val-string-index.js: Added.
* microbenchmarks/in-by-val-symbol.js: Added.
2021-06-04 00:41:01 +00:00
2021-06-03 Mark Lam <mark.lam@apple.com>
Fix an ASSERT in objectPrototypeHasOwnProperty() to account for TerminationException.
https://bugs.webkit.org/show_bug.cgi?id=226609
rdar://78465046
Reviewed by Robin Morisset.
* stress/termination-exception-in-objectPrototypeHasOwnProperty.js: Added.
2021-06-04 00:19:11 +00:00
2021-06-03 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Make $vm's accessor test functions robust against primitive |this|
https://bugs.webkit.org/show_bug.cgi?id=226591
Reviewed by Saam Barati.
* stress/test-static-accessor-on-primitive.js: Added.
(shouldThrow):
2021-05-28 20:17:41 +00:00
2021-05-28 Robin Morisset <rmorisset@apple.com>
Fix LikelyDenseUnsignedIntegerSet::clear()
https://bugs.webkit.org/show_bug.cgi?id=226388
rdar://78607433
Reviewed by Mark Lam.
* stress/stack-allocation-regression.js: Added.
(foo):
2021-05-28 18:13:43 +00:00
2021-05-28 Saam Barati <sbarati@apple.com>
Don't sink arguments past the context of the inline call frame they were created in
https://bugs.webkit.org/show_bug.cgi?id=226363
<rdar://78392801>
Reviewed by Filip Pizlo.
* stress/dont-sink-arguments-past-inline-call-frame.js: Added.
(foo):
(fooWrap):
(empty):
(bar):
2021-05-23 03:50:06 +00:00
2021-05-22 Ross Kirsling <ross.kirsling@sony.com>
Support Ergonomic Brand Checks proposal (`#x in obj`)
https://bugs.webkit.org/show_bug.cgi?id=221093
Reviewed by Caio Araujo Neponoceno de Lima.
* stress/private-in.js: Added.
* test262/config.yaml: Add feature flag.
2021-05-21 09:31:51 +00:00
2021-05-21 Angelos Oikonomopoulos <angelos@igalia.com>
Unskip type-check-hoisting-phase-hoist-check-structure-on-tdz-this-value on MIPS
https://bugs.webkit.org/show_bug.cgi?id=226011
Unreviewed gardening.
Appears to no longer be flaky.
* stress/type-check-hoisting-phase-hoist-check-structure-on-tdz-this-value.js:
2021-05-21 06:35:06 +00:00
2021-05-20 Saam Barati <sbarati@apple.com>
[ Catalina Release JSC] A large number of JSC test appear to be flaky failing
https://bugs.webkit.org/show_bug.cgi?id=225998
<rdar://problem/78235001>
Reviewed by Yusuke Suzuki.
* stress/dont-link-virtual-calls-on-compiler-thread.js: Added.
2021-05-19 20:49:25 +00:00
2021-05-19 Robin Morisset <rmorisset@apple.com>
Fix typo in AirUseCounts
https://bugs.webkit.org/show_bug.cgi?id=225977
rdar://78210501
Reviewed by Mark Lam.
Add the testcase found by Tuomas.
* stress/register-allocator-stress.js: Added.
(foo):
2021-05-18 18:01:45 +00:00
2021-05-18 Keith Miller <keith_miller@apple.com>
Temporarily revert r276592 as it breaks some native apps
https://bugs.webkit.org/show_bug.cgi?id=225917
Unreviewed, revert.
* microbenchmarks/put-slow-no-cache-array.js: Removed.
* microbenchmarks/put-slow-no-cache-function.js: Removed.
* microbenchmarks/put-slow-no-cache-js-proxy.js: Removed.
* microbenchmarks/put-slow-no-cache-long-prototype-chain.js: Removed.
* microbenchmarks/put-slow-no-cache.js: Removed.
* microbenchmarks/reflect-set-with-receiver.js: Removed.
* stress/custom-get-set-proto-chain-put.js:
(getObjects):
(let.base.of.getBases):
* stress/module-namespace-access-set-fails.js: Removed.
* stress/put-non-reified-static-accessor-or-custom.js: Removed.
* stress/put-non-reified-static-function-or-custom.js: Removed.
* stress/put-to-primitive-non-reified-static-custom.js: Removed.
* stress/put-to-primitive.js: Removed.
* stress/put-to-proto-chain-overrides-put.js: Removed.
* stress/typed-array-canonical-numeric-index-string-set.js: Removed.
2021-05-17 23:20:16 +00:00
2021-05-17 Alexey Shvayka <shvaikalesh@gmail.com>
REGRESSION (r271119): Object methods defined with shorthand notation cannot access "caller" in non-strict mode
https://bugs.webkit.org/show_bug.cgi?id=225277
Reviewed by Darin Adler.
* stress/caller-and-arguments-properties-for-functions-that-dont-have-them.js: Now covers #157461 and #157863.
* stress/function-caller-cross-realm-via-call-apply.js: Added, coverage for #34553.
* stress/function-hidden-as-caller.js: Also adds test case for #102276.
2021-05-16 07:30:39 +00:00
2021-05-16 Saam Barati <sbarati@apple.com>
DFGVarargsForwardingPhase shouldn't consult Flush
https://bugs.webkit.org/show_bug.cgi?id=225824
Reviewed by Filip Pizlo and Yusuke Suzuki.
* microbenchmarks/tail-call-forward-arguments-arguments-elimination.js: Added.
2021-05-15 16:59:57 +00:00
2021-05-15 Alexey Shvayka <shvaikalesh@gmail.com>
Turn callGetter() / callSetter() into instance methods
https://bugs.webkit.org/show_bug.cgi?id=225831
Reviewed by Ross Kirsling.
* microbenchmarks/put-slow-no-cache-setter.js: Added.
2021-05-08 01:26:31 +00:00
2021-05-07 Ross Kirsling <ross.kirsling@sony.com>
[JSC] Error#cause must recognize explicit undefined
https://bugs.webkit.org/show_bug.cgi?id=225535
Reviewed by Alexey Shvayka.
* test262/config.yaml:
Re-enable tests for this feature; they were all failing due to this quirk.
2021-05-07 21:14:29 +00:00
2021-05-07 Ross Kirsling <ross.kirsling@sony.com>
Update test262 (2021.05.07)
https://bugs.webkit.org/show_bug.cgi?id=225536
Reviewed by Alexey Shvayka.
* test262/config.yaml:
* test262/expectations.yaml:
* test262/latest-changes-summary.txt:
* test262/test/:
* test262/test262-Revision.txt:
2021-05-06 16:22:45 +00:00
2021-05-06 Mark Lam <mark.lam@apple.com>
Forbid further execution in jsc shell if execution is terminated.
https://bugs.webkit.org/show_bug.cgi?id=225410
rdar://77548608
Reviewed by Michael Saboff.
* stress/jsc-shell-forbid-execution-after-termination.js: Added.
2021-05-05 19:37:52 +00:00
2021-05-05 Saam Barati <sbarati@apple.com>
Update tests to use collectExtraSamplingProfilerData instead of collectSamplingProfilerDataForJSCShell
https://bugs.webkit.org/show_bug.cgi?id=225398
Reviewed by Mark Lam.
I forgot to update the tests to use the new option name.
* stress/sampling-profiler-code-origin.js:
* stress/sampling-profiler-richards.js:
2021-05-04 02:37:17 +00:00
2021-05-03 Mark Lam <mark.lam@apple.com>
Fix syntax error message for AUTOPLUSPLUS token.
https://bugs.webkit.org/show_bug.cgi?id=225308
rdar://76830934
Reviewed by Saam Barati.
* stress/prefix-plusplus-syntax-error-should-say-plusplus.js: Added.
2021-05-03 11:00:43 +00:00
2021-05-03 Dmitry Bezhetskov <dbezhetskov@igalia.com>
[WASM-Function-References] Add call_ref instruction
https://bugs.webkit.org/show_bug.cgi?id=222903
Reviewed by Yusuke Suzuki.
Add basic tests for new call_ref instruction:
https://github.com/WebAssembly/function-references/blob/master/proposals/function-references/Overview.md.
Add tests for calling same-instance wasm function, foreign-instance
wasm function and for calling imported js function.
* wasm.yaml:
* wasm/function-references/call_ref.js: Added.
(module):
(async basics):
(async indirectCall):
(async importHostCall):
* wasm/wasm.json:
Fix exception assertions in light of the TerminationException.
https://bugs.webkit.org/show_bug.cgi?id=225128
rdar://76694909
Reviewed by Robin Morisset.
JSTests:
* stress/suppress-TerminationException-in-JSFunction-prototypeForConstruction.js: Added.
Source/JavaScriptCore:
Some pre-existing functions assertNoException() or releaseAssertNoException().
These assertion may not be valid anymore in light of the TerminationException, and
require some fix up:
1. If it makes sense to convert the assertion into an exception check, then do so.
For example, see objectPrototypeToString(), slow_path_create_this().
2. If the assertion is at the end of a function just before it returns, or if the
remaining code in the function will not be affected by the pending exception,
then we can replace the assertion as follows:
assertNoException() => assertNoExceptionExceptTermination()
releaseAssertNoException() => releaseAssertNoExceptionExceptTermination()
For example, see objectPrototypeHasOwnProperty(), JSObject::getOwnNonIndexPropertyNames().
3. If the assertion is in a function where perf is not absolutely critical, and the
function isn't calling any other functions that will re-enter the VM or potentially
get stuck in an infinite loop, then we can use a DeferTermination scope to defer
termination.
For example, see Debugger::pauseIfNeeded(), SamplingProfiler::StackFrame::nameFromCallee().
4. If the assertion is in an initializer function is only run once and adding
exception checks would complicate the code more than it's worth (an engineering
judgement), then use a DeferTermination scope.
For example, see ProgramExecutable::initializeGlobalProperties(), setupAdaptiveWatchpoint().
Some leaf (or near-leaf) functions that currently DECLARE_CATCH_SCOPE() may also
fall under this category.
For example, see JSFunction::prototypeForConstruction().
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addBigIntConstant):
* debugger/Debugger.cpp:
(JSC::Debugger::pauseIfNeeded):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* interpreter/Interpreter.cpp:
(JSC::notifyDebuggerOfUnwinding):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::debug):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::functionsOnStack):
* jsc.cpp:
(runWithOptions):
* parser/ParserArena.cpp:
(JSC::IdentifierArena::makeBigIntDecimalIdentifier):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::finishCreation):
* runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::sanitizedMessageString):
(JSC::ErrorInstance::sanitizedNameString):
* runtime/ExceptionScope.h:
(JSC::ExceptionScope::assertNoExceptionExceptTermination):
(JSC::ExceptionScope::releaseAssertNoExceptionExceptTermination):
* runtime/JSFunction.cpp:
(JSC::JSFunction::prototypeForConstruction):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncIncludes):
(JSC::genericTypedArrayViewProtoFuncIndexOf):
(JSC::genericTypedArrayViewProtoFuncLastIndexOf):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
* runtime/JSGlobalObject.cpp:
(JSC::setupAdaptiveWatchpoint):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::defineOwnProperty):
(JSC::JSGlobalObject::tryInstallSpeciesWatchpoint):
* runtime/JSModuleLoader.cpp:
(JSC::printableModuleKey):
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::finishCreation):
* runtime/JSObject.cpp:
(JSC::JSObject::ordinaryToPrimitive const):
(JSC::JSObject::getOwnNonIndexPropertyNames):
* runtime/JSTemplateObjectDescriptor.cpp:
(JSC::JSTemplateObjectDescriptor::createTemplateObject):
* runtime/JSTypedArrayViewPrototype.cpp:
* runtime/ObjectPrototype.cpp:
(JSC::objectPrototypeHasOwnProperty):
(JSC::objectPrototypeToString):
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::initializeGlobalProperties):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::StackFrame::nameFromCallee):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
Source/WebCore:
A few changes plus rebasing bindings test results.
* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::installReplacement):
* bindings/js/JSDOMExceptionHandling.cpp:
(WebCore::propagateExceptionSlowPath):
(WebCore::throwNotSupportedError):
(WebCore::throwInvalidStateError):
(WebCore::throwSecurityError):
(WebCore::throwDOMSyntaxError):
(WebCore::throwDataCloneError):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSC_DEFINE_HOST_FUNCTION):
* bindings/js/JSDOMGlobalObjectTask.cpp:
* bindings/js/JSDOMMapLike.cpp:
(WebCore::getBackingMap):
* bindings/js/JSDOMSetLike.cpp:
(WebCore::getBackingSet):
* bindings/js/JSMicrotaskCallback.h:
(WebCore::JSMicrotaskCallback::call):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readTerminal):
* bindings/js/WritableStream.cpp:
(WebCore::WritableStreamInternal::callFunction):
(WebCore::WritableStream::lock):
* bindings/scripts/CodeGeneratorJS.pm:
(GeneratePut):
(GeneratePutByIndex):
(GenerateDefineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
(WebCore::JSTestNamedAndIndexedSetterNoIdentifier::put):
(WebCore::JSTestNamedAndIndexedSetterNoIdentifier::putByIndex):
(WebCore::JSTestNamedAndIndexedSetterNoIdentifier::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
(WebCore::JSTestNamedAndIndexedSetterThrowingException::put):
(WebCore::JSTestNamedAndIndexedSetterThrowingException::putByIndex):
(WebCore::JSTestNamedAndIndexedSetterThrowingException::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
(WebCore::JSTestNamedAndIndexedSetterWithIdentifier::put):
(WebCore::JSTestNamedAndIndexedSetterWithIdentifier::putByIndex):
(WebCore::JSTestNamedAndIndexedSetterWithIdentifier::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
(WebCore::JSTestNamedSetterNoIdentifier::put):
(WebCore::JSTestNamedSetterNoIdentifier::putByIndex):
(WebCore::JSTestNamedSetterNoIdentifier::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
(WebCore::JSTestNamedSetterThrowingException::put):
(WebCore::JSTestNamedSetterThrowingException::putByIndex):
(WebCore::JSTestNamedSetterThrowingException::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
(WebCore::JSTestNamedSetterWithIdentifier::put):
(WebCore::JSTestNamedSetterWithIdentifier::putByIndex):
(WebCore::JSTestNamedSetterWithIdentifier::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
(WebCore::JSTestNamedSetterWithIndexedGetter::put):
(WebCore::JSTestNamedSetterWithIndexedGetter::putByIndex):
(WebCore::JSTestNamedSetterWithIndexedGetter::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
(WebCore::JSTestNamedSetterWithIndexedGetterAndSetter::put):
(WebCore::JSTestNamedSetterWithIndexedGetterAndSetter::putByIndex):
(WebCore::JSTestNamedSetterWithIndexedGetterAndSetter::defineOwnProperty):
* bindings/scripts/test/JS/JSTestNamedSetterWithLegacyUnforgeableProperties.cpp:
(WebCore::JSTestNamedSetterWithLegacyUnforgeableProperties::put):
(WebCore::JSTestNamedSetterWithLegacyUnforgeableProperties::putByIndex):
(WebCore::JSTestNamedSetterWithLegacyUnforgeableProperties::defineOwnProperty):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
Canonical link: https://commits.webkit.org/237123@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276719 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-04-28 17:13:40 +00:00
2021-04-28 Mark Lam <mark.lam@apple.com>
Fix exception assertions in light of the TerminationException.
https://bugs.webkit.org/show_bug.cgi?id=225128
rdar://76694909
Reviewed by Robin Morisset.
* stress/suppress-TerminationException-in-JSFunction-prototypeForConstruction.js: Added.
2021-04-27 08:11:41 +00:00
2021-04-27 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Skip tests failing on Loongson 3A4000
https://bugs.webkit.org/show_bug.cgi?id=225091
Reviewed by Yusuke Suzuki.
This new hardware is much faster when it comes to running JSC tests (and
hopefully more reliable than the ci20 boards currently in use), so skip the
couple of tests that fail, so that we can test the Loongson box in production.
* ChakraCore.yaml:
* stress/arguments-properties-order.js:
2021-04-26 21:03:49 +00:00
2021-04-26 Mark Lam <mark.lam@apple.com>
%TypedArray%.prototype.sort() should not use a regular array as a temp buffer.
https://bugs.webkit.org/show_bug.cgi?id=225062
rdar://77021547
Reviewed by Yusuke Suzuki.
* stress/typedarray-sort-should-not-use-a-regular-array-as-temp-buffer.js: Added.
[JSC] OrdinarySet should invoke custom [[Set]] methods
https://bugs.webkit.org/show_bug.cgi?id=217916
Reviewed by Yusuke Suzuki.
JSTests:
* microbenchmarks/put-slow-no-cache-array.js: Added.
* microbenchmarks/put-slow-no-cache-function.js: Added.
* microbenchmarks/put-slow-no-cache-js-proxy.js: Added.
* microbenchmarks/put-slow-no-cache-long-prototype-chain.js: Added.
* microbenchmarks/put-slow-no-cache.js: Added.
* microbenchmarks/reflect-set-with-receiver.js: Added.
* stress/custom-get-set-proto-chain-put.js:
* stress/module-namespace-access-set-fails.js: Added.
* stress/put-non-reified-static-accessor-or-custom.js: Added.
* stress/put-non-reified-static-function-or-custom.js: Added.
* stress/put-to-primitive-non-reified-static-custom.js: Added.
* stress/put-to-primitive.js: Added.
* stress/put-to-proto-chain-overrides-put.js: Added.
* stress/typed-array-canonical-numeric-index-string-set.js: Added.
LayoutTests/imported/w3c:
* web-platform-tests/WebIDL/ecmascript-binding/interface-object-set-receiver-expected.txt: Added.
* web-platform-tests/WebIDL/ecmascript-binding/interface-object-set-receiver.html: Added.
* web-platform-tests/WebIDL/ecmascript-binding/interface-prototype-constructor-set-receiver-expected.txt:
* web-platform-tests/WebIDL/ecmascript-binding/interface-prototype-constructor-set-receiver.html:
Source/JavaScriptCore:
This patch fixes putInlineSlow() to handle special properties (like JSFunction's "name"
and JSArray's "length") in prototype chain. When such property is encountered, prototype
chain traversal is stopped; if it's read-only, a TypeError is thrown in strict mode.
This change adds OverridesPut out of line type info flag, and utilizes it in putInlineSlow()
to invoke overriden methods. While this approach requires put() methods to be aware of
altered receivers, it renders several benefits:
1. put() method can be used for both "real" [[Set]] overrides and special properties,
with its return value remaining `bool`;
2. it is simpler, faster, and more predictable than calling [[GetOwnProperty]] in
putInlineSlow() or adding defineOwnPropertyViaPut() to the method table.
Removes ordinarySetSlow() for non-index properties, which didn't invoke some [[Set]]
methods as well. Instead, definePropertyOnReceiver() is introduced for altered receivers,
which performs correctly when reached because:
1. all special properties were already handled (unless it's Reflect.set);
2. performing putDirectInternal() is unobservable (unless ProxyObject was seen);
3. putDirectInternal() now fully implements property definition of OrdinarySet [1];
4. put() override is required if a spec defines custom [[DefineOwnProperty]].
Since indexed puts handle overrides / altered receivers quite differently, they will
be fixed in a follow-up, completely removing ordinarySetSlow().
Also, by merging putEntry() / putToPrimitive() into putInlineSlow() and introducing
putInlineFastReplacingStaticPropertyIfNeeded() helper, this patch fixes a few bugs:
1. Direct [[Set]] to non-reified static property now preserves its attributes when replacing [[Value]].
2. Prototype chain [[Set]] to non-reified static property now throws if receiver is non-extensible.
3. Non-reified static writable property now shadows read-only one that is further in prototype chain.
4. Non-reified static properties in prototype chain of a primitive are now considered.
Fixes a few issues that were previously unobservable:
1. PropertyAttribute::CustomValue is now unset when a setter-less property is reassigned.
2. uint64_t putByIndexInline() now calls put() via method table like uint32_t counterpart.
Other notable refactors:
1. Inlines callCustomSetter(), dropping weird TriState return value.
2. Simplifies initialization of StringPrototype.
3. Simplifies isThisValueAltered() to pointer comparisons at non-JSProxy call sites.
4. Removes doPutPropertySecurityCheck() methods as the same checks are performed by put() methods.
5. Removes prototypeChainMayInterceptStoreTo(), which pretty much duplicated canPerformFastPutInline().
6. Removes dummy JSArrayBufferView::put() method.
7. Removes now unused lookupPut().
Aligns JSC with V8 and SpiderMonkey.
This patch carefully preserves the current behavior of Reflect.set with CustomValue
and prototype chain [[Set]] to a JSCallbackObject / legacy platform object.
This change is performance-neutral on /put/ microbenchmarks as it doesn't affect
caching, only the slow path. Reflect.set with JSFinalObject receiver is 130% faster.
putInlineSlow() microbenchmarks progress by 4-18%.
[1]: https://tc39.es/ecma262/#sec-ordinarysetwithowndescriptor (step 3)
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::put):
* API/tests/testapiScripts/testapi.js:
* debugger/DebuggerScope.h:
* runtime/ClassInfo.h:
* runtime/ClonedArguments.h:
* runtime/CustomGetterSetter.cpp:
(JSC::callCustomSetter): Deleted.
* runtime/CustomGetterSetter.h:
* runtime/ErrorConstructor.h:
* runtime/ErrorInstance.h:
* runtime/GenericArguments.h:
* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::put):
* runtime/GetterSetter.h:
* runtime/JSArray.cpp:
(JSC::JSArray::put):
* runtime/JSArray.h:
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::put): Deleted.
* runtime/JSArrayBufferView.h:
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitive):
* runtime/JSCell.cpp:
(JSC::JSCell::doPutPropertySecurityCheck): Deleted.
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::put):
* runtime/JSFunction.h:
* runtime/JSGenericTypedArrayView.h:
* runtime/JSGlobalLexicalEnvironment.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
* runtime/JSGlobalObject.h:
* runtime/JSLexicalEnvironment.h:
* runtime/JSModuleEnvironment.h:
* runtime/JSModuleNamespaceObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertySlot):
(JSC::JSObject::putInlineSlow):
(JSC::definePropertyOnReceiverSlow):
(JSC::JSObject::definePropertyOnReceiver):
(JSC::JSObject::putInlineFastReplacingStaticPropertyIfNeeded):
(JSC::JSObject::doPutPropertySecurityCheck): Deleted.
(JSC::JSObject::prototypeChainMayInterceptStoreTo): Deleted.
* runtime/JSObject.h:
(JSC::JSObject::putByIndexInline):
(JSC::JSObject::hasNonReifiedStaticProperties):
(JSC::JSObject::getOwnPropertySlot):
(JSC::JSObject::putDirect):
(JSC::JSObject::doPutPropertySecurityCheck): Deleted.
* runtime/JSObjectInlines.h:
(JSC::JSObject::canPerformFastPutInlineExcludingProto):
(JSC::JSObject::putInlineForJSObject):
(JSC::JSObject::putInlineFast):
(JSC::JSObject::putDirectInternal):
* runtime/JSProxy.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::hasStaticPropertyTable const):
(JSC::TypeInfo::overridesPut const):
(JSC::TypeInfo::getOwnPropertySlotMayBeWrongAboutDontEnum const):
(JSC::TypeInfo::hasPutPropertySecurityCheck const): Deleted.
* runtime/Lookup.h:
(JSC::putEntry): Deleted.
(JSC::lookupPut): Deleted.
* runtime/PropertySlot.h:
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::put):
* runtime/ProxyObject.h:
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::context const):
(JSC::PutPropertySlot::isTaintedByOpaqueObject const):
(JSC::PutPropertySlot::setIsTaintedByOpaqueObject):
* runtime/ReflectObject.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
* runtime/RegExpObject.h:
* runtime/StringObject.cpp:
(JSC::StringObject::put):
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::StringPrototype::create):
* runtime/StringPrototype.h:
* runtime/Structure.cpp:
(JSC::Structure::validateFlags):
* runtime/Structure.h:
(JSC::Structure::hasNonReifiedStaticProperties const):
* tools/JSDollarVM.cpp:
Source/WebCore:
Fixes:
1. Legacy platform object's [[Set]] now guards against altered receiver [1].
(aligns with Blink).
2. Direct [[Set]] to window.%Interface% constructor now preserves DontEnum attribute [2].
(aligns with Blink and Gecko).
3. Cross-origin non-index put() now throws SecurityError instead of silently failing [3].
(aligns with Blink and Gecko).
Refactors:
1. Simplifies cross-origin JSDOMWindow::put(), aligning it with JSLocation::put().
2. Replaces lookupPut() with direct setter call in JSRemoteDOMWindow::put().
3. Removes now unused doPutPropertySecurityCheck() methods.
Tests: js/dom/script-tests/reflect-set-onto-dom.js
imported/w3c/web-platform-tests/WebIDL/ecmascript-binding/interface-object-set-receiver.html
http/tests/security/cross-frame-access-object-getPrototypeOf-in-put.html
[1] https://heycam.github.io/webidl/#legacy-platform-object-set (step 1)
[2] https://heycam.github.io/webidl/#define-the-global-property-references (step 3.1.3)
[3] https://html.spec.whatwg.org/multipage/browsers.html#crossoriginset-(-o,-p,-v,-receiver-) (step 4)
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::put):
(WebCore::JSDOMWindow::doPutPropertySecurityCheck): Deleted.
* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::doPutPropertySecurityCheck): Deleted.
* bindings/js/JSRemoteDOMWindowCustom.cpp:
(WebCore::JSRemoteDOMWindow::put):
* bindings/scripts/CodeGeneratorJS.pm:
(GeneratePut):
(GenerateHeader):
* bindings/scripts/test/JS/*: Updated.
* bridge/objc/objc_runtime.h:
* bridge/runtime_array.h:
* bridge/runtime_object.h:
Source/WebKit:
* WebProcess/Plugins/Netscape/JSNPObject.h:
LayoutTests:
* http/tests/security/cross-frame-access-object-getPrototypeOf-in-put-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf-in-put.html:
* js/dom/reflect-set-onto-dom-expected.txt:
* js/dom/script-tests/reflect-set-onto-dom.js:
Canonical link: https://commits.webkit.org/237028@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276592 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-04-26 15:21:05 +00:00
2021-04-26 Alexey Shvayka <shvaikalesh@gmail.com>
[JSC] OrdinarySet should invoke custom [[Set]] methods
https://bugs.webkit.org/show_bug.cgi?id=217916
Reviewed by Yusuke Suzuki.
* microbenchmarks/put-slow-no-cache-array.js: Added.
* microbenchmarks/put-slow-no-cache-function.js: Added.
* microbenchmarks/put-slow-no-cache-js-proxy.js: Added.
* microbenchmarks/put-slow-no-cache-long-prototype-chain.js: Added.
* microbenchmarks/put-slow-no-cache.js: Added.
* microbenchmarks/reflect-set-with-receiver.js: Added.
* stress/custom-get-set-proto-chain-put.js:
* stress/module-namespace-access-set-fails.js: Added.
* stress/put-non-reified-static-accessor-or-custom.js: Added.
* stress/put-non-reified-static-function-or-custom.js: Added.
* stress/put-to-primitive-non-reified-static-custom.js: Added.
* stress/put-to-primitive.js: Added.
* stress/put-to-proto-chain-overrides-put.js: Added.
* stress/typed-array-canonical-numeric-index-string-set.js: Added.
2021-04-22 18:41:56 +00:00
2021-04-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Baseline should have fast path for switch_imm
https://bugs.webkit.org/show_bug.cgi?id=224521
Reviewed by Tadeu Zagallo.
* stress/switch-imm-baseline.js: Added.
(shouldBe):
(test):
2021-04-22 08:27:42 +00:00
2021-04-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] DFG / FTL should inline switch_string
https://bugs.webkit.org/show_bug.cgi?id=224578
Reviewed by Mark Lam.
* microbenchmarks/switch-inlining.js: Added.
(inner):
(outer):
* stress/switch-inlining-nested.js: Added.
(shouldBe):
(inner):
(outer):
2021-04-21 15:46:47 +00:00
2021-04-21 Caio Lima <ticaiolima@gmail.com>
[JSC] Unskip some tests for ARMv7 and MIPS
https://bugs.webkit.org/show_bug.cgi?id=224813
Unreviewed test gardening.
* stress/has-own-property-name-cache-symbols-and-strings.js:
* stress/incremental-marking-should-not-dead-lock-in-new-property-transition.js:
2021-04-21 06:58:19 +00:00
2021-04-20 Paulo Matos <pmatos@igalia.com>
Unskip couple of tests for armv7l and mips
https://bugs.webkit.org/show_bug.cgi?id=224607
Unreviewed gardening.
* stress/check-stack-overflow-before-value-profiling-arguments.js:
(fullGC):
* stress/intl-suppored-locales-of.js:
2021-04-20 10:25:08 +00:00
2021-04-20 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Limit memory allocation size of JSTests/stress/early-return-from-builtin.js
https://bugs.webkit.org/show_bug.cgi?id=224803
<rdar://problem/75597901>
Reviewed by Ryosuke Niwa.
Add limit to JSTests/stress/early-return-from-builtin.js to avoid infinite allocation.
* stress/early-return-from-builtin.js:
(let.iter.Symbol.iterator):
2021-04-20 05:15:43 +00:00
2021-04-19 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Rebaseline test results for new ICU
https://bugs.webkit.org/show_bug.cgi?id=224792
Reviewed by Mark Lam.
This patch updates some intl- tests' expectation since it is changed because of ICU CLDR data change.
* stress/intl-datetimeformat-formatrange-relevant-extensions-ja.js:
(shouldBeOneOfThem):
(vm.icuVersion):
* stress/intl-datetimeformat-formatrange-relevant-extensions.js:
(shouldBeOneOfThem):
* stress/intl-datetimeformat-formatrange-should-not-handle-gregorian-change-date.js:
(shouldBe):
(vm.icuHeaderVersion):
* stress/intl-datetimeformat-formatrangetoparts-relevant-extensions-ja.js:
(normalize):
(shouldBe):
(compareParts):
(shouldBeOneOfParts):
(shouldBeParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt5.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.vm.icuVersion):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt7.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt9.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt11.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt13.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeParts.fmt13.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt14.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt15.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.shouldBeOneOfParts.fmt16.formatRangeToParts):
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt1.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt2.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt3.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt4.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt5.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt6.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt7.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt8.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt9.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt10.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt11.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt12.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt13.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt14.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt15.formatRangeToParts): Deleted.
(Intl.DateTimeFormat.prototype.formatRangeToParts.compareParts.fmt16.formatRangeToParts): Deleted.
* stress/intl-datetimeformat-formatrangetoparts-relevant-extensions.js:
(normalize):
(shouldBe):
(compareParts):
(shouldBeOneOfParts):
(shouldBeParts):
* stress/intl-datetimeformat-formatrangetoparts-should-not-handle-gregorian-change-date.js:
(shouldBe):
* stress/intl-datetimeformat.js:
(shouldBeOneOfThem):
2021-04-16 18:47:56 +00:00
2021-04-16 Guillaume Emont <guijemont@igalia.com>
[JSC] Unskip stress/intl-parse-unicode-subtags.js on arm
https://bugs.webkit.org/show_bug.cgi?id=224679
Unreviewed test gardening.
* stress/intl-parse-unicode-subtags.js: Unskipped, as it passes fine
now.
2021-04-16 10:13:22 +00:00
2021-04-16 Xan Lopez <xan@igalia.com>
[JSC][ARMv7] Unskip stress/put-direct-index-broken-2.js
https://bugs.webkit.org/show_bug.cgi?id=224661
Unreviewed test gardening.
* stress/put-direct-index-broken-2.js: unskip on ARMv7, could not
reproduce locally the crash we saw earlier.
2021-04-16 02:06:31 +00:00
2021-04-15 Mark Lam <mark.lam@apple.com>
HashMapImpl::rehash() should use a version of jsMapHash that cannot throw.
https://bugs.webkit.org/show_bug.cgi?id=224610
rdar://76698910
Reviewed by Yusuke Suzuki.
* stress/suppress-TerminationException-in-HashMapImpl-rehash.js: Added.
2021-04-15 05:53:38 +00:00
2021-04-14 Mark Lam <mark.lam@apple.com>
Add missing exception check in operationGetPrivateNameOptimize().
https://bugs.webkit.org/show_bug.cgi?id=224592
rdar://76645873
Reviewed by Yusuke Suzuki.
* stress/suppress-TerminationException-in-operationGetPrivateNameOptimize.js: Added.
2021-04-14 21:50:30 +00:00
2021-04-14 Mark Lam <mark.lam@apple.com>
Defer TerminationExceptions when evaluating ASSERT in HashMapIml::addNormalized().
https://bugs.webkit.org/show_bug.cgi?id=224565
rdar://76645980
Reviewed by Yusuke Suzuki.
* stress/suppress-TerrminationException-in-ASSERT-in-HashMapImpl-addNormalized.js: Added.
2021-04-14 20:32:19 +00:00
2021-04-14 Guillaume Emont <guijemont@igalia.com>
[JSC] Unskip stress/intl-segmenter.js
https://bugs.webkit.org/show_bug.cgi?id=224553
Unreviewed test gardening.
It shouldn't fail any more on our bots now that our handling of libicu
is more robust.
* stress/intl-segmenter.js:
2021-04-14 09:45:49 +00:00
2021-04-14 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Unskip typedarray-functions-with-neutered.js on MIPS
https://bugs.webkit.org/show_bug.cgi?id=224428
Unreviewed test gardening.
This appears to no longer fail.
* stress/typedarray-functions-with-neutered.js:
2021-04-13 13:21:21 +00:00
2021-04-13 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Unskip stress/intl-displaynames.js on ARM
https://bugs.webkit.org/show_bug.cgi?id=224427
Unreviewed test gardening.
* stress/intl-displaynames.js:
Enable VMTraps checks in RETURN_IF_EXCEPTION.
https://bugs.webkit.org/show_bug.cgi?id=224078
rdar://75037057
Reviewed by Keith Miller.
JSTests:
* stress/watchdog-fire-while-in-forEachInIterable.js: Added.
Source/JavaScriptCore:
In pre-existing code, termination of a VM's execution can already be requested
asynchronously (with respect to the mutator thread). For example, sources of such
a request can be a watchdog timer firing, or a request to stop execution issued
from a main web thread to a worker thread.
This request is made by firing the VMTraps::NeedTermination event on VMTraps.
Firing the event here only means setting a flag to indicate the presence of the
request. We still have to wait till the mutator thread reaches one of the
pre-designated polling check points to call VMTraps::handleTraps() in order to
service the request. As a result of this need to wait for a polling check point,
if the mutator is executing in a long running C++ loop, then a termination request
may not be serviced for a long time.
However, we observed that a lot of our C++ loops already have RETURN_IF_EXCEPTION
checks. Hence, if we can check VMTraps::needHandling() there, we can service the
VMTraps events more frequently even in a lot of C++ loops, and get a better response.
Full details of what this patch changes:
1. Shorten some type and methods names in the VMTraps class to make code easier to
read e.g. EventType => Event, needTrapHandling => needHandling.
2. Remove the VMTraps::Mask class. Mask was introduced so that we can express a
concatenation of multiple VMTraps events to form a bit mask in a simple way.
In the end, it isn't flexible enough but makes the code more complicated than
necessary. It is now replaced by the simpler solution of using macros to define
the Events as bit fields. Having Events as bit fields intrinsically make them
easy to concatenate (bitwise or) or filter (bitwise and).
Also removed the unused VMTraps::Error class.
3. Make VMTraps::BitField a uint32_t. There was always unused padding in VMTraps
to allow for this. So, we'll just extend it to a full 32-bit to make it easier
to add more events in the future for other uses.
4. Add NeedExceptionHandling as a VMTrap::Event.
5. Make VMTraps::m_trapBits Atomic. This makes it easier to set and clear the
NeedExceptionHandling bit from the mutator without a lock.
6. RETURN_IF_EXCEPTION now checks VMTraps::m_trapBits (via VMTraps::needHandling())
instead of checking VM::m_exception. If the VMTraps::m_trapBits is non-null,
the macro will call VM:hasExceptionsAfterHandlingTraps() to service VMTraps
events as appropriate before returning whether an exception is being thrown.
The result of VM:hasExceptionsAfterHandlingTraps() will determine if
RETURN_IF_EXCEPTION returns or not.
VM:hasExceptionsAfterHandlingTraps() is intentionally designed to take a minimum
of arguments (just the VM as this pointer). This is because RETURN_IF_EXCEPTION
is called from many places, and we would like to minimize code size bloating
from this change.
7. Simplify paramaters of VMTraps::handleTraps().
NeedDebuggerBreak's callFrame argument was always vm.topCallFrame anyway.
So, the patch makes it explicit, and removes the callFrame parameter.
NeedWatchdogCheck's globalObject argument should have always been
vm.entryScope->globalObject(), and we can remove the globalObject parameter.
Before this, we pass in whichever globalObject was convenient to grab hold of.
However, the idea of the watchdog is to time out the current script executing
on the stack. Hence, it makes sense to identify thay script by the globalObject
in use at VM entry.
So far, the only clients that uses the watchdog mechanism only operates in
scenarios with only one globalObject anyway. So this formalization to use
VMEntryScope's globalObject does not change the expected behavior.
8. Make the execution of termination more robust. Before reading this, please
read the description of the Events in VMTraps.h first, especially the section
on NeedTermination.
Here's the life cycle of a termination:
a. a client requests termination of the current execution stack by calling
VM::notifyNeedTermination(). notifyNeedTermination() does 2 things:
i. fire the NeedTermination event on VMTraps.
ii. set the VM::m_terminationInProgress flag.
b. Firing the NeedTermination event on VMTraps means setting the NeedTermination
bit on VMTraps::m_trapBits. This bit will be polled by the mutator thread
later at various designated points (including RETURN_IF_EXCEPTION, which we
added in this patch).
Once the mutator sees the NeedTermination bit is set, it will clear the bit
and throw the TerminationException (see VMTraps::handleTraps()). This is
unless the mutator thread is currently in a DeferTermination scope (see (8)
below). If in a DeferTermination scope, then it will not throw the
TerminationException.
Since the NeedTermination bit is cleared, the VM will no longer call
VMTraps::handleTraps() to service the event. If the mutator thread is in
a DeferTermination scope, then on exiting the scope (at scope destruction),
the scope will see that VM::m_terminationInProgress is set, and throw the
deferred TerminationException then.
c. The TerminationException will trigger unwinding out of the current stack
until we get to the outermost VMEntryScope.
d. At the the outermost VMEntryScope, we will clear VM::m_terminationInProgress
if the NeedTermination bit in VMtraps::m_trapBits is cleared.
If the NeedTermination bit is set, then that means we haven't thrown the
TerminationException yet. Currently, clients expect that we must throw the
TerminationException if NeedTermination was requested (again, read comments
at the top of VMTraps.h).
If the NeedTermination bit is set, we'll leave VM::m_terminationInProgress
set until the next time we re-enter the VM and exit to the outermost
VMEntryScope.
e. The purpose of VM::m_terminationInProgress is to provide a summary of the
fact that the VM is in a state of trying to terminate the current stack.
Note that this state is first indicated by the NeedTermination bit being set
in VMTraps::m_trapBits. Then, in VMTraps::handleTraps(), the state is
handed of with the NeedTermination bit being cleared, and the
TerminationException being thrown.
While the VM is in this termination state, we need to prevent new DFG/FTL
JIT code from being compiled and run. The reason is the firing of the
NeedTermination event has invalidated DFG/FTL code on the stack, thereby
allowing their baseline / LLInt versions which have VMTraps polling checks
to run. We don't want to compile new DFG / FTL code and possibly get stuck
in loops in there before the termination is complete.
In operationOptimize(), we check if VM::m_terminationInProgress is set, and
prevent new DFG (and therefore FTL) code from being compiled if needed.
Note: it is easier to check a single flag, VM::m_terminationInProgress,
then to check both if the NeedTermination bit is set or if the
TerminationException is being being thrown.
9. One complication of being able to service VMTraps in RETURN_IF_EXCEPTION checks
is that some of our code (usually for lengthier initializations and bootstrapping)
currently does not handle exceptions well, e.g. JSGlobalObject::init(). They
rely on the code crashing if an exception is thrown while still initializing.
However, for a worker thread, a TerminationException (requested by the main
thread) may arrive before the initialization is complete. This can lead to
crashes because part of the initialization may be aborted in the presence of
an exception, while other parts still expect everything prior to have been
initialized correctly. For resource exhaustion cases (which is abnormal), it
is OK to crash. For the TerminationException (which can be part of normal
operation), we should not be crashing.
To work around this, we introduce a DeferTermination RAII scope object that we
deploy in this type of initialization code. With the scope in effect,
a. if a TerminationException arrives but hasn't been thrown yet, it will be
deferred till the scope ends before being thrown.
b. if a TerminationException has already been thrown, the scope will stash
the exception, clear it from the VM so that the initialization code can
run to completion, and then re-throw the exception when the scope ends.
Currently, we only need to use the DeferTermination scope in a few places
where we know that initialization code will only run for a short period of time.
DeferTermination should not be used for code that can block waiting on an
external event for a long time. Obviously, doing so will prevent the VM
termination mechanism from working.
10. Replaced llint_slow_path_check_if_exception_is_uncatchable_and_notify_profiler
and operationCheckIfExceptionIsUncatchableAndNotifyProfiler with
llint_slow_path_retrieve_and_clear_exception_if_catchable and
operationRetrieveAndClearExceptionIfCatchable.
The 2 runtime functions doesn't actually do anything to notify a profiler.
So, we drop that part of the name.
After returning from these runtime functions respectively, the previous LLInt
and JIT code, which calls these runtimes functions, would go on to load
VM::m_exception, and then store a nullptr there to clear it. This is wasteful.
This patch changes the runtime function to clear and return the Exception
instead. As a result, the calling LLInt and JIT code is simplified a bit.
Note also that clearing an exception now also entails clearing the
NeedExceptionHandling bit in VMTraps::m_trapBits in an atomic way. The above
change makes it easy to do this clearing with C++ code.
11. Fix ScriptFunctionCall::call() to handle exceptions correctly. Previously,
it had one case where it propagates an exception, while another eats it.
Change this function to eat the exception in both cases. This is approproiate
because ScriptFunctionCall is only used to execute some Inspector instrumentation
calls. It doesn't make sense to propagate the exception back to user code.
12. Fix the lazy initialization of JSGlobalObject::m_defaultCollator to be able to
handle the TerminationException.
13. Not related to TerminationException, but this patch also fixes
MarkedArgumentBuffer::expandCapacity() to use Gigacage::tryMalloc() instead of
Gigacage::malloc(). This is needed as one of the fixes to make the
accompanying test case work.
This patch increases code size by 320K (144K for JSC, 176K for WebCore) measured
on x86_64.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::branchTest32):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::branchTest32):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::branchTest32):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchTest32):
* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptFunctionCall::call):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):
* interpreter/InterpreterInlines.h:
(JSC::Interpreter::execute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_check_traps):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_catch):
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArgList.cpp:
(JSC::MarkedArgumentBuffer::expandCapacity):
* runtime/DeferTermination.h: Added.
(JSC::DeferTermination::DeferTermination):
(JSC::DeferTermination::~DeferTermination):
* runtime/ExceptionScope.h:
(JSC::ExceptionScope::exception const):
(JSC::ExceptionScope::exception): Deleted.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::finishCreation):
* runtime/LazyPropertyInlines.h:
(JSC::ElementType>::callFunc):
* runtime/StringPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/VM.cpp:
(JSC::VM::hasExceptionsAfterHandlingTraps):
(JSC::VM::clearException):
(JSC::VM::setException):
(JSC::VM::throwTerminationException):
(JSC::VM::throwException):
* runtime/VM.h:
(JSC::VM::terminationInProgress const):
(JSC::VM::setTerminationInProgress):
(JSC::VM::notifyNeedTermination):
(JSC::VM::DeferExceptionScope::DeferExceptionScope):
(JSC::VM::DeferExceptionScope::~DeferExceptionScope):
(JSC::VM::handleTraps): Deleted.
(JSC::VM::needTrapHandling): Deleted.
(JSC::VM::needTrapHandlingAddress): Deleted.
(JSC::VM::setException): Deleted.
(JSC::VM::clearException): Deleted.
* runtime/VMEntryScope.cpp:
(JSC::VMEntryScope::~VMEntryScope):
* runtime/VMTraps.cpp:
(JSC::VMTraps::tryInstallTrapBreakpoints):
(JSC::VMTraps::fireTrap):
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::takeTopPriorityTrap):
(JSC::VMTraps::deferTermination):
(JSC::VMTraps::undoDeferTermination):
* runtime/VMTraps.h:
(JSC::VMTraps::onlyContainsAsyncEvents):
(JSC::VMTraps::needHandling const):
(JSC::VMTraps::trapBitsAddress):
(JSC::VMTraps::isDeferringTermination const):
(JSC::VMTraps::notifyGrabAllLocks):
(JSC::VMTraps::hasTrapBit):
(JSC::VMTraps::clearTrapBit):
(JSC::VMTraps::setTrapBit):
(JSC::VMTraps::Mask::Mask): Deleted.
(JSC::VMTraps::Mask::allEventTypes): Deleted.
(JSC::VMTraps::Mask::bits const): Deleted.
(JSC::VMTraps::Mask::init): Deleted.
(JSC::VMTraps::interruptingTraps): Deleted.
(JSC::VMTraps::needTrapHandling): Deleted.
(JSC::VMTraps::needTrapHandlingAddress): Deleted.
(JSC::VMTraps::hasTrapForEvent): Deleted.
(JSC::VMTraps::setTrapForEvent): Deleted.
(JSC::VMTraps::clearTrapForEvent): Deleted.
Source/WebCore:
1. Add DeferTermination in WorkerOrWorkletScriptController::initScript().
This allows us to avoid having to make all exception checking in
WorkerOrWorkletScriptController::initScript() very thorough and complete.
Currently, they aren't.
2. Fix WorkerOrWorkletScriptController::evaluate() to handle the TerminationException.
3. Fix JSEventListener::handleEvent() to handle the TerminationException correctly.
Previously, in one case, it was checking scope.exception() for the exception,
but the exception has already been taken out of there.
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* workers/WorkerOrWorkletScriptController.cpp:
(WebCore::WorkerOrWorkletScriptController::evaluate):
(WebCore::WorkerOrWorkletScriptController::initScript):
Canonical link: https://commits.webkit.org/236368@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@275797 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-04-10 16:12:19 +00:00
2021-04-10 Mark Lam <mark.lam@apple.com>
Enable VMTraps checks in RETURN_IF_EXCEPTION.
https://bugs.webkit.org/show_bug.cgi?id=224078
rdar://75037057
Reviewed by Keith Miller.
* stress/watchdog-fire-while-in-forEachInIterable.js: Added.
2021-04-08 05:48:03 +00:00
2021-04-07 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] DUCET level-1 weighs are equal if characters are alphabets
https://bugs.webkit.org/show_bug.cgi?id=224047
Reviewed by Saam Barati and Mark Lam.
* stress/ducet-level-3-or-4-comparison.js: Added.
(shouldBe):
2021-04-07 09:30:51 +00:00
2021-04-07 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Update test262
https://bugs.webkit.org/show_bug.cgi?id=224272
Reviewed by Ross Kirsling.
* test262/latest-changes-summary.txt:
* test262/test/intl402/DisplayNames/options-getoptionsobject.js: Added.
* test262/test/intl402/ListFormat/constructor/constructor/options-getoptionsobject.js: Renamed from JSTests/test262/test/intl402/ListFormat/constructor/constructor/options-toobject.js.
* test262/test/intl402/ListFormat/constructor/constructor/options-toobject-prototype.js: Removed.
* test262/test/intl402/Segmenter/constructor/constructor/options-getoptionsobject.js: Added.
* test262/test/intl402/Segmenter/constructor/constructor/options-toobject-prototype.js: Removed.
* test262/test/intl402/Segmenter/constructor/constructor/options-toobject.js: Removed.
* test262/test/language/expressions/in/rhs-yield-absent-non-strict.js: Added.
* test262/test/language/expressions/in/rhs-yield-absent-strict.js: Added.
* test262/test/language/expressions/in/rhs-yield-present.js: Added.
(isNameIn):
* test262/test262-Revision.txt:
2021-04-07 09:28:49 +00:00
2021-04-06 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] WasmMemory caging should care about nullptr
https://bugs.webkit.org/show_bug.cgi?id=224268
<rdar://problem/74654838>
Reviewed by Mark Lam.
* wasm/stress/4g-memory-cage.js: Added.
(async test):
* wasm/stress/more-than-4g-offset-access-oom.js: Added.
(async test):
* wasm/stress/null-memory-cage-explicit.js: Added.
(async test):
* wasm/stress/null-memory-cage.js: Added.
(async test):
2021-04-06 23:28:53 +00:00
2021-04-06 Alexey Shvayka <shvaikalesh@gmail.com>
Symbol and BigInt wrapper objects should perform OrdinaryToPrimitive
https://bugs.webkit.org/show_bug.cgi?id=224208
Reviewed by Yusuke Suzuki.
* stress/bigint-object-ordinary-toprimitive.js: Added.
* stress/symbol-object-ordinary-toprimitive.js: Added.
2021-04-06 20:20:41 +00:00
2021-04-06 Alexey Shvayka <shvaikalesh@gmail.com>
Array's toString() is incorrect if join() is non-callable
https://bugs.webkit.org/show_bug.cgi?id=224215
Reviewed by Yusuke Suzuki.
* stress/array-toString-non-callable-join.js: Added.
2021-04-06 01:52:05 +00:00
2021-04-05 Keith Miller <keith_miller@apple.com>
DFG arity fixup nodes should exit to the caller's call opcode
https://bugs.webkit.org/show_bug.cgi?id=223278
Reviewed by Saam Barati.
* stress/dfg-arity-fixup-uses-callers-exit-origin.js: Added.
(main.v22):
(main.v30):
(main.try.v40):
(main.try.v47):
(main.try.v56):
(main.):
(main):
2021-04-02 21:20:45 +00:00
2021-04-02 Alexey Shvayka <shvaikalesh@gmail.com>
Reduce bytecode instruction count emitted for `class extends`
https://bugs.webkit.org/show_bug.cgi?id=223884
Reviewed by Yusuke Suzuki.
* ChakraCore/test/Error/validate_line_column.baseline-jsc:
2021-04-02 21:10:28 +00:00
2021-04-02 Jessica Tallon <jtallon@igalia.com>
Add tests for the new type method on certain JS-API wasm objects.
https://bugs.webkit.org/show_bug.cgi?id=222412
Reviewed by Yusuke Suzuki.
* wasm/js-api/global.js: Added.
(assert.throws):
* wasm/js-api/table.js:
(assert.truthy):
* wasm/js-api/test_memory.js:
2021-04-01 16:07:08 +00:00
2021-04-01 Alexey Shvayka <shvaikalesh@gmail.com>
Optimize createListFromArrayLike() and Proxy's [[OwnPropertyKeys]] method
https://bugs.webkit.org/show_bug.cgi?id=223928
Reviewed by Yusuke Suzuki.
* microbenchmarks/json-stringify-array-replacer.js:
Reduce running time from over 350ms to ~60ms.
* microbenchmarks/reflect-own-keys-proxy-2.js: Added.
* microbenchmarks/reflect-own-keys-proxy.js: Added.
2021-03-31 18:45:36 +00:00
2021-03-31 Mark Lam <mark.lam@apple.com>
Missing exception check in HashMapImpl::add().
https://bugs.webkit.org/show_bug.cgi?id=224007
rdar://76053163
Reviewed by Saam Barati.
* stress/missing-exception-check-in-HashMapImpl-add.js: Added.
2021-03-31 07:21:37 +00:00
2021-03-31 Alexey Shvayka <shvaikalesh@gmail.com>
Optimize constructors of ES6 collections
https://bugs.webkit.org/show_bug.cgi?id=223953
Reviewed by Yusuke Suzuki.
* microbenchmarks/map-constructor.js:
* microbenchmarks/set-constructor.js: Added.
* microbenchmarks/weak-map-constructor.js: Added.
* microbenchmarks/weak-set-constructor.js: Added.
* stress/map-constructor-adder.js:
* stress/set-constructor-adder.js:
* stress/weak-map-constructor-adder-error-cross-realm.js: Added.
* stress/weak-map-constructor-adder.js:
* stress/weak-set-constructor-adder-error-cross-realm.js: Added.
* stress/weak-set-constructor-adder.js:
* stress/weak-set-constructor.js:
2021-03-30 20:57:14 +00:00
2021-03-29 Ryan Haddad <ryanhaddad@apple.com>
Unreviewed test gardening.
* stress/early-return-from-builtin.js: Disable this test for memoryLimited configurations.
2021-03-26 22:00:33 +00:00
2021-03-26 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use AppleICU SPI for canonicalization
https://bugs.webkit.org/show_bug.cgi?id=223552
Reviewed by Ryosuke Niwa.
* stress/intl-canonical-locale-alias-mapping.js: Added.
(shouldBe):
(Intl.getCanonicalLocales):
2021-03-25 21:51:30 +00:00
2021-03-25 Truitt Savell <tsavell@apple.com>
Unreviewed, reverting r275056.
This is no longer needed
Reverted changeset:
"stress/early-return-from-builtin.js.default is failing on iOS
JSC testers"
https://commits.webkit.org/r275056
2021-03-25 20:53:45 +00:00
2021-03-25 Truitt Savell <tsavell@apple.com>
stress/early-return-from-builtin.js.default is failing on iOS JSC testers
rdar://75597901
Unreviewed test gardening.
* stress/early-return-from-builtin.js:
2021-03-25 19:57:08 +00:00
2021-03-25 Saam Barati <sbarati@apple.com>
early-return-from-builtin.js should try/catch in case of OOM
https://bugs.webkit.org/show_bug.cgi?id=223756
Reviewed by Yusuke Suzuki.
It's throwing an OOM on iOS.
* stress/early-return-from-builtin.js:
2021-03-24 17:29:02 +00:00
2021-03-24 Michael Saboff <msaboff@apple.com>
[YARR] Interpreter incorrectly matches non-BMP characters with multiple . w/dotAll flag
https://bugs.webkit.org/show_bug.cgi?id=223666
Reviewed by Mark Lam.
Added tests for dotAll. Also made sure that we test both JIT and non-JIT execution.
* stress/regexp-dot-match-nonBMP.js:
2021-03-24 09:55:54 +00:00
2021-03-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Rope string equal operation should first check length
https://bugs.webkit.org/show_bug.cgi?id=223678
Reviewed by Mark Lam.
* stress/redefine-property-same-value-exception-check.js:
(shouldThrow):
2021-03-23 18:04:34 +00:00
2021-03-23 Robin Morisset <rmorisset@apple.com>
Object.freeze(this) at the global scope can lose a reference to a WatchpointSet
https://bugs.webkit.org/show_bug.cgi?id=223608
Reviewed by Yusuke Suzuki.
* stress/freeze-global-object.js: Added.
(foo):
2021-03-22 23:01:47 +00:00
2021-03-22 Saam Barati <sbarati@apple.com>
LiteralParser shouldn't make error messages of length ~2^31
https://bugs.webkit.org/show_bug.cgi?id=223483
<rdar://75572255>
Reviewed by Robin Morisset.
* stress/literal-parser-error-message-oom.js: Added.
2021-03-22 22:06:52 +00:00
2021-03-22 Michael Saboff <msaboff@apple.com>
[YARR] Interpreter incorrectly matches non-BMP characters with multiple .
https://bugs.webkit.org/show_bug.cgi?id=223498
Reviewed by Yusuke Suzuki.
New test.
* stress/regexp-dot-match-nonBMP.js: Added.
(shouldMatch):
(shouldntMatch):
2021-03-22 20:07:23 +00:00
2021-03-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Intl.Locale should not assume is8Bit
https://bugs.webkit.org/show_bug.cgi?id=223553
Reviewed by Ross Kirsling.
* stress/intl-locale-non-8bit.js: Added.
(shouldBe):
BrandedStructure should keep its members alive.
https://bugs.webkit.org/show_bug.cgi?id=223495
rdar://75565765
Reviewed by Saam Barati.
JSTests:
* stress/BrandedStructure-should-keep-its-members-alive.js: Added.
Source/JavaScriptCore:
Normally, each type of JSCell would have its own structure (and therefore, its own
ClassInfo, MethodTable, etc), which would have handled visiting m_parentBrand.
Similarly, it would have its own destructor, which would deref m_brand.
However, the design of BrandedStructure is not like other JSCells. As present,
we have chosen to go with having BrandedStructure look exactly like a regular
Structure, except that its isBrandedStructure flag is set to true.
This design has advantages because we do checks all over the system for whether
a cell is a Structure by simply comparing its structureID to structureStructure's
structureID. By virtue of BrandedStructure having the same structure as Structure,
none of this code need to change.
The downside is that we need to enhance Structure's methods to check if it is
actually working on an instance of BrandedStructure, and do some additional work.
This patch fixes 2 bugs:
1. m_parentBrand was not visited by visitChildren().
Structure::visitChildrenImpl() now calls BrandedStructure::visitAdditionalChildren()
to handle this.
2. m_brand needs to be ref'ed.
In Structure::setBrandTransition(), if the BrandedStructure is a dictionary,
then its m_transitionPropertyName will be cleared. m_transitionPropertyName
was the only means by which the UniqueStringImpl pointed to by m_brand was
ref'ed. The fix is to make m_brand a RefPtr.
Hence, it follows that we also need to deref m_brand on destruction.
Structure's destructor now calls BrandedStructure::destruct() to handle this.
* runtime/BrandedStructure.h:
* runtime/Structure.cpp:
(JSC::Structure::~Structure):
(JSC::Structure::visitChildrenImpl):
Canonical link: https://commits.webkit.org/235547@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@274727 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2021-03-19 17:48:47 +00:00
2021-03-19 Mark Lam <mark.lam@apple.com>
BrandedStructure should keep its members alive.
https://bugs.webkit.org/show_bug.cgi?id=223495
rdar://75565765
Reviewed by Saam Barati.
* stress/BrandedStructure-should-keep-its-members-alive.js: Added.
2021-03-19 04:57:59 +00:00
== Rolled over to ChangeLog-2021-03-18 ==
