Closed Bug 1162199 Opened 10 years ago Closed 10 years ago

Use unboxed objects by default

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla41
Tracking Flags:
Tracking Status
firefox41 --- fixed

People

(Reporter: bhackett1024, Assigned: bhackett1024)

References

Details

Attachments

(1 file)

patch
8.94 KB, patch
jandem
: review+
Details | Diff | Splinter Review
Attached patch patchSplinter Review
Unboxed objects improve all our major benchmarks (octane by 2-3%) and don't regress any of the assorted tests on AWFY. They're also a good memory savings when we can use them. The attached patch turns them on by default. I'll wait to land this until after the next merge and after bug 1161762 is fixed (the only remaining unboxed object crash I think.) Since there isn't any need to control these with an about:config option I removed the unboxed objects option from RuntimeOptions and added a flag in JitOptions, as Hannes suggested in bug 1153266. I hope that eventually this file will be generalized so that it isn't JIT specific, but for now this doesn't seem too bad and the weirdness with the different control mechanism for unboxed arrays will be fixed when they are also on by default.
Attachment #8602263 - Flags: review?(jdemooij)
Fuzzing team: when this patch lands, --unboxed-objects won't be available anymore, and will be replaced by the opposite --no-unboxed-objects, still useful to test (in differential mode at least).
Got it. Thanks for the headsup!
Comment on attachment 8602263 [details] [diff] [review] patch Review of attachment 8602263 [details] [diff] [review]: ----------------------------------------------------------------- Nice!
Attachment #8602263 - Flags: review?(jdemooij) → review+
Bouncy! Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/df00fd242b33 for (with retriggers) 2 of 10 Linux32 opt e10s browser-chrome runs crashing like https://treeherder.mozilla.org/logviewer.html#?job_id=9908263&repo=mozilla-inbound
https://hg.mozilla.org/mozilla-central/rev/322487136b28
Assignee: nobody → bhackett1024
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox41: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
The regression detection was quite pleased with this landing. Overall this is an improvement on octane/kraken/ss. There are some specific tests that regressed and might be interesting to look at, but given the overall improvement, I'm not tracking the specific tests. Mac OS X 10.10 32-bit (Mac Pro, shell) - misc: typedobj-simple-struct-typedobj: 31.37% (regression) - misc: typedobj-splay-typedobj: 2.66% (regression) - misc: bugs-1131099-lodash2: 7.35% (regression) - misc: basic-hoist-bounds-check: 2.84% (regression) - octane: Box2D: -1.94% (regression) - octane: Typescript: -4.39% (regression) - dart: Richards: 17.91% (regression) More details: http://arewefastyet.com/regressions/#/regression/1578297 Mac OS X 10.10 64-bit (Mac Pro, shell) - kraken: stringify-tinderbox: 9.38% (regression) - kraken: crypto-aes: 1.58% (regression) - misc: bugs-847389-jpeg2000: 0.58% (regression) - dart: Richards: 7.01% (regression) More details: http://arewefastyet.com/regressions/#/regression/1578649
Flags: needinfo?(bhackett1024)
Depends on: 1166542
No longer depends on: 1166730
Depends on: 1171405
Depends on: 1189137
Depends on: CVE-2019-9791
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: