Closed
Bug 347645
Opened 18 years ago
Closed 18 years ago
Removal of global arena cache list
Categories
(Core :: JavaScript Engine, enhancement)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: igor, Assigned: igor)
Details
(Keywords: fixed1.8.1, Whiteboard: [bake until 08/10])
Attachments
(1 file, 1 obsolete file)
11.76 KB,
patch
|
brendan
:
review+
mrbkap
:
superreview+
beltzner
:
approval1.8.1+
|
Details | Diff | Splinter Review |
Currently when allocating a new arena the global list is checked before using malloc. This assumes that allocating from the list is faster than using malloc. But this may not be true for 2 reasons. First, many modern malloc/free implementations use thread-local cache. In such implementation malloc avoids taking any locks in many cases and can bit allocating from the list which allows take the lock. Second, the implementation searches the list for an element with exactly requested size. Since the list is not bounded, this can be arbitrary slow. Thus I suggest to remove the global list and always use malloc/free when allocating/releasing arena memory and allow the system to take better use of the memory. But In case of SpiderMonkey the case is much more stronger for the following reason. The global list is populated only when JS_FreeArenaPool is called, in the rest of cases arena memory is released calling free directly. Now the only place in the browser code that calls JS_FreeArenaPool is js_GetPrinterOutput from js/src/jsopcode.c. Since the list is queried for exact allocations, the result of releasing the memory in js_GetPrinterOutput would, in most cases, be only usable when js_NewPrinter is called later. This happens because js_NewPrinter calls JS_InitArenaPool(&jp->pool, name, 256, 1) while in the rest of places JS_InitArenaPool is called with minimal allocation size set to 1K, 8K or the size deduced from the expected buffer size. Thus the global list just imposes useless locking and list searching before calling the malloc. Here is stats from the browser collected with JS_ARENAMETER defined after the browser startup: temp allocation statistics: number of arenas: 0 number of allocations: 120748 number of free arena reclaims: 0 number of malloc calls: 5012 number of deallocations: 0 number of allocation growths: 19 number of in-place growths: 0 number of realloc'ing growths: 0 number of released allocations: 4381 number of fast releases: 3253 total bytes allocated: 4846989 mean allocation size: 40.1414 standard deviation: 186.675 maximum allocation size: 4096 stack allocation statistics: number of arenas: 0 number of allocations: 420 number of free arena reclaims: 0 number of malloc calls: 117 number of deallocations: 0 number of allocation growths: 0 number of in-place growths: 0 number of realloc'ing growths: 0 number of released allocations: 1012 number of fast releases: 895 total bytes allocated: 11584 mean allocation size: 27.581 standard deviation: 112.446 maximum allocation size: 1676 properties allocation statistics: number of arenas: 51 number of allocations: 12898 number of free arena reclaims: 0 number of malloc calls: 51 number of deallocations: 0 number of allocation growths: 0 number of in-place growths: 0 number of realloc'ing growths: 0 number of released allocations: 0 number of fast releases: 0 total bytes allocated: 361144 mean allocation size: 28 standard deviation: 27.8314 maximum allocation size: 28 Which tells that there there were 5012 + 117 + 51 useless locking/unlocking calls.
Assignee | ||
Comment 1•18 years ago
|
||
Removal of the global list and lock.
Assignee | ||
Updated•18 years ago
|
Summary: Removal of global arena pool → Removal of global arena cache list
Comment 2•18 years ago
|
||
Thanks for filing this -- it's long overdue. We shoult try to get it into moz1.8 / fx2 / js1.7 too. /be
Comment 3•18 years ago
|
||
Comment on attachment 232438 [details] [diff] [review] Implementation v1 Requesting additional review to buttress case for branch landing. /be
Attachment #232438 -
Flags: review?(mrbkap)
Attachment #232438 -
Flags: review?(brendan)
Attachment #232438 -
Flags: review+
Comment 4•18 years ago
|
||
Comment on attachment 232438 [details] [diff] [review] Implementation v1 This is a safe patch for 1.8.1, because it removes a layer of recycling above malloc. Unless that pooling hid a buffer overrun bug, removing it will only help performance (time in terms of direct, thread-local malloc calling; and space, due to reduced "external fragmentation" due to hoarding of unusably-sized arenas on the freelist). We have no evidence of buffer overrun latent bugs, and we should be able to smoke any out with valgrind and other testing. The odds seem low enough to make to take this patch sooner rather than later. Igor, what do you think? /be
Attachment #232438 -
Flags: approval1.8.1?
Comment 5•18 years ago
|
||
Comment on attachment 232438 [details] [diff] [review] Implementation v1 Neat!
Attachment #232438 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 6•18 years ago
|
||
In the previous patch I forgot to remove from jsarena.c include "jslock.h" which is no longer needed for arena code.
Attachment #232438 -
Attachment is obsolete: true
Attachment #232775 -
Flags: superreview?(mrbkap)
Attachment #232775 -
Flags: review?(brendan)
Attachment #232775 -
Flags: approval1.8.1?
Attachment #232438 -
Flags: approval1.8.1?
Updated•18 years ago
|
Attachment #232775 -
Flags: superreview?(mrbkap) → superreview+
Comment 7•18 years ago
|
||
Comment on attachment 232775 [details] [diff] [review] Implementation v2 Should bake for a few days on trunk, get in for beta 2. /be
Attachment #232775 -
Flags: review?(brendan) → review+
Assignee | ||
Comment 8•18 years ago
|
||
I committed to the trunk the patch from comment 6.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•18 years ago
|
Flags: in-testsuite-
Updated•18 years ago
|
Whiteboard: [bake until 08/10]
Comment 9•18 years ago
|
||
Comment on attachment 232775 [details] [diff] [review] Implementation v2 a=drivers, so say we all
Attachment #232775 -
Flags: approval1.8.1? → approval1.8.1+
Assignee | ||
Comment 10•18 years ago
|
||
I committed the patch from comment 6 to MOZILLA_1_8_BRANCH
Keywords: fixed1.8.1
You need to log in
before you can comment on or make changes to this bug.
Description
•