Closed
Bug 538326
Opened 15 years ago
Closed 14 years ago
Large regression in test case from bug 534590
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dvander, Unassigned)
References
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(2 files)
|
346 bytes,
application/x-javascript
|
Details | |
|
6.20 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
Before this patch:
host-5-37:src dvander$ ./Opt32/js -j b.js
124999999567108900
1893 ms
After:
host-5-37:src dvander$ ./Opt32/js -j b.js
124999999567108900
6204 ms
Test case is from dmandelin who got the problem on his machine (OS X 10.5). I can reproduce it on 10.6 & Linux. The interpreter is slower as well, though not by as much.
The patch in bug 534590 seems harmless so at first I thought hg bisect was lying, but this is very reproducible for me. From looking at Shark it seems like all the time is purely on trace, and that there might be more L2 cache misses.
|
Reporter | |
Comment 1•15 years ago
|
||
|
||
Comment 2•15 years ago
|
||
I would check for alignment problems.
|
||
Comment 3•15 years ago
|
||
(In reply to comment #0)
> there might be more L2 cache misses.
The patch contains:
===================================================================
--- tm.orig/js/src/jscntxt.h 2009-12-23 13:58:34.311884714 +0300
+++ tm/js/src/jscntxt.h 2009-12-23 13:59:30.970882813 +0300
@@ -553,17 +553,17 @@ struct JSRuntime {
- JSDHashTable *gcLocksHash;
+ JSDHashTable gcLocksHash;
That is, it replaces a pointer field in JSRuntime by JSDHashTable, a struct with sizeof == 32 bytes on Linux. That may be enough to make access to the fields after it slower.
What would happen if gcLocksHash is moved at the end of JSRuntime?
|
|
Reporter | |
Comment 4•15 years ago
|
||
Thanks Igor, that was the problem. Brendan suggested bisecting to which struct member was misaligned, and it ended up being JSThreadData. From there Luke remembered that our native stack comes from JSThreadData.traceMonitor.storage. For some reason GCC isn't 16-byte aligning the double.
So this patch just mallocs the storage area instead.
Attachment #420640 -
Flags: review?(lw)
|
|
||
Updated•15 years ago
|
Attachment #420640 -
Flags: review?(lw) → review+
|
||
Comment 5•15 years ago
|
||
(In reply to comment #4)
> Created an attachment (id=420640) [details]
> fix
>
> Thanks Igor, that was the problem. Brendan suggested bisecting to which struct
> member was misaligned, and it ended up being JSThreadData. From there Luke
> remembered that our native stack comes from JSThreadData.traceMonitor.storage.
> For some reason GCC isn't 16-byte aligning the double.
Or even 8-byte aligning it. /me shakes fist at GCC
Shell-only regression, but the compiler's failure to align for performance fills me with dread.
/be
|
|
||
Comment 6•15 years ago
|
||
Why malloc, though? It adds indirection. Shouldn't we just static-assert that the double array is double-aligned and hack or pragma until it is?
/be
|
|
Reporter | |
Comment 7•15 years ago
|
||
I don't think the indirection matters too much here, and it's easier than mucking with compiler/platform-specific gunk.
|
|
Reporter | |
Comment 8•15 years ago
|
||
Whiteboard: fixed-in-tracemonkey
|
|
||
Comment 9•14 years ago
|
||
Sorry to bother you but did this patch land on mozilla-central? Marked as fixed-in-tracemonkey in January, but not as resolved fixed..
|
||
Comment 10•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•