593462 - Always init all standard objects in JS_NewGlobalObject, by copying from exemplars and patching internal pointers

Status: RESOLVED INCOMPLETE

(Core :: JavaScript Engine, defect)

Description

[Brendan Eich [:brendan]]

Reviewing the patch for bug 592556, Jason chatted:

[1:10pm] jorendorff: brendan: also -- "we currently scramble slots along shape paths due to resolve-based creation of shapes mapping reserved slots"  Where does that happen?
[1:10pm] brendan: global object, e.g.
[1:10pm] brendan: JSCLASS_GLOBAL_FLAGS reserves a buttload of slots, then JS_ResolveStandardClass faults in shapes laziliy
[1:10pm] • jorendorff looks
[1:10pm] brendan: i think we could make JS_InitStandardClasses and JS_Resolve/EnumerateStandardClass/es no-ops in the near term
[1:11pm] brendan: a well-initialized global would have a fixed shape path (i hope -- should be < 64 shapes!)
[1:11pm] brendan: we could make a cx per runtime with clean GC compartment
[1:11pm] brendan: it would allocate some objects and functions
[1:11pm] jorendorff: but those get branded right away, right?
[1:11pm] brendan: branding is ok
[1:11pm] brendan: we can rebrand quickly
[1:12pm] jorendorff: ah, yes we can.
[1:12pm] brendan: we'd have to fix up internal pointers when copying too
[1:12pm] brendan: so there'd be some cost above alloc+memcpy
[1:12pm] brendan: but it might be so small we can do it all in JS_NewGlobalObject
[1:12pm] brendan: would that win or what?
[1:12pm] jorendorff: all for it
[1:13pm] brendan: we could even use C++ to declare the per-global hidden members, instead of slots (these would be the "original value of Object.prototype" or "original value of Object" -- IIRC now we keep both in reserved slots)
[1:14pm] brendan: i will file this -- andreas was promoting the general idea a while ago but it seemed out of reach at the time
[1:14pm] brendan: still not sure it won't ding Tp
[1:14pm] brendan: laziness means Object, Function, maybe String or Array are often all you need to load a page with <script> in it
[1:15pm] brendan: but we can measure
[1:15pm] jorendorff: i always saw this as in reach, and a likely win, but not certain
[1:15pm] jorendorff: i see DefineStandardSlot ... does anything else do this?
[1:16pm] jorendorff: "this" = addProperty with a known-reserved slot?
[1:16pm] brendan: not sure, have to survey _resolve impls
[1:17pm] brendan: in-engine and dom, etc.
[1:17pm] jorendorff: surely this can't be done from outside the engine...
[1:17pm] jorendorff: no slot parameter to JS_Define*
[1:17pm] brendan: actually, re: branding -- we brand on call, not on definition (except joined lambda but that's not happening with our native standard class methods)
[1:18pm] brendan: jorendorff: JS_FRIEND_API is not our friend, but perhaps you're right

/be