Closed Bug 677006 Opened 13 years ago Closed 13 years ago

JM+TI: inline object creation

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bhackett1024, Unassigned)

References

Details

Attachments

(1 file, 1 obsolete file)

patch
23.27 KB, patch
Details | Diff | Splinter Review
With TI we have enough information to generate inline code for object creation not just at [] and {} sites, but also calls to Array etc. and creation of scripted 'new' objects. With recent refactorings these all incur some new overhead when happening in the VM (need to look up the type to use in a hashtable, need to record the type when constructing 'this') so it makes more sense to do this now. This is somewhat different from bug 638015, which only handles scripted 'new' but can generate code for handling polymorphic constructors. The main (well, only) place I've seen polymorphic constructors is the Prototype.js Class.create function seen in v8-raytrace; this bug won't handle that pattern, but with building blocks for the monomorphic case we should be able to inline the v8-raytrace object construction by doing some specialization on that pattern (bug 638794).
Attached patch WIP (obsolete) — Splinter Review
WIP which handles {} and [].
Attached patch patchSplinter Review
http://hg.mozilla.org/projects/jaegermonkey/rev/05261f44a8ac And followup because I forgot to record dependencies and trigger recompilation on newScript changes. http://hg.mozilla.org/projects/jaegermonkey/rev/bde71d2d88fb Microbenchmarks, with artificially introduced GCs because otherwise the page fault overhead drowns out the different perf when constructing objects. function foo() { for (var i = 0; i < 100000; i++) <blank> } for (var i = 0; i < 40; i++) { foo(); if (typeof gc != "undefined") gc(); } Different code for <blank>: var b = {a:0, b:1, c:2, d:3}; var b = [0,1,2,3]; var b = Array(0,1,2,3); var b = Array(4); var b = new Bar(0,1,2,3); {} [] Array(...) Array(4) new Bar -m -n (new) 220 218 220 202 242 -m -n (old) 269 282 551 358 300 -j 261 255 266 252 403 -m 308 321 400 342 385 jsc 302 237 302 319 348 d8 155 34 62 76 52 We won't come even remotely close to matching V8 here until we have a generational GC.
Attachment #551231 - Attachment is obsolete: true
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Depends on: 684664
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: