Main menu:

Site search



Moz JS Team Newsletter 7/29-8/9

New Hire

Sean Stangl has joined the JS team. He worked on JägerMonkey last year as an intern, and now he’s here full-time, initially working on IonMonkey. Welcome, Sean!

Project Status Updates

Type Inference: Brian Hackett is fixing regressions and getting ready to “land” type inference. Landing is tricky because the complexity of the project makes it very difficult to disable or back out the landing. Dave Mandelin posted a proposal in dev-planning for getting type inference out to users by creating parallel aurora and beta repositories and pointing channel users at the new builds.

IonMonkey: David Anderson landed bailouts. Current work is focused on fixing bugs turned up by the test suite.

jsdbg2 is almost there: just one more review. It is expected to land in time for Firefox 8.

Changes to SpiderMonkey that might affect you

In bug 676738, Jeff Walden split JS_GetElement and other JS_XXXElement functions into two forms: one where the index is a jsid (as before), and a new one where the index is a uint32. This goes along with the ‘aslots’ project, which will split int-named ‘element’ storage from string-named ‘property’ storage and allow dense arrays on any object.

General News

Dave Mandelin and Chris Leary attended Black Hat. The talk Attacking Clientside JIT Compilers by Chris Rohlf and Yan Invnitskiy gave a lot of information about JIT spraying, and analyzed Firefox specifically. The good news is that JIT spraying is pretty hard with the kind of code JägerMonkey generates. The bad news is that Firefox currently has few defenses against JIT spraying.

But Chris Leary is on the case: he’s been implementing defenses, which are now public in bug 677272. He should have a strong set of mitigations landed within a week or two.

Key Landings

Bug 649202: Marty Rosenberg landed ICs for typed arrays on ARM, so typed arrays are now fast on ARM too.

Bug 586297: Jacob Bramley improved the generation of branches for ARM. The bug shows an 18% perf improvement on Kraken on ARM with the methodjit only.

Bug 669132: Jacob improved ARM floating-point loads. No perf data in the bug.

Bug 664249: Nikhil Marathe changed typed arrays to hold their properties inside the JSObject slots in order to improve performance. It looks like it got a 2x improvement to property access time in JM.


Comment from Thaddee Tyl
Time: August 9, 2011, 10:55 pm

How much of a speedup should we expect from the type inference mechanism, with functions that will only ever have a single type? Or do you need more time to make it faster than before? And can it make some functions slower?

Pingback from JavaScript Magazine Blog for JSMag » Blog Archive » News roundup: png.js, pouchDB, finding memory leaks in JavaScript, Page Visibility API
Time: August 12, 2011, 11:38 am

[…] Chrome Developer Tools: Put JavaScript memory under control – nice guide to finding leaks Fixing the JavaScript typeof operator (JavaScript, JavaScript…) Understanding JavaScript Function Invocation and “this” (Yehuda Katz) Introduction to the Page Visibility API (Nicholas Zakas) (see the W3C working draft) Javascript Unit Test Environment (JUTE) Now Open! Functional Parameters – a neat JavaScript Design Pattern Kind of a pointless activity, but Stoyan Stefanov has compiled a list of 535 ways to reload a page with JavaScript, and someone has built a script based on it that uses over 1600 ways to do the same thing. Oh dear! Building Mobile JavaScript WebApps With Backbone.js & jQuery: Part I 31 days of Canvas tutorials Huge debate about script loaders on GitHub (via reddit) Are We Fast Yet? (for HTML5 games) is a look at the problems with garbage collection pauses, with the conclusion that requestAnimationFrame isn’t (yet) practically useful for games compared to setTimeout or setInterval. Data URI and Deferreds For Great Justice Let’s Make a Framework: JSLint, Makefiles Sencha Touch now has interactive charts Extending built-in native objects. Evil or not? (by kangax) Moz JS Team Newsletter 7/29-8/9 […]