JavaScript:TraceMonkey: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
(Mark as Outdated)
 
(15 intermediate revisions by 9 users not shown)
Line 1: Line 1:
== Security Review ==
{{OutdatedSpiderMonkey}}


[[TraceMonkeySecurityReviewForm]]
== About TraceMonkey ==
TraceMonkey adds native‐code compilation to Mozilla’s JavaScript® engine (known as “SpiderMonkey”). It is based on a technique developed at UC Irvine called [http://www.ics.uci.edu/%7Efranz/Site/pubs-pdf/ICS-TR-06-16.pdf “trace trees”], and building on code and ideas shared with the Tamarin Tracing project. The net result is a massive speed increase both in the browser chrome and Web‐page content.


== TraceMonkey Tasks ==
== Playing with TraceMonkey ==
TraceMonkey is currently available and ''enabled by default'' in stable 32-bit Firefox 3.5+ and [ftp://ftp.mozilla.org/pub/firefox/nightly/latest-trunk/ nightly builds]. If you want to modify the types of JavaScript that are executed using TraceMonkey:
* open a new tab;
* type “'''about:config'''” and hit enter;
* read the warning and heed its wisdom;
* enter “'''jit'''” in the filter field;
* change the value of “'''javascript.options.jit.content'''” to enable (true) and disable (false) TraceMonkey for JavaScript in Web content;
* change the value of “'''javascript.options.jit.chrome'''” to enable (true) and disable (false) TraceMonkey for JavaScript in XUL/chrome.


Here are a few pending tasks. Most of them benefit Tamarin-Tracing and TraceMonkey. Tasks that only benefit TraceMonkey are marked with a star(*).
If you experience instability, please [http://bugzilla.mozilla.org file a bug] and reference any crash report ID that might be relevant. As of 2009, of the stable builds only the 32-bit versions of Firefox have TraceMonkey available (use nightly builds for 64-bit support).


* Setup performance & compliance test framework for shell using a MacMini.(*)
== Hacking on TraceMonkey ==
** Skill set: perl, shell scripts and such
The TM tree is located at http://hg.mozilla.org/tracemonkey.
** Effort: couple days tops


* Cleanup page allocation code in nanojit.
We are currently still in rapid‐development mode. Our commit policy is as follows: if you are confident you know what you are doing, push now and prepare to answer questions later if you break the tree. If you have commit access to hg.mozilla.org, feel free to commit any patch you feel is sensible. Even white‐space clean‐up, additional comments or general code clean‐up/naming‐consistency changes are welcome.
** Skill set: C/C++, gdb, some understanding of Tamarin would be good
** Effort: 1 week


* Make more JSOPs traceable.(*)
Run trace-test.js and all benchmarks in t/* before you commit. Commits that break any of these tests are allowed if sensible, but please let everyone know why you break what and what has to happen to fix it.
** Skill set: solid experience with SpiderMonkey
** Effort: on-going


* Implement soft-float math in TraceMonkey. The code already exists in Tamarin-Tracing and just needs to be ported over. Coordinate with upstream maintainer to extract soft-float code into a filter and get a patch for that into Tamarin-Tracing.  
The main channel to discuss TM is #jsapi on irc.mozilla.org.  
** Skill set: C/C++, gdb, no fear of ARM assembly
** Effort: 2 weeks


* Add loop-spanning register allocation to nanojit and get patch into Tamarin-Tracing.
== TraceMonkey Tasks ==
** Skill set: C/C++, gdb, experience with compiler construction advisable
Beta 1
** Effort: 2-4 weeks, depending on implementation strategy
** fuzzer bugs fixed
** slow script dialog
** perf matches a2
** test suites passing
** gcov
** content_jit
** nanojit x86 (this works, but it must remain so)
** OOM nanojit/tracer testing
** disable tracer in the presence of debugger


* Fix vprof in Tamarin to make it usable on Mac and Linux.
Beta 2
** Skill set: C/C++
** tracing recursion
** Effort: 2 days
** trace over DOM fast stubs (not into)
** event handler tracing
** ARM nanojit


* Help Intel with type stability analysis on real-world JS code.
Future Features
** Skill set: understanding of JS, C/C++
** SSE opts
** Effort: 2 weeks
** PPC nanojit
** built‐in reg usage
** Nanojit [[JavaScript:Verifier|Verifier]]
 
== Security Review ==
[[TraceMonkeySecurityReviewForm]]


* Port nanojit to PowerPC (lower priority).
** Skill set: solid understanding of architecture issues, C/C++, lots of gdb
** Effort: 4 weeks


* Update ARM/Linux JIT
Javascript is a trademark or registered trademark of Sun Microsystems, Inc. in
** Skill set: ARM assembly, C/C++, gdb
the U.S. and other countries.
** Effort: 2-4 weeks?

Latest revision as of 21:20, 27 April 2021

Ambox outdated.png THIS PAGE IS OBSOLETE
This article is in parts, or in its entirety, outdated. Hence, the information presented on this page may be incorrect, and should be treated with due caution. Visit SpiderMonkey.dev for more up to date information.

About TraceMonkey

TraceMonkey adds native‐code compilation to Mozilla’s JavaScript® engine (known as “SpiderMonkey”). It is based on a technique developed at UC Irvine called “trace trees”, and building on code and ideas shared with the Tamarin Tracing project. The net result is a massive speed increase both in the browser chrome and Web‐page content.

Playing with TraceMonkey

TraceMonkey is currently available and enabled by default in stable 32-bit Firefox 3.5+ and nightly builds. If you want to modify the types of JavaScript that are executed using TraceMonkey:

  • open a new tab;
  • type “about:config” and hit enter;
  • read the warning and heed its wisdom;
  • enter “jit” in the filter field;
  • change the value of “javascript.options.jit.content” to enable (true) and disable (false) TraceMonkey for JavaScript in Web content;
  • change the value of “javascript.options.jit.chrome” to enable (true) and disable (false) TraceMonkey for JavaScript in XUL/chrome.

If you experience instability, please file a bug and reference any crash report ID that might be relevant. As of 2009, of the stable builds only the 32-bit versions of Firefox have TraceMonkey available (use nightly builds for 64-bit support).

Hacking on TraceMonkey

The TM tree is located at http://hg.mozilla.org/tracemonkey.

We are currently still in rapid‐development mode. Our commit policy is as follows: if you are confident you know what you are doing, push now and prepare to answer questions later if you break the tree. If you have commit access to hg.mozilla.org, feel free to commit any patch you feel is sensible. Even white‐space clean‐up, additional comments or general code clean‐up/naming‐consistency changes are welcome.

Run trace-test.js and all benchmarks in t/* before you commit. Commits that break any of these tests are allowed if sensible, but please let everyone know why you break what and what has to happen to fix it.

The main channel to discuss TM is #jsapi on irc.mozilla.org.

TraceMonkey Tasks

Beta 1

    • fuzzer bugs fixed
    • slow script dialog
    • perf matches a2
    • test suites passing
    • gcov
    • content_jit
    • nanojit x86 (this works, but it must remain so)
    • OOM nanojit/tracer testing
    • disable tracer in the presence of debugger

Beta 2

    • tracing recursion
    • trace over DOM fast stubs (not into)
    • event handler tracing
    • ARM nanojit

Future Features

    • SSE opts
    • PPC nanojit
    • built‐in reg usage
    • Nanojit Verifier

Security Review

TraceMonkeySecurityReviewForm


Javascript is a trademark or registered trademark of Sun Microsystems, Inc. in the U.S. and other countries.

Retrieved from "https://wiki.allizom.org/index.php?title=JavaScript:TraceMonkey&oldid=1235282"