JS Team Update
While it has been quiet on our blogs, the JavaScript team is actually working on all kinds of cool stuff. Of course I won’t be able to cover remotely everything.
For Generational Garbage Collecting we need to exactly root the JS Engine, that means you are able to find roots (pointers) to objects on the C-Stack. Because for a moving GC these pointers need to be updated. We have had a dynamic analysis that finds rooting issues for some time now, which used to cause thousands of failures when running our test suite. In the last few weeks we minimized this numbers to almost zero. (Bug 745742) The next big chunk of work is exactly rooting the browser. We also now have a static analysis that finds rooting issues based on program working with the sixgill GCC frontend. (Bug 831409) Terrence also very recently prototyped a bump allocation nursery. (Bug 706885)
The new baseline JIT, which features a much simpler design compared to JägerMonkey and is eventually going to replace it, now has a lot of required features. What is left is work like implementing debugging support or jumping between IonMonkey and the baseline JIT. (Bug 805877) Of course there are still more operations and use cases that can and have to be optimized.
One performance fault in SpiderMonkey for a long time was the hefty deoptimization when using indexed properties like obj[15] on regular objects compared to array objects. We are happy to report that this finally been fixed with Bug 827490! Brian is also working on an somewhat related issue when you filling in the elements of an array backwards. (Bug 835102)
IonMonkey naturally also received improvements, one particular achievement is the 30% increase in performance on the octane benchmark over the last two months. As well as fixes for various other benchmarks. Take a look at arewefastyet?
Ecmascript 6 (Harmony) features have been landing as well, like the new direct proxies and WeakMap/Set/Map functions. (Tracking Bug) There is however still work going on, for example on “Harmony modules”.
We are now storing the unaltered source of (nearly) every function, which means Function#toString results in the original code. This allows use to remove the complex and error-prone decompiler. Because we still want to produce good error messages we replaced it with an expression only decompiler.
An other exciting change is that we now have certain built-in functions self hosted in JavaScript itself. So you can actually look at the implementation of Array#forEach! This brings performance improvements for some code, because we are now able to JIT compile and inline more code.
We are removing E4X right now. *PARTY*
It really has been a long time, so I missed or glossed over a lot of changes. I am sorry!
