Bug 984101 - Undo some of our more aggressive new poisoning to get back performance. r=jonco
☠☠ backed out by 5596f1e9c904 ☠ ☠
authorTerrence Cole <terrence@mozilla.com>
Wed, 09 Apr 2014 08:11:06 -0700
changeset 177931 89a91619a2ae6c59457e580a056e75b6490eb0c0
parent 177930 5a50c50651731c4d8d195e5a4695cd590106a546
child 177932 3bdbe71f21b2bac51276064354edfcc5d8283e0a
push id26569
push userryanvm@gmail.com
push dateFri, 11 Apr 2014 04:11:36 +0000
treeherdermozilla-central@783c5013dbec [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs984101
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 984101 - Undo some of our more aggressive new poisoning to get back performance. r=jonco
js/src/gc/Heap.h
js/src/gc/Nursery.cpp
js/src/jsgc.cpp
js/src/jsutil.h
--- a/js/src/gc/Heap.h
+++ b/js/src/gc/Heap.h
@@ -283,48 +283,50 @@ struct FreeSpan
              * Move to the next span. We use MOZ_LIKELY as without PGO
              * compilers mis-predict == here as unlikely to succeed.
              */
             *this = *reinterpret_cast<FreeSpan *>(thing);
         } else {
             return nullptr;
         }
         checkSpan();
-        JS_POISON(reinterpret_cast<void *>(thing), JS_ALLOCATED_TENURED_PATTERN, thingSize);
+        JS_EXTRA_POISON(reinterpret_cast<void *>(thing), JS_ALLOCATED_TENURED_PATTERN, thingSize);
         return reinterpret_cast<void *>(thing);
     }
 
     /* A version of allocate when we know that the span is not empty. */
     MOZ_ALWAYS_INLINE void *infallibleAllocate(size_t thingSize) {
         JS_ASSERT(thingSize % CellSize == 0);
         checkSpan();
         uintptr_t thing = first;
         if (thing < last) {
             first = thing + thingSize;
         } else {
             JS_ASSERT(thing == last);
             *this = *reinterpret_cast<FreeSpan *>(thing);
         }
         checkSpan();
+        JS_EXTRA_POISON(reinterpret_cast<void *>(thing), JS_ALLOCATED_TENURED_PATTERN, thingSize);
         return reinterpret_cast<void *>(thing);
     }
 
     /*
      * Allocate from a newly allocated arena. We do not move the free list
      * from the arena. Rather we set the arena up as fully used during the
      * initialization so to allocate we simply return the first thing in the
      * arena and set the free list to point to the second.
      */
     MOZ_ALWAYS_INLINE void *allocateFromNewArena(uintptr_t arenaAddr, size_t firstThingOffset,
                                                 size_t thingSize) {
         JS_ASSERT(!(arenaAddr & ArenaMask));
         uintptr_t thing = arenaAddr | firstThingOffset;
         first = thing + thingSize;
         last = arenaAddr | ArenaMask;
         checkSpan();
+        JS_EXTRA_POISON(reinterpret_cast<void *>(thing), JS_ALLOCATED_TENURED_PATTERN, thingSize);
         return reinterpret_cast<void *>(thing);
     }
 
     void checkSpan() const {
 #ifdef DEBUG
         /* We do not allow spans at the end of the address space. */
         JS_ASSERT(last != uintptr_t(-1));
         JS_ASSERT(first);
--- a/js/src/gc/Nursery.cpp
+++ b/js/src/gc/Nursery.cpp
@@ -163,17 +163,17 @@ js::Nursery::allocate(size_t size)
         if (currentChunk_ + 1 == numActiveChunks_)
             return nullptr;
         setCurrentChunk(currentChunk_ + 1);
     }
 
     void *thing = (void *)position();
     position_ = position() + size;
 
-    JS_POISON(thing, JS_ALLOCATED_NURSERY_PATTERN, size);
+    JS_EXTRA_POISON(thing, JS_ALLOCATED_NURSERY_PATTERN, size);
     return thing;
 }
 
 /* Internally, this function is used to allocate elements as well as slots. */
 HeapSlot *
 js::Nursery::allocateSlots(JSContext *cx, JSObject *obj, uint32_t nslots)
 {
     JS_ASSERT(obj);
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@@ -486,17 +486,18 @@ Arena::finalize(FreeOp *fop, AllocKind t
             }
         }
     }
 
     if (allClear) {
         JS_ASSERT(newListTail == &newListHead);
         JS_ASSERT(!newFreeSpanStart ||
                   newFreeSpanStart == thingsStart(thingKind));
-        JS_POISON(data, JS_SWEPT_TENURED_PATTERN, sizeof(data));
+        JS_POISON(&aheader, JS_SWEPT_TENURED_PATTERN, sizeof(ArenaHeader));
+        JS_EXTRA_POISON(data, JS_SWEPT_TENURED_PATTERN, sizeof(data));
         return true;
     }
 
     newListTail->first = newFreeSpanStart ? newFreeSpanStart : nextFree.first;
     JS_ASSERT(Arena::isAligned(newListTail->first, thingSize));
     newListTail->last = lastByte;
 
 #ifdef DEBUG
--- a/js/src/jsutil.h
+++ b/js/src/jsutil.h
@@ -279,16 +279,19 @@ ClearAllBitArrayElements(size_t *array, 
 # define JS_CRASH_DIAGNOSTICS 1
 #endif
 #if defined(JS_CRASH_DIAGNOSTICS) || defined(JS_GC_ZEAL)
 # define JS_POISON(p, val, size) memset((p), (val), (size))
 #else
 # define JS_POISON(p, val, size) ((void) 0)
 #endif
 
+/* Bug 984101: Disable labeled poisoning until we have poison checking. */
+#define JS_EXTRA_POISON(p, val, size) ((void) 0)
+
 /* Basic stats */
 #ifdef DEBUG
 # define JS_BASIC_STATS 1
 #endif
 #ifdef JS_BASIC_STATS
 # include <stdio.h>
 typedef struct JSBasicStats {
     uint32_t    num;