Bug 97974

Created attachment 166376 [details]
Patch

Comment on attachment 166376 [details]
Patch

u so purple

Comment on attachment 166376 [details]
Patch

Yeah, I need to merge to HEAD.

Created attachment 166378 [details]
Patch

Comment on attachment 166378 [details]
Patch

Looks like I made everything crash.  :)

Created attachment 166386 [details]
Work in progress---does not compile

Created attachment 166528 [details]
Patch

Comment on attachment 166528 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=166528&action=review

> Source/WebCore/bindings/v8/IntrusiveDOMWrapperMap.h:95
> +        // OOPS! Figure out what to do here.
> +        // MemoryClassInfo info(memoryObjectInfo, this, WebCoreMemoryTypes::Binding);
> +        // info.addMember(m_table);

Other than this OOPS it looks fine. :)

Created attachment 166566 [details]
Patch

Now with less "oops"

Comment on attachment 166566 [details]
Patch

OK. Great improvement.

Comment on attachment 166566 [details]
Patch

Clearing flags on attachment: 166566

Committed r130103: <http://trac.webkit.org/changeset/130103>

All reviewed patches have been landed.  Closing bug.

This change is clearly visible on the perf charts:

http://webkit-perf.appspot.com/graph.html#tests=[[40020,2001,2389050],[40020,2001,3001],[40020,2001,173262]]&sel=1349029297326.7722,1349155069478.671,1573.6040609137056,2309.6446700507613&displayrange=7&datatype=running

Awesome!

This is hitting an assert on the chromium debug bots.

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=plugins%2Freentrant-update-widget-positions.html%20svg%2Fas-image%2Fimg-preserveAspectRatio-support-1.html%20userscripts%2Fuser-script-top-frame-only.html%20svg%2FW3C-I18N%2Ftspan-dirLTR-ubOverride-in-rtl-context.svg%20http%2Ftests%2Fsecurity%2FisolatedWorld%2Fall-window-prototypes.html%20http%2Ftests%2Fsecurity%2FisolatedWorld%2Fevents.html%20http%2Ftests%2Fsecurity%2FisolatedWorld%2FuserGestureEvents.html%20http%2Ftests%2Fsecurity%2FjavascriptURL%2FjavascriptURL-execution-context-frame-src-htmldom.html%20http%2Ftests%2Fsecurity%2FisolatedWorld%2Fcontext-destroy.html%20http%2Ftests%2Fsecurity%2FisolatedWorld%2Fdocument-prototype.html%20http%2Ftests%2Fsecurity%2FisolatedWorld%2Fnumber-prototype.html%20http%2Ftests%2Fsecurity%2FisolatedWorld%2Fworld-reuse.html%20inspector%2Fextensions%2Fextensions-audits.html%20storage%2Fwebsql%2Ftransaction-error-callback-isolated-world.html%20

STDERR: ASSERTION FAILED: wrapper == value
STDERR: third_party/WebKit/Source/WebCore/bindings/v8/IntrusiveDOMWrapperMap.h(80) : virtual bool WebCore::IntrusiveDOMWrapperMap::removeIfPresent(WebCore::Node*, v8::Persistent<v8::Object>)
STDERR: 	WebCore::IntrusiveDOMWrapperMap::removeIfPresent() [0x7f26c88926cc]
STDERR: 	WebCore::DOMDataStore::weakNodeCallback() [0x7f26c884f729]
STDERR: 	v8::internal::GlobalHandles::Node::PostGarbageCollectionProcessing() [0x7f26c582a8aa]
STDERR: 	v8::internal::GlobalHandles::PostGarbageCollectionProcessing() [0x7f26c5829384]
STDERR: 	v8::internal::Heap::PerformGarbageCollection() [0x7f26c583b27c]
STDERR: 	v8::internal::Heap::CollectGarbage() [0x7f26c583a596]
STDERR: 	v8::internal::Heap::CollectGarbage() [0x7f26c57a6f2b]
STDERR: 	v8::internal::AbortIncrementalMarkingAndCollectGarbage() [0x7f26c583a7d3]
STDERR: 	v8::internal::Heap::ReserveSpace() [0x7f26c583a8f3]
STDERR: 	v8::internal::Deserializer::DeserializePartial() [0x7f26c5a4fb2e]
STDERR: 	v8::internal::Snapshot::NewContextFromSnapshot() [0x7f26c5a57344]
STDERR: 	v8::internal::Genesis::Genesis() [0x7f26c578b726]
STDERR: 	v8::internal::Bootstrapper::CreateEnvironment() [0x7f26c5780896]
STDERR: 	v8::Context::New() [0x7f26c575429c]
STDERR: 	WebCore::V8DOMWindowShell::createContext() [0x7f26c889988a]
STDERR: 	WebCore::V8DOMWindowShell::initializeIfNeeded() [0x7f26c889916c]
STDERR: 	WebCore::ScriptController::evaluateInIsolatedWorld() [0x7f26c886d341]
STDERR: 	WebKit::WebFrameImpl::executeScriptInIsolatedWorld() [0x7f26c77f29d7]
STDERR: 	DRTTestRunner::evaluateScriptInIsolatedWorld() [0x4994e6]
STDERR: 	CppBoundClass::MemberCallback<>::run() [0x4a71e8]
STDERR: 	CppBoundClass::invoke() [0x4e646c]
STDERR: 	CppNPObject::invoke() [0x4e5b4b]
STDERR: 	WebCore::npObjectInvokeImpl() [0x7f26c88a5d2b]
STDERR: 	WebCore::npObjectMethodHandler() [0x7f26c88a5ed2]
STDERR: 	v8::internal::HandleApiCallHelper<>() [0x7f26c579bf26]
STDERR: 	v8::internal::Builtin_Impl_HandleApiCall() [0x7f26c5796b85]
STDERR: 	v8::internal::Builtin_HandleApiCall() [0x7f26c5796b56]

/me will fix.

Fixed in http://trac.webkit.org/changeset/130125

Committed r130189: <http://trac.webkit.org/changeset/130189>

This caused regressions on the Dromaeo tests and was rolled out in http://trac.webkit.org/changeset/130189.


http://build.chromium.org/f/chromium/perf/chromium-rel-win7-webkit/dom_perf/report.html?history=150&rev=-1&graph=Get%20Elements
http://build.chromium.org/f/chromium/perf/chromium-rel-win7-webkit/dromaeo_domcoreattr/report.html?history=150&rev=-1&graph=dom_attr_element_expando___value
http://build.chromium.org/f/chromium/perf/chromium-rel-win7-webkit/dromaeo_jslibtraversejquery/report.html?history=150&rev=-1&graph=jslib_traverse_jquery_jQuery___parents_x10
http://trac.webkit.org/log/?verbose=on&rev=130105&stop_rev=130077

http://build.chromium.org/f/chromium/perf/linux-release-webkit-latest/dromaeo_domcoremodify/report.html?history=150&rev=-1&graph=dom_modify
http://build.chromium.org/f/chromium/perf/linux-release-webkit-latest/dromaeo_domcoremodify/report.html?history=150&rev=-1&graph=dom_modify_createTextNode
http://build.chromium.org/f/chromium/perf/linux-release-webkit-latest/dromaeo_domcoremodify/report.html?history=150&rev=-1&graph=dom_modify_createElement
http://trac.webkit.org/log/?verbose=on&rev=130105&stop_rev=130100

http://build.chromium.org/f/chromium/perf/mac-release-10.6-webkit-latest/dromaeo_domcoremodify/report.html?history=150&rev=-1&graph=dom
http://build.chromium.org/f/chromium/perf/mac-release-10.6-webkit-latest/dom_perf/report.html?history=150&rev=-1&graph=Template
http://build.chromium.org/f/chromium/perf/mac-release-10.6-webkit-latest/dom_perf/report.html?history=150&rev=-1&graph=Get%20Elements
http://build.chromium.org/f/chromium/perf/mac-release-10.6-webkit-latest/dom_perf/report.html?history=150&rev=-1&graph=CreateNodes
http://build.chromium.org/f/chromium/perf/mac-release-10.6-webkit-latest/dom_perf/report.html?history=150&rev=-1&graph=CloneNodes
http://trac.webkit.org/log/?verbose=on&rev=130105&stop_rev=130091

Ignore the dom_attr regression. That was the v8 roll.

Created attachment 167375 [details]
work-in-progress

Created attachment 169991 [details]
Patch

Created attachment 169992 [details]
perf test results (first five are with patch; last five are without)

Summary of perf results (average of five runs):

gc-forest: 3.60% worse
gc-mini-tree: 2.81% worse
gc-tree: 8.05% worse
dom-attr: 1.00% better
dom-modify: 2.48% better
dom-query: 1.40% worse
dom-traverse: 2.82% better

Note: These numbers include both the patch in this bug and the patch in bug 100033, which is also needed.

Essentially, we're gaining DOM performance at the cost of some GC performance.  This already seems like a good trade-off, but it will be a no-brainer trade-off after bug 98725 lands because most of the GC load will be shifted to the minor GC phase, which isn't slowed down at all.

Also, there is a memory savings because we don't need to maintain an extra pointer's worth of data for every wrapped node anymore.

Created attachment 170000 [details]
Patch

Have we verified already that this is "no brainer after 98725"?

> Have we verified already that this is "no brainer after 98725"?

I haven't.  I haven't made a build with all the dependent patches for bug 98725, but the point of that bug is to shrink the time spent in major GC by a factor of 10, which makes this slowdown even less relevant.

(In reply to comment #27)
> > Have we verified already that this is "no brainer after 98725"?
> 
> I haven't.  I haven't made a build with all the dependent patches for bug 98725, but the point of that bug is to shrink the time spent in major GC by a factor of 10, which makes this slowdown even less relevant.

I see.  It would be good to make sure we know to check back after the dust settles to make sure we end up faster in the ways we care about, that's all.

Comment on attachment 170000 [details]
Patch

OK.  LGTM.  Same disclaimer as always for v8 patches:  You may still want to talk to kentaro. :)

<abarth> eseidel: DOM operations occur massively more often than garbage collection.  speeding up DOM operations is a much greater benefit than the cost of slowing down major gc by a couple percent
<eseidel> abarth: I agree. a lso be good to put that on the bug :)

Great patch!

Would you wait to land the patch for a couple of days? I'm now looking into a crash bug (http://code.google.com/p/chromium/issues/detail?id=155942), and I'm suspecting that the patches around bug 98567 (which this patch depends on) might be the culprit.

(In reply to comment #31)
> Great patch!
> 
> Would you wait to land the patch for a couple of days? I'm now looking into a crash bug (http://code.google.com/p/chromium/issues/detail?id=155942), and I'm suspecting that the patches around bug 98567 (which this patch depends on) might be the culprit.

hmm, it looks like bug 98567 is not the culprit. (As I commented in Chromium issue 155942, the bug does not happen in WebKit ToT.) Sorry for the noise.

Comment on attachment 170000 [details]
Patch

Clearing flags on attachment: 170000

Committed r132245: <http://trac.webkit.org/changeset/132245>

All reviewed patches have been landed.  Closing bug.