JSThreadsAndGC: Difference between revisions
(Created page with 'Motivation * more robust thread safety API * reduce GC pauses * minor performance win from eliminating object locking Plans * Pursue opportunities to make GC faster without API …') |
No edit summary |
||
| Line 19: | Line 19: | ||
* jorendorff: design whatever new JSAPI we need to support "regions" | * jorendorff: design whatever new JSAPI we need to support "regions" | ||
* jorendorff: add assertions that test our assumption that objects aren't shared. | * jorendorff: add assertions that test our assumption that objects aren't shared. | ||
* jorendorff: ask bz about same-origin "regions" already implemented somewhere in Gecko | * jorendorff: ask bz about same-origin "regions" already implemented somewhere in Gecko ("window target algorithm") | ||
* jorendorff: ask gwagner for his GC benchmarks so we have a baseline | * jorendorff: ask gwagner for his GC benchmarks so we have a baseline | ||
* ???: review existing code that shares objects across threads | |||
What is sharing objects across threads now? | |||
* DocShell scripting cross-thread | |||
* multithreaded xpcom | |||
* URLClassifier | |||
* Personal Security Manager | |||
(Proxy autoconfig is main-thread only.) | |||
==References== | ==References== | ||
[http://www.adambarth.com/ Preventing Capability Leaks in Secure JavaScript Subsets]. Matthew Finifter, Joel Weinberger, and Adam Barth. To appear: Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010). | [http://www.adambarth.com/ Preventing Capability Leaks in Secure JavaScript Subsets]. Matthew Finifter, Joel Weinberger, and Adam Barth. To appear: Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010). | ||
Revision as of 16:49, 1 March 2010
Motivation
- more robust thread safety API
- reduce GC pauses
- minor performance win from eliminating object locking
Plans
- Pursue opportunities to make GC faster without API changes. For example, string and object destruction (not finalizers) could be moved to the background thread.
- Use membranes to separate threads and GC heaps, as well as for security. This means making the membranes more robust, eliminating all leaks.
- Implement per-region garbage collection.
- Eventually: implement "worker modules" so addons have a non-broken way to use threads.
We have no immediate plans to implement cross-thread proxying. We might not need it. The debugger needs to be able to touch objects across all threads, but proxying objects transparently across threads may not be the right answer there either. (jimb's first impression was that it is not.) I don't think enough is known about the new debugger's eventual design. By mid-March 2010 we'll know more.
There are 122 files using nsIThread in addons.mozilla.org. Locking wrappers are a possible solution for these guys, but it's likely they would still need source changes, in which case we should just encourage their authors to migrate to postMessage.
Tasks
- Igor: optimize GC and move finalization to background
- jorendorff: shell workers. tests for what we think the new contract should be.
- jorendorff: design whatever new JSAPI we need to support "regions"
- jorendorff: add assertions that test our assumption that objects aren't shared.
- jorendorff: ask bz about same-origin "regions" already implemented somewhere in Gecko ("window target algorithm")
- jorendorff: ask gwagner for his GC benchmarks so we have a baseline
- ???: review existing code that shares objects across threads
What is sharing objects across threads now?
- DocShell scripting cross-thread
- multithreaded xpcom
- URLClassifier
- Personal Security Manager
(Proxy autoconfig is main-thread only.)
References
Preventing Capability Leaks in Secure JavaScript Subsets. Matthew Finifter, Joel Weinberger, and Adam Barth. To appear: Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010).