SpiderMonkey Newsletter (Firefox 116-117)

SpiderMonkey is the JavaScript engine used in Mozilla Firefox. This newsletter gives an overview of the JavaScript and WebAssembly work we’ve done as part of the Firefox 116 and 117 Nightly release cycles.

🚀 Performance

We’re working on improving performance for popular web frameworks such as React. We continue to make good progress, as you can see on the Speedometer 2 graph in this Mastodon post.

• We added a fast path for JSON.stringify.
• We’ve added a fast path for allocating from the nursery in C++ code.
• We added an optimization for Object.keys to take advantage of cached for-in iterators if available.
• We’ve extended the compilation hints mechanism to also cover Warp compilations. This means we spend less time in Baseline JIT code.
• We added a trampoline to optimize polymorphic calls.
• We’ve disabled Spectre mitigations in Fission content processes (Nightly-only for now).
• We also disabled the use of mprotect for JIT code because this added significant performance overhead even though bypasses have been commoditized and this didn’t significantly impact attackers.
• We fixed a performance cliff with Warp-compiled generators.
• We changed some GC pointers in IC stubs to be weak pointers to reclaim more memory and to discard dead stubs.
• A contributor rewrote some of our date computations to be much faster by reducing the number of branches and floating point operations.

👷🏽‍♀️ New features

We shipped some new JS features! 🎉

• We implemented the RegExp unicode sets proposal (Firefox 116).
• We enabled Intl.NumberFormat version 3 by default (Firefox 117).

We also implemented features that are still disabled by default:

• We’ve implemented the Temporal proposal.
• We’ve implemented the ArrayBuffer transfer proposal.
• We updated our Iterator Helpers implementation to match the latest proposal.
• We also added support for the Wasm multi-memory proposal.

We want to give a big shout-out 📣 to André Bargull (anba) who volunteered to implement many of these features. Especially Temporal is a very large feature: André landed more than a hundred patches for it!

⚡ Wasm GC

High-level programming languages currently need to bring their own GC if they want to run on WebAssembly. This can result in memory leaks because it cannot collect cycles that form with the browser. The Wasm GC proposal adds struct and array types to Wasm so these languages can use the browser’s GC instead.

• We added support for ‘final’ types.
• We optimized allocation of struct and array objects more.
• We also implemented casting for the remaining Wasm types.

📚 Miscellaneous

• The final changes landed to remove the last uses of the JSContext type for helper threads. This is a large architectural improvement that unblocks exciting future improvements.
• We tracked down and worked around a likely Samsung CPU bug.
• We removed some code for older Windows versions because Firefox 116 will only support Windows 10+.