Issue metadata
Sign in to add a comment
|
Chrome 66 Stable has lower performance for WebAssembly applications on both Windows and Mac
Reported by
sarves...@gmail.com,
May 23 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Steps to reproduce the problem: 1. Open the webassembly sample application https://skypebot.farm2.zynga.com/ (It akes around 20 seconds to load, its a sample cubes application) 2. Check all the boxes below (Make sure 15*15*15 cubes is selected) 3. Note the FPS at the top 4. There is wide difference between observed FPS in Chrome 66 vs Chrome 65 Chrome 66 (Mac) - 15 FPS Chrome 65 (Mac) - 24 FPS Chrome 66 (Windows) - 18 FPS Chrome 65 (Windows) - 24 FPS What is the expected behavior? Chrome should have reported similar or better performance with higher versions What went wrong? The FPS and performance degraded Did this work before? N/A Chrome version: 66.0.3359.181 Channel: stable OS Version: OS X 10.11.6 Flash Version:
,
May 23 2018
Looks like there was a v8 roll in that range. https://chromium.googlesource.com/v8/v8/+log/c951105b..00909549
,
May 23 2018
The range looks innocent as it is. The only thing that stands out is https://chromium.googlesource.com/v8/v8/+/2778b46081c6db1090fad409923ec34089bfb910
,
May 23 2018
This is a Spectre mitigation IIRC, so when we have site isolation I believe we can revert it. Do you agree, tebbi@?
,
May 23 2018
Yes, this is a Spectre mitigation and not necessary once we have site isolation. The CL can be effectively disabled with --no-turbo_disable_switch_jump_table. I tried running Chrome 66.0.3359.181 with and without --js-flags="--no-turbo_disable_switch_jump_table" but I couldn't see much of a difference on my Laptop. @sarvesh.n Could you check if --js-flags="--no-turbo_disable_switch_jump_table" makes a difference on your hardware?
,
May 24 2018
Here are the bisect results for windows C:\Python27>python bisect-builds.py -g 530369 -b 540276 -a win64 --use-local-cache Downloading list of known revisions... Loaded revisions 389148-558218 from C:\Python27\.bisect-builds-cache.json Downloading revision 535733... Received 126501098 of 126501098 bytes, 100.00% Bisecting range [530373 (good), 540270 (bad)], roughly 11 steps left. Trying revision 535733... Revision 535733 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 533021... Bisecting range [530373 (good), 535733 (bad)], roughly 10 steps left. Trying revision 533021... Revision 533021 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 534350... Bisecting range [533021 (good), 535733 (bad)], roughly 9 steps left. Trying revision 534350... Revision 534350 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 533986... Bisecting range [533021 (good), 534350 (bad)], roughly 8 steps left. Trying revision 533986... Revision 533986 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 533513... Bisecting range [533021 (good), 533986 (bad)], roughly 7 steps left. Trying revision 533513... Revision 533513 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 533689... Bisecting range [533513 (good), 533986 (bad)], roughly 6 steps left. Trying revision 533689... Revision 533689 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 533607... Bisecting range [533513 (good), 533689 (bad)], roughly 5 steps left. Trying revision 533607... Revision 533607 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 533643... Bisecting range [533607 (good), 533689 (bad)], roughly 4 steps left. Trying revision 533643... Revision 533643 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 533653... Bisecting range [533643 (good), 533689 (bad)], roughly 3 steps left. Trying revision 533653... Revision 533653 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 533646... Bisecting range [533643 (good), 533653 (bad)], roughly 2 steps left. Trying revision 533646... Revision 533646 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 533650... Bisecting range [533646 (good), 533653 (bad)], roughly 2 steps left. Trying revision 533650... Revision 533650 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b You are probably looking for a change made after 533646 (known good), but no later than 533650 (first known bad). CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/67c7f57d87619e98b1acf8f4e5f3367c2d567848..66e09f570b282c89372a7d406de82aebab6a36ca these are the bisect results for the Chrome 65 and 66 between 30369 and 540276
,
May 24 2018
I tried with /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --js-flags="--no-turbo_disable_switch_jump_table" and the issue still occurs
,
May 24 2018
I'm sorry, I was wrong: --js-flags="--no-turbo_disable_switch_jump_table" has no effect because the flag is implied by --untrusted-code-mitigations. The only way to toggle this flag properly is to compare --js-flags="--no-untrusted-code-mitigations --no-turbo_disable_switch_jump_table" with --js-flags="--no-untrusted-code-mitigations --turbo_disable_switch_jump_table" Still, I can't reproduce the issue on my machine.
,
May 24 2018
FYI, You need to check the boxes at the bottom of the screen to reproduce the issue
,
May 24 2018
I did.
,
May 24 2018
ok, with the above options chose I get a minor 1 FPS improvement, this still does not match the same as Chrome 65, Mac OS Chrome 66 (without above options) 19.6 FPS Chrome 66 (with above options) 20.6 FPS Chrome 65 (without any options) 24.6 FPS
,
May 24 2018
We are able to repro this on multiple Windows and Mac machines, please let me know if you need any additional data
,
May 24 2018
chrome://gpu gives me the below data, FYI ( we can provide other details/hw etc if you need) Graphics Feature Status Canvas: Software only, hardware acceleration unavailable CheckerImaging: Disabled Flash: Hardware accelerated Flash Stage3D: Hardware accelerated Flash Stage3D Baseline profile: Hardware accelerated Compositing: Hardware accelerated Multiple Raster Threads: Enabled Native GpuMemoryBuffers: Hardware accelerated Rasterization: Unavailable Surface Synchronization: Enabled Video Decode: Hardware accelerated WebGL: Hardware accelerated WebGL2: Hardware accelerated
,
May 28 2018
Any update on this issue, I am attaching a screenshot showing side by side performance of Chrome vs Firefox of the sample webassembly application. Chrome is around 10 FPS and Firefox is 20 FPS. The webassembly application can be viewed at https://skypebot.farm2.zynga.com/
,
May 29 2018
Thank you! I will investigate now.
,
May 29 2018
It is indeed my CL that causes the regression, mostly because we disable switch jump tables for stub compilation, where this is not even necessary for security. I will make a simple CL to revert to the old behavior for stub compilation. Do we want to back-port this?
,
May 29 2018
It would be great to get this in the next minor version, please let me know when you have it in Canary for trying out, thanks
,
May 29 2018
Actually, I'm mistaken and it was disabled for both stubs and Wasm. This means that we cannot fix the regression without removing the necessary Spectre mitigation. This will happen eventually, but not before we can fully trust on site isolation.
,
May 29 2018
But I will fix it such that at least the --no-untrusted-code-mitigations flag will remove the regression.
,
May 29 2018
Any idea when we can expect this fix in actual live version of Chrome?
,
Jun 4 2018
Is there an easy way for me to disable the spectre changes and confirm that the issue is due to those changes or something else? when I tried with --js-flags="--no-untrusted-code-mitigations --turbo_disable_switch_jump_table" I got a minor 1 FPS improvement, (so it really did not fix the issue) Does that mean the spectre changes are not the cause for the issue? We can bisect it along other dimensions such as the V8 roll/changes itself if you think those may be the cause of the issue Please let me know, thanks
,
Jun 4 2018
I don't think tebbi@ has yet landed his change mentioned in #19. When this has landed --no-untrusted-code-mitigations should do the trick. @titzer: Anything else we can do here for Wasm? It is interesting that FF is faster, are they deploying different mitigations in this space?
,
Jun 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/884bec9f702cdf798be6e909b5d400cd1fbbc27f commit 884bec9f702cdf798be6e909b5d400cd1fbbc27f Author: Tobias Tebbi <tebbi@chromium.org> Date: Tue Jun 05 14:18:00 2018 [turbofan] enable switch jump tables with --no-untrusted-code-mitigations, also for stubs and Wasm Bug: chromium:845851 Change-Id: I9b860dc26f8b35d629235b82fc5fffe04bf10493 Reviewed-on: https://chromium-review.googlesource.com/1076151 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#53525} [modify] https://crrev.com/884bec9f702cdf798be6e909b5d400cd1fbbc27f/src/optimized-compilation-info.cc [modify] https://crrev.com/884bec9f702cdf798be6e909b5d400cd1fbbc27f/src/optimized-compilation-info.h [modify] https://crrev.com/884bec9f702cdf798be6e909b5d400cd1fbbc27f/src/wasm/wasm-code-manager.cc
,
Jun 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/85bcc400f1b5f1e8fe9ac8ae06dc2d1688e376cc commit 85bcc400f1b5f1e8fe9ac8ae06dc2d1688e376cc Author: Jakob Gruber <jgruber@chromium.org> Date: Tue Jun 05 16:56:21 2018 Revert "[turbofan] enable switch jump tables with --no-untrusted-code-mitigations," This reverts commit 884bec9f702cdf798be6e909b5d400cd1fbbc27f. Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_TSAN%2F20938%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Fgraceful_shutdown%2F0 Original change's description: > [turbofan] enable switch jump tables with --no-untrusted-code-mitigations, > also for stubs and Wasm > > Bug: chromium:845851 > Change-Id: I9b860dc26f8b35d629235b82fc5fffe04bf10493 > Reviewed-on: https://chromium-review.googlesource.com/1076151 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53525} TBR=mstarzinger@chromium.org,jarin@chromium.org,tebbi@chromium.org,ben.titzer@gmail.com Change-Id: If24709e40bc6c442b88c8ba7b804775a9dfafc15 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:845851 Reviewed-on: https://chromium-review.googlesource.com/1087467 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#53529} [modify] https://crrev.com/85bcc400f1b5f1e8fe9ac8ae06dc2d1688e376cc/src/optimized-compilation-info.cc [modify] https://crrev.com/85bcc400f1b5f1e8fe9ac8ae06dc2d1688e376cc/src/optimized-compilation-info.h [modify] https://crrev.com/85bcc400f1b5f1e8fe9ac8ae06dc2d1688e376cc/src/wasm/wasm-code-manager.cc
,
Jun 7 2018
I tried in the following version of Canaary 69.0.3451.0 (Official Build) canary (64-bit) I assume the above would have the change to revert with the flag? /Applications/Google\ Chrome\ Canary.app/Contents/MacOS//Google\ Chrome\ Canary --js-flags="--no-untrusted-code-mitigations" With this I am still able to see the drop, can you confirm that the above canary version has the revert for the spectre mitigation with the flag, if yes , I think we may need to bisect more correctly?
,
Jun 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/656dce0c0e22079102b3f1b430dc0867195176e7 commit 656dce0c0e22079102b3f1b430dc0867195176e7 Author: Tobias Tebbi <tebbi@chromium.org> Date: Fri Jun 08 12:43:22 2018 Reland "[turbofan] enable switch jump tables with --no-untrusted-code-mitigations, also for stubs and Wasm" But for builtins, jump tables are disabled to be compatible with embedded builtins. This is a reland of 884bec9f702cdf798be6e909b5d400cd1fbbc27f Original change's description: > [turbofan] enable switch jump tables with --no-untrusted-code-mitigations, > also for stubs and Wasm > > Bug: chromium:845851 > Change-Id: I9b860dc26f8b35d629235b82fc5fffe04bf10493 > Reviewed-on: https://chromium-review.googlesource.com/1076151 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53525} Bug: chromium:845851 Change-Id: I66c300f875a46a3f2a68730fda94b8196f38aa97 Reviewed-on: https://chromium-review.googlesource.com/1087468 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#53612} [modify] https://crrev.com/656dce0c0e22079102b3f1b430dc0867195176e7/src/flag-definitions.h [modify] https://crrev.com/656dce0c0e22079102b3f1b430dc0867195176e7/src/optimized-compilation-info.cc [modify] https://crrev.com/656dce0c0e22079102b3f1b430dc0867195176e7/src/optimized-compilation-info.h [modify] https://crrev.com/656dce0c0e22079102b3f1b430dc0867195176e7/src/wasm/wasm-code-manager.cc
,
Jun 8 2018
@Tebbi can you confirm as per #26 which Canary version the revert is avialable?
,
Jun 8 2018
It has not landed in any canary yet. The origninal CL was reverted before being rolled, and the reland just landed. It should end up in the next canary though. I'm working on a binary search switch implementation, which should restore the performance even without --no-untrusted-code-mitigations. This should land soon too.
,
Jun 8 2018
,
Jun 8 2018
Thanks Tebbi, our recent tests also show that webassembly is slower than asm js(Javascript) for another application with Chrome 66 WebAssembly ---- Chrome 65 vs Chrome 66 (31.8 vs 22.7) asm js ----- Chrome 65 vs Chrome 66 (26.3 vs 24.3)
,
Jun 14 2018
@Tebbi , FYI, In the new Chrome Canary after passing the flag the performance issue is resolved, i.e the performance is back to Chrome 65 levels for WebAssembly /Applications/Google\ Chrome\ Canary.app/Contents/MacOS//Google\ Chrome\ Canary --js-flags="--no-untrusted-code-mitigations"
,
Jun 14 2018
^^^This is for Chrome Canary 69.0.3457.2 (Official Build) canary (64-bit)
,
Jun 26 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/30c1e627bceff8cdbb5af12ef9198b5a192ac804 commit 30c1e627bceff8cdbb5af12ef9198b5a192ac804 Author: Tobias Tebbi <tebbi@chromium.org> Date: Tue Jun 26 14:18:36 2018 Merged: Reland "[turbofan] enable switch jump tables with --no-untrusted-code-mitigations, also ... Backmerge of https://chromium-review.googlesource.com/c/v8/v8/+/1087468 Almost applied cleanly, except for the function in src/wasm/wasm-code-manager.cc, which doesn't exist here yet. Revision: 656dce0c0e22079102b3f1b430dc0867195176e7 BUG= chromium:845851 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=titzer@chromium.org Change-Id: I4e4afc5618764fa26ea7719e063453a8d8150e4d Reviewed-on: https://chromium-review.googlesource.com/1114962 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/branch-heads/6.8@{#33} Cr-Branched-From: 44d7d7d6b1041b57644400a00cb3fee35f6c51b2-refs/heads/6.8.275@{#1} Cr-Branched-From: 5754f66f75136dc17b4c63fec84f31dfdb89186e-refs/heads/master@{#53286} [modify] https://crrev.com/30c1e627bceff8cdbb5af12ef9198b5a192ac804/src/flag-definitions.h [modify] https://crrev.com/30c1e627bceff8cdbb5af12ef9198b5a192ac804/src/optimized-compilation-info.cc [modify] https://crrev.com/30c1e627bceff8cdbb5af12ef9198b5a192ac804/src/optimized-compilation-info.h
,
Jul 6
The fix has improved the FPS but not brought it back to Chrome 65 levels, would there be some more fixes to improve it even further? Data below (Choose 25 * 25 * 25 cubes (and all boxes checked) Chrome 65 ---> 9 FPS Chrome 67.0.3396.99 ---> 4.2 FPS Chrome Canary 69.0.3482.0 ----> 7.4 FPS Testing with our game we have For Windows 10 Chrome 65 - 34 FPS Chrome Live - 23 FPS Chrome Canary - 27 FPS |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by sarves...@gmail.com
, May 23 2018