Thursday, August 23, 2012

The system works

Over the last few months a number of us at Mozilla having been working on a profiler built into Firefox. One of the goals of this profiler is to make it as easy as possible to profile anywhere. Yesterday we had a satisfying realization of this goal.

It all started with Taras' Snappy #36 update. In a comment, a user going by kamulos reported a recent problem about laggy tab switches. kamulos posted the profile and Benoit Girard filed bug 784756. The profile showed us spending a bunch of time in TimeStamp::Now() during image decode. I wasn't particularly surprised by this because our TimeStamp::Now() implementation on Windows is not particularly fast. Ehsan and I went away and put some effort into improving the performance and have some good candidates in bug 784859. In the mean time, Robert Lickenbrock discovered that problem was recently introduced by bug 685516, which unintentionally caused a fixed time delay where we called TimeStamp::Now() in a loop. He has since posted a patch that fixes the problem.

Here we have two community members helping uncover a problem within a week of it landing, a problem that could have otherwise gone undetected for a long time. This is a great example of an open source community working beautifully.

Friday, July 13, 2012

What happens when you switch to a Gmail tab on OS X

What follows is a brief walk through of what happens when you switch to a Gmail tab. You can follow along in the profile.

The process starts with [GeckoNSApplication sendEvent:] for the mouse event. This travels on down to nsXBLEventHander::HandleEvent(). From there, we call into the JS, specifically onxblmousedown() in tabbox.xml(). This eventually calls into set__selected() and set_selectedPanel(). set_selectedIndex() calls onselect() in browser.xul which ends up taking about 14ms. During onselect() we spend 4ms decoding an image, 3 ms in callProgressListeners() and 3ms in GetBoundingClientRect(). The whole process of handling the click event takes about 15ms.

After that we spend 6ms handling some events. Among these are a RefreshDriver tick and a toolkit paint. Afterwards we wait for 12ms.

33 ms after the original click we start the painting process. First we do a [NSView viewWillDraw] which calls in PresShell::WillPaint() and takes 3ms. Finally we start the actual 85 ms paint in PresShell::Paint().

Here's the breakdown of what we doing during paint. Of the 85 ms, 81 ms is in LayerManagerOGL::Render(). 5ms of that is clearing the surface in BasicBufferOGL::BeginPaint(), 11 ms is texture upload which does a useless format conversion (bug 613046). In between these two is 58ms of DrawThebesLayer() of which 39 ms is BasicLayerManager::EndTransactionInternal doing composition. A lot of this seems to be vm badness caused by cairo/CoreGraphics and it's weird copy-on-write semantics. The rest of the time is 6ms in nsDisplayText::Paint, 5 ms in nsDisplayBackground::Paint, 4 ms in nsDisplayBorderBackground::Paint, and 3ms in nsDisplayBorder::Paint(). Unfortunately, of the 85 ms only 18ms of the time is painting display items and of the 18ms less than half of that is actual painting operations inside of CoreGraphics.

Shortly after PresShell::Paint() the new content is displayed on the screen and we run a couple more different events and a garbage collection.  And that's what happens during the 130ms switch to a Gmail tab.

Friday, June 22, 2012

Resizable windows in Ubuntu

By default, Ubuntu ships with window resizers that are very small and difficult to hit exactly with the mouse. This is made worse by the fact the resize cursor jumps to a different location. You can fix this by switching to the High Contrast theme. This adds a visible resizer to some windows. It does make the rest of the UI look terrible, but that's a price I'm willing to pay to be able to resize my terminals.

Tuesday, April 24, 2012

Azure canvas on OS X

Firefox 12 is the first release that we use the new CoreGraphics backend for canvas. This brings a host of performance improvements, that largely come from removing overhead and semantic mismatches between HTML canvas and CoreGraphics.

Here are some examples:
GUIMark2 vector test 6.29 fps to 6.63 fps
GUIMark2 Bitmap From 17.62 fps to 22.9 fps
Fish IE goes from a high quality but embarrassing 7fps with 10 fish to 48fps with 250 fish.

Tuesday, March 13, 2012


The graphics team has been spending most of its time working on "off-main thread compositing" (OMTC) on the maple project branch. By separating Gecko into two threads, a content thread and a composition thread, we hope to make interacting with Firefox on Android more pleasant, because we won't be waiting on content to pan around pages.

When you pan to an area that hasn't been drawn yet, we display a "checkerboard" indicating that the content will be shown soon. Obviously, we want to minimize the time we display checkerboard to the minimum possible.

Here is the current breakdown of where we spend our time while panning around on

14.7%waiting for texture upload to finish
8.2%building display lists
3.4%servicing timers

Wednesday, October 19, 2011

Moving patches between git and hg

Moving patches between git and hg is currently not very easy. I found script that converts in one direction and I added script that goes in the other direction. The scripts are available here: Hopefully, this will make it a bit easier.

Thursday, June 16, 2011

WebGL considered harmful?

Today Microsoft posted an article titled "WebGL considered harmful". It seems like a lot of their arguments against WebGL also apply to Silverlight 5's XNA 3D graphics support. It, like WebGL, allows authors to write shaders using HLSL. I wonder, if you reframe their article by replacing WebGL with Silverlight 5, is anything untrue? If so, how does Microsoft solve these problems?

Silverlight XNA 3D considered harmful

Microsoft's Silverlight 5 XNA 3D technology is a low-level 3D graphics API for the web.

One of the functions of MSRC Engineering is to analyze various technologies in order to understand how they can potentially affect Microsoft products and customers. As part of this charter, we recently took a look at XNA 3D. Our analysis has led us to conclude that Microsoft products supporting XNA 3D would have difficulty passing Microsoft’s Security Development Lifecycle requirements. Some key concerns include:
  • Browser support for Silverlight 5 directly exposes hardware functionality to the web in a way that we consider to be overly permissive
    The security of Silverlight 5 as a whole depends on lower levels of the system, including OEM drivers, upholding security guarantees they never really need to worry about before. Attacks that may have previously resulted only in local elevation of privilege may now result in remote compromise. While it may be possible to mitigate these risks to some extent, the large attack surface exposed by Silverlight 5 remains a concern. We expect to see bugs that exist only on certain platforms or with certain video cards, potentially facilitating targeted attacks.

  • Browser support for Silverlight 5 security servicing responsibility relies too heavily on third parties to secure the web experience
    As Silverlight 5 vulnerabilities are uncovered, they will not always manifest in the Silverlight 5 API itself. The problems may exist in the various OEM and system components delivered by IHV’s. While it has been suggested that Silverlight 5 implementations may block the use of affected hardware configurations, this strategy does not seem to have been successfully put into use to address existing vulnerabilities.
It is our belief that as configurations are blocked, increasing levels of customer disruption may occur. Without an efficient security servicing model for video card drivers (eg: Windows Update), users may either choose to override the protection in order to use Silverlight 5 on their hardware, or remain insecure if a vulnerable configuration is not properly disabled. Users are not accustomed to ensuring they are up-to-date on the latest graphics card drivers, as would be required for them to have a secure web experience. In some cases where OEM graphics products are included with PCs, retail drivers are blocked from installing. OEMs often only update their drivers once per year, a reality that is just not compatible with the needs of a security update process.

  • Problematic system DoS scenarios
    Modern operating systems and graphics infrastructure were never designed to fully defend against attacker-supplied shaders and geometry. Although mitigations such as Direct3D 10 may help, they have not proven themselves capable of comprehensively addressing the DoS threat. While traditionally client-side DoS is not a high severity threat, if this problem is not addressed holistically it will be possible for any web site to freeze or reboot systems at will. This is an issue for some important usage scenarios such as in critical infrastructure.

We believe that Silverlight 5 will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, XNA 3D in Silverlight 5 is not a technology Microsoft can endorse from a security perspective.

We recognize the need to provide solutions in this space however it is our goal that all such solutions are secure by design, secure by default, and secure in deployment.

The problems Microsoft is worried about are real, and they don't have any easy solutions. At the same, I don't think we need to wait for perfect answers before trying. With Silverlight 5's 3D support, it looks like Microsoft feels the same way.