Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Source to Binary - journey of V8 javascript engine

Taketoshi Aono(青野健利 a.k.a brn)
November 25, 2017
Programming
13
13k

Source to Binary - journey of V8 javascript engine

V8 javascript engineについて
パーサー、AST、Ignition/TurboFan、最適化周り等

Taketoshi Aono(青野健利 a.k.a brn)

November 25, 2017
Tweet

More Decks by Taketoshi Aono(青野健利 a.k.a brn)

See All by Taketoshi Aono(青野健利 a.k.a brn)
document.write再考
brn
6
2.9k
Parsing Javascript
brn
12
9k
JSON & Object Tips
brn
1
410
CA 1Day Youth Bootcamp for Frontend LT
brn
0
820
Modern TypeScript
brn
2
750
javascript - behind the scene
brn
3
690
tc39 proposals
brn
0
790
プロダクト開発とTypeScript
brn
8
2.8k
React-Springでリッチなアニメーション
brn
1
620

Other Decks in Programming

See All in Programming
わたしの星のままで一番星になる ~ 出産を機にSIerからEC事業会社に転職した話 ~
kimura_m_29
0
180
The Efficiency Paradox and How to Save Yourself and the World
hollycummins
1
440
As an Engineers, let's build the CRM system via LINE Official Account 2.0
clonn
1
670
Keeping it Ruby: Why Your Product Needs a Ruby SDK - RubyWorld 2024
envek
0
180
LLM Supervised Fine-tuningの理論と実践
datanalyticslabo
3
890
採用事例の少ないSvelteを選んだ理由と それを正解にするためにやっていること
oekazuma
2
1k
return文におけるstd::moveについて
onihusube
1
610
KMP와 kotlinx.rpc로 서버와 클라이언트 동기화
kwakeuijin
0
130
ゆるやかにgolangci-lintのルールを強くする / Kyoto.go #56
utgwkk
1
350
Итераторы в Go 1.23: зачем они нужны, как использовать, и насколько они быстрые?
lamodatech
0
610
「Chatwork」Android版アプリを 支える単体テストの現在
okuzawats
0
180
Fibonacci Function Gallery - Part 1
philipschwarz
PRO
0
200

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
Bash Introduction
62gerente
608
210k
Six Lessons from altMBA
skipperchong
27
3.5k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
The Pragmatic Product Professional
lauravandoore
32
6.3k
GitHub's CSS Performance
jonrohan
1030
460k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
Thoughts on Productivity
jonyablonski
67
4.4k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k

Transcript

  1. None

  2. Name @brn (ꫬꅿ⨳ⵃ) Occupation ؿٗٝزؒٝسؒٝآص،٥ط؎ذ؍ـؒٝآص، Company Cyberagent ،سذؙأةآؔ AI Messenger

    Blog http://abcdef.gets.b6n.ch/ Twitter https://twitter.com/brn227 GitHub https://github.com/brn

  3. Agenda •  What is V8? •  Execution flow of V8

    •  Parsing •  Abstract Syntax Tree •  Ignition – BytecodeInterpreter •  CodeStubAssembler •  Builtins / Runtime •  Optimization / Hidden Class / Inline Caching •  TurboFan / Deoptimization

  4. What is V8? V8הכGoogle爡ָ㹋鄲׃׋javascriptؒٝآٝדծ Google Chrome/Node.JSךjavascriptؒٝآٝח䱰欽ׁ׸גְתׅկ

  5. Execution Flow

  6. Source AST Bytecode Graph Assembly first time hot code

  7. Parsing

  8. Basic parsing V8כا٦أ؝٦س׾ػ٦أ׃גASTח㢌䳔ׅ׷ ASTהכAbstractSyntaxTreeך殛獥 䬄韋圓俑加הㄎל׸׷ Parsing

  9. if (x) { x = 100 }

  10. IF CONDITION THEN BLOCK EXPRESSION STATEMENT ASSIGN VAR PROXY (X)

    LITERAL (100) if (x)  {  x = 100 

  11. Problems

  12. Parsing all functions - Slow ׅץגך؝٦س׾剑ⴱחػ٦أׅ׷ךכ֮ת׶״׹׃ֻזְ ׮׃ػ٦أ׃׋؝٦سָ㹋遤ׁ׸זֽ׸ל䠐㄂ָזְ Parsing

  13. Split parsing phase ػ٦أ׾鹼䒀׃ג遤ֲ׋׭חծػ٦أ׾✳媮ꥡחⴓֽ׷ Parsing

  14. PreParsing ✲⵸חׅץגךꟼ侧ךٖ؎،ؐز׾ ػ٦أ׃גֶֻ Parsing

  15. function x(a, b) { return a + b; } FUNCTION(X)

    parameter-count: 2 start-position: 1 end-position: 34 use-super-property: false …

  16. // when x is called x() FUNCTION NAME (x) RETURN

    LITERAL(1)

  17. Lazy Parsing V8כ㹋ꥷח״ן׌ׁ׸׷תדػ٦أ׾鹼䒀ׅ׷ ꟼ侧כㄎן⳿ׁ׸גⴱ׭ג؝ٝػ؎ׁٕ׸׷ Parsing

  18. More About https://docs.google.com/presentation/d/1b- ALt6W01nIxutFVFmXMOyd_6ou_6qqP6S0Prmb1iDs/present? slide=id.p Parsing

  19. Abstract Syntax Tree

  20. AST Rewriting Parserח״׏ג欰䧭ׁ׸׋AST׾㢌䕎ׅ׷ ְֻאַ稱➜ AbstractSyntaxTree

  21. Subsclass constructor return 竰䪫׃׋ؙٓأך؝ٝأزؙٓة׾㢌䕎ׅ׷ 崢欰ؙٓأך؝ٝأزؙٓةד䒭׾return׃גְ׷儗כծ 3갪怴皾㶨ח㢌䳔׃גծ 䒭ך穠卓ָundefined׌׏׋㜥さחכthis׾䨱ׅկ AbstractSyntaxTree

  22. constructor() {! super();! return expr! }! ! constructor() {! super();!

    var tmp;! return (temp = expr) === undefined?! this: temp;! }!

  23. for (let/const/var in/of e) for-in/ofךⴱ劍⻉דconst/let׾⢪ֲ׋׭חծⰋ⡤׾ـٗحؙד㔲 ׫㢌侧׾㹑鎉ׅ׷կ AbstractSyntaxTree

  24. for (const key of e) {! ...! }!

  25. {! var temp;! for (temp of e) {! const x

    = temp;! ...! }! let x! }!

  26. Spread operator doהfor-ofח縧ֹ䳔ִגⳢ椚 AbstractSyntaxTree

  27. const x = [1,2,3];! const y = [...x];!

  28. do {! $R = [];! for ($i of x)! %AppendElement($R,

    $i);! $R! }!

  29. Ecmascript? – Binary AST ➙תד鋅׋״ֲחASTך؟؎ؤכ穠圓㣐ְֹךדծ ׉׸׾㖇簭ׅ׷䲿周 Parsing

  30. Ignition

  31. Bytecode Interpreter V8כ欰䧭׃׋AST׾1~4byteךBytecodeח㢌䳔׃גַ׵㹋遤ׅ ׷ Ignition

  32. How does it work? ♧אך،ُؗيٖ٦ة٦׾⪒ִٖآأةك٦أד⹛⡲ׅ׷؎ٝ ة٦فٔة Ignition

  33. Pseudo javascript code Javascriptד圓鸡׾垷⦺ׅ׷הֿך״ֲחז׷ Ignition

  34. const Bytecodes = [0,1,2,3,4,5];! let index = 0;! function dispatch(next)

    {BytecodeHandlers[next] ();}! const BytecodeHandlers = [! () => {...; dispatch(Bytecodes[index++])},! () => {...; dispatch(Bytecodes[index++])},! () => {...; dispatch(Bytecodes[index++])},! () => {...; dispatch(Bytecodes[index++])},! () => {...; dispatch(Bytecodes[index++])},! () => {...; dispatch(Bytecodes[index++])},! ]! dispatch(Bytecodes[index++]);!

  35. How to create bytecode? BytecodeכASTַ׵AstVisitor׾ⵃ欽׃ג欰䧭ׁ׸׷ AstVisitorכVistorػة٦ٝ׾ⵃ欽׃׋ؙٓأדծ AST׾帾ׁ⮚⯓䱱稊׃זָ׵㼎䘔ׅ׷؝٦ٕغحؙꟼ侧׾ㄎן⳿ ׅ Ignition

  36. BytecodeArray 欰䧭ׁ׸׋BytecodeכBytecodeArrayח呓秛ׁ׸׷ BytecodeArrayכꟼ侧⽃⡘ד㶷㖈ׅ׷ Ignition

  37. Dispatch Table Stub(Machine Code) BytecodeArray Dispatch Tableから対応するHandlerを取り出して実行 0 1 3

    4 5 6 7 8 5 6 1

  38. InterpreterEntryTrampoline 剑穄涸ח欰䧭ׁ׸׋BytecodeכInterpreterEntrynTrampolineה ㄎל׸׷Builtin؝٦سַ׵㹋遤ׁ׸׷ InterpreterEntryTrampolineכAssemblyח؝ٝػ؎ׁٕ׸ծ 鸐䌢ךCךꟼ侧הㄎן⳿ׁ׸׷ Ignition

  39. InterpreterEntryTrampoline(Assembly) Script::Run Call as C function Ignition DispatchTable Dispatch First

    bytecode

  40. Ignition Handler ⯓玎亻⡂؝٦سד爙׃׋BytecodeHandlersכV8דכ Ignition Handlerהㄎל׸גְ׷ Ignition HandlerכCodeStubAssemblerהְֲDSLד鎸鶢ׁ׸ג ְ׷ Iginition

  41. CodeStub Assember

  42. What is CodeStubAssmber? CodeStubAssembler(CSA)כ؝٦س欰䧭׾ؚٓؿ欰䧭ח䬄韋⻉׃ ׋V8ⰻ鿇ךDSL 㹋遤✮㹀Node׾穈׫甧ג׷׌ֽדծCodeGeneratorח״׏גぐ ،٦ؗذؙثٍぢֽך؝٦سָ欰䧭ׁ׸׷׋׭ծ،إٝـٔ鎉铂 ׾ְ׍ְ׍倜׋ח剅ֻ䗳銲ָזְ CodeStubAssembler

  43. IGNITION_HANDLER(JumpIfToBooleanFalse, InterpreterAssembler) {! Node* value = GetAccumulator();! // Accumulatorの値を取得! Node*

    relative_jump = BytecodeOperandUImmWord(0);! // 引数のoperandを取得! Label if_true(this), if_false(this);! BranchIfToBooleanIsTrue(value, &if_true, &if_false);! // valueがtrueならif_true、falseならif_false! Bind(&if_true);! Dispatch();! Bind(&if_false);! // operandのbytecodeまでjump! Jump(relative_jump);! }!

  44. Graph based DSL ֿךCodeStubAssemblerךֶַ־ד㹋ꥷך،٦ؗذؙثٍぢֽ ך،إٝـٓ׾擾濼׃גְזֻג׮֮׵׋ח؝٦س׾鷄⸇ׅ׷ֿ הָ㺁僒חז׶ծ ת׋〳铣䚍׮ꬊ䌢ח넝ֻז׏גְ׷ CodeStubAssembler

  45. Dispatch Table 00 01 02 04 08 0f 10 10

    Node Node Node Operator Operator IGNITION_HANDLER Stub (Mahine Code Fragment) グラフからコードを生成 生成したコードを、 DispatchTableの対応する バイトコードのインデックスへ 登録 Assemble

  46. Assembler 㹋ꥷחぐ،٦ؗذؙثٍぢֽך؝٦س׾⳿⸂ׅ׷ X64ぢֽךjmpص٦ٌصحؙ׾׍׳׏ה׌ֽ鋖ְג׫״ֲ CodeStubAssembler

  47. void Assembler::jmp(! Handle<Code> target,! RelocInfo::Mode rmode! ) {! EnsureSpace ensure_space(this);!

    // 1110 1001 #32-bit disp.! // ここでメモリ上にアセンブラを書き出す! emit(0xE9);! emit_code_target(target, rmode);! }!

  48. Where to use BuiltinsכAssemblerؙٓأ׾ⵃ欽׃גぐ،٦ؗذؙثٍ嫣ך Stubָ鎸鶢ׁ׸גְ׷ ♧鿇CSA׾⢪ֲ皘䨽׮֮׷(*-gen.cc) Ignition HandlerכקרⰋגָCSAד鎸鶢ׁ׸גְ׷ CodeStubAssembler

  49. Builtins & Runtime

  50. Builtins BuiltinsכV8ך饯⹛儗ח؝ٝػ؎ׁٕ׸׷،إٝـٓך؝٦س晙 ꟼ侧ך״ֲחCallBuiltin穗歋דㄎן⳿ׁ׸׷ Stubה׮ㄎל׸׷ 㹋遤儗ך剑黝⻉כ遤׻׸זְ Builtins & Runtime

  51. Runtime RuntimeכBuiltinsװ׉ך➭ך،إٝـٓ؝٦سַ׵ㄎן⳿ֿׅ הָדֹ׷C++ך؝٦س Javascriptך⚅歲ַ׵C++ך⚅歲׾אזּ؝٦س晙 ずֻׄ㹋遤儗ך剑黝⻉כ遤׻׸זְ Builtins & Runtime

  52. Hidden Class

  53. What is Hidden Class? Javascriptחכ㘗ָזְךדؔـآؙؑز׾鋉㹀ׅ׷׮ךָ搀ְկ ׉ך׋׭ծV8כؔـآؙؑزך圓鸡荈⡤׾㘗ך״ֲח䪔׏גְ׷կ ֿ׸׾Hidden Classהㄎע Hidden Class

  54. •  Hidden Class const point1 = {x: 0, y: 0};!

    const point2 = {x: 0, y: 0};! Map FixedArray [ {x: {offset: 0}}, {y: {offset: 1}} ]

  55. Map ׋הִJavascript♳דכⴽךؔـآؙؑزד֮׏ג׮ծ ずׄ圓鸡׾䭯׏גְ׸לずׄHidden Class׾Ⱏ剣ׅ׷ ׉׃גֿךؔـآؙؑزך酅ח֮׷圓鸡׾Mapהㄎע Hidden Class

  56. const pointA = {x: 0, y: 0};! const pointB =

    {x: 0, y: 0};! // pointA.Map === pointB.Map;! ! const pointC = {y: 0, x: 0};! // pointA.Map !== pointC.Map! ! const point3D = {x: 0, y: 0, z: 0};! // point3D.Map !== pointA.Map!

  57. class PointA {! constructor() {! this.x = 0;! this.y =

    0;! }! }! const pointAInstance = new PointA();! ! class PointB {! constructor() {! this.y = 0;! this.x = 0;! }! }! const pointBInstance = new PointB();! // PointAInstance.Map !== PointBInstance.Map!

  58. Layout Mapؔـآؙؑزכַז׶⿑㺘חفٗػذ؍ךoffset׾ثؑحؙ ׅ׷׋׭ծٔذٕٓךⴱ劍⻉갫٥فٗػذ؍ךⴱ劍⻉갫٥فٗػ ذ؍ך侧ָ麩ֲהⴽךMapָⶴ׶䔲ג׵׸׷ Hidden Class

  59. Map Transition ׃ַ׃فٗػذ؍ך㟓幾ָ걼籕ח饯ֿ׷Javascriptדծ嫣㔐Map ׾欰䧭ׅ׷ה؝أزָ搀鋔דֹזְךדכ V8כفٗػذ؍ך㟓幾ָ֮׏׋㜥さחכMap׾Ⱏ剣׃זָ׵ծ 㟓ִ׋鿇ⴓך׫ך倜׃ְMap׾欰䧭ׅ׷ ֿ׸׾Map Transitionהㄎע Hidden Class

  60. function Point(x, y) { this.x = x; this.y = y;

    } Map FixedArray [ {x: {offset: 0}}, {y: {offset: 1}}, ] var x = new Point(1, 1); x.z = 1; Map FixedArray [ {z: {offset: 2}} ] transition {z: transi>on(address)}

  61. What's Happening? Hidden Classָ֮׷ה⡦ָ㴍׃ְַהְֲהծ ؔـآؙؑزךفٗػذ؍،ؙإأװ㘗ךثؑحؙ׾״׶넝鸞חծ ״׶㸜Ⰻח遤ִ׷״ֲחז׷ Hidden Class

  62. Inline Caching

  63. What is Inline Caching فٗػذ؍،ؙإأך넝鸞⻉ך׋׭ח麓⿠ך،ؙإأ׾ٍؗح ءُ׃גֶֻ Inline Caching

  64. function x(obj) {! return obj.x + obj.y;! }! ! x({x:

    0, y: 0});! x({x: 1, y: 1});! x({x: 2, y: 2});!

  65. Search Property ؔـآؙؑزַ׵فٗػذ؍׾䱱ׅ׋׭חכծ HashMapװFixedArrayַ׵فٗػذ؍׾ٗ٦سׅ׷ ׃ַ׃׉׸׾嫣㔐遤ֲךכꬊ䌢ח鹼ְ Inline Caching

  66. Reduce Property Access ֿך⢽דכxהyפך،ؙإأָずׄMap׾䭯אؔـآؙؑزח㼎 ׃ג⡦䏝׮㹋遤ׁ׸גְ׷ ׅדחobjכ{x, y}ךMapה׻ַ׏גְ׷ךד֮׸לծ 䔲搫ًٌٖٔ؎،ؐز׮׻ַ׏גְ׷ךדծ湫䱸offset׾䭷㹀׃ ג،ؙإأ׃׋קֲָ傍ְ Inline

    Caching

  67. Cache זךדծ暴㹀ךMapך،ؙإأ׾鎸䥉׃גֶֻ ֮׷فٗػذ؍פ،ؙإأ׃׋㜥さծ׉ךMapؔـآؙؑز׾鎸 䥉ׅ׷ֿהד2㔐湡⟃꣬ךفٗػذ؍،ؙإأָ넝鸞⻉ׁ׸׷ Inline Caching

  68. x({x: 0, y: 0});! // uninitialized! x({x: 1, y: 1});!

    // stub_call! x({x: 2, y: 2});! // found ic! x({x: 1, y: 1, z: 1})! // load ic miss! x({x: 1, y: 1, foo() {}});! // load ic miss!

  69. Cache Miss ׋׌׃ծMapָ㢌⻉׃׋㜥さחכ䔲搫CacheךMissؼحزָ饯ֹ ׷ךדծת׋فٗػذ؍׾ٗ٦س׃ג倜׋ח鎸䥉׃湫ׅ ׋׌׃ׅץג׾鎸ꐮׅ׷ךכ♶〳腉זךדծ4אתדMapؔـ آؙؑز׾鎸ꐮׅ׷ Inline Cache

  70. Cahce State ٍؗحءُך朐䡾כ⟃♴ך״ֲח鼂獳ׅ׷ PreMonomorphic Monomorphic Polymorphic Megamorphic Inline Caching

  71. Pre Monomorphic ؝٦س♳ך鿪さד劢ⴱ劍ַוֲַⴻ㹀ׅ׷׋׭ח㶷㖈ׅ׷ךדծ ֮ת׶䠐㄂כזְ Inline Caching

  72. Monomorphic ⽃♧ךMapפך،ؙإأ׃ַ㶷㖈׃זְ朐䡾 椚䟝涸ז朐䡾ה鎉ִ׷ Inline Caching

  73. Polymorphic MapָFixedArrayח呓秛ׁ׸גֶ׶醱侧ךMapַ׵嗚稊׃ג فٗػذ؍،ؙإأ׾㹋遤ׅ׷ ٍؗحءُ荈⡤כׁ׸גְ׷ךדת׌넝鸞 Inline Caching

  74. Megamorphic ֮ת׶חMissָ㢳ְךדծMapך鎸ꐮ׾⨡姺׃׋朐䡾 איחStubַ׵GetProperty׾ㄎן⳿׃גفٗػذ؍׾《䖤ׅ׷ 剑׮鹼ְ朐䡾 Inline Caching

  75. Optimization

  76. Hot or Small 䌢ח؝٦س׾剑黝⻉ׅ׷ךכꬊ䌢ח搀꼽 ⟃♴ך勴⟝ח䔲גכת׷؝٦س׾剑黝⻉ׅ׷ •  (ꟼ侧ךغ؎ز؝٦سꞿ/ 1200) + 2ך㔐侧ꟼ侧ָㄎן⳿ׁ׸

    גְ׷ •  ꟼ侧ָ㼭ְׁ(غ؎ز؝٦سךꞿָׁ90劢弫) Optimization

  77. Optimization Budget غ؎ز؝٦س㹋遤⚥חぐꟼ侧חכ剑黝⻉✮皾ָⶴ׶䮶׵׸גֶ׶ծ ׉ך⦼ָ0׾ⴖ׷ה؝٦س剑黝⻉⦪酡הז׷ Optimization

  78. For loop ٕ٦فדכJumpLoopהְֲغ؎ز؝٦سָ⳿⸂ׁ׸׷ ֿךJumpLoopך⚥ד䨱׶⯓ך،سٖأ⦼ךoffset׾ꅾ׫ח׃גծ ⯓玎ך✮皾ַ׵⦼׾䒷ֹծ׉׸ָ0׾ⶴ׏׋׵ٕ٦فⰻך剑黝⻉ ָ涪欰ׅ׷ Optimization

  79. function id(v) {return v;}! function x(v) {! for (var i

    = 0; i < 10000; i++) {! id(v + i);! }! }! x(1);!

  80. 0x1bb9e5e2935e LdaSmi.Wide [1000] 0x1bb9e5e2937e JumpLoop [32], [0] (0x1bb9e5e2935e @ 4)

    Bytecode length = 100 if (budget –= 100 < 0) { OptimizeAndOSR(); }

  81. OSR - OnStackReplacement ؝ٝػ؎ׁٕ׸גغ؎ز؝٦سַ׵堣唒铂ח㢌䳔ׁ׸׋؝٦سכծ ٕ٦فך鷿⚥ד굲ן⯓ָ剅ֹ䳔ִ׵׸ג倜׋ז堣唒铂ך؝٦سָ 㹋遤ׁ׸׷ Optimization

  82. For function ꟼ侧ך㜥さכReturnغ؎ز؝٦سָ䗳׆欰䧭ׁ׸׷ ׉ֿדInterruptָ遤׻׸ג✮皾ךثؑحָؙ涪欰ׅ׷ Optimization

  83. function x() {! const x = 1 + 1;! }!

    x();!

  84. 0x3d22953a917a StackCheck 0x3d22953a9180 Return Bytecode length 30 if (budget -=

    30 < 0) { OptimizeConcurrent(); }

  85. Concurrent Compilation ꟼ侧׾剑黝⻉ׅ׷㜥さכծ⚛⴨؝ٝػ؎ָٕꬊず劍ח遤׻׸׷ ׉ך׋׭如㔐⟃꣬ךꟼ侧ㄎן⳿׃ָ䗳׆剑黝⻉ׁ׸גְ׷׻ֽד כזְ Optimization

  86. CompilationQueue CompilationJob CompilationJob CompilationJob Hot Function Bytecode Called Hot Function(Queued)

    Bytecode Called Hot Function(Queued) Bytecode Called Optimized Function Assembly Called

  87. const x = x => x;! const y = ()

    => {! for (let i = 0; i < 1000; i++) {! x(i);! }! ! for (let i = 0; i < 1000; i++) {! x(i);! }! };! y();!

  88. 0x13b567fa924e LdaSmi.Wide [1000] 0x13b567fa9268 JumpLoop [26], [0] (0x13b567fa924e @ 4)

    Bytecode length 26 budget –= 26 0x13b567fa926e LdaSmi.Wide [1000] 0x13b567fa9288 JumpLoop [26], [0] (0x13b567fa926e @ 36) Bytecode length 26 budget –= 26 0x13b567fa928c Return budget –= all_bytecode_length

  89. Budget for function ׋הִٕ٦فָⴓⶴׁ׸גְג׮Ⰻ⡤ך✮皾׾Returnד׮鎘皾ׅ ׷ךד㉏겗זֻ剑黝⻉ָ遤׻׸׷ Optimization

  90. TurboFan

  91. What is TurboFan? TurboFanהכV8ך剑黝⻉أةحؙךֿה V8כBytecodeַ׵剑黝⻉؝ٝػ؎ٕ׾遤ֲ㜥さחծ ♧傉IR׾欰䧭ׅ׷ ֿךGraph欰䧭ה剑黝⻉׾遤ֲךָTurboFan TurboFan

  92. Bytecode IR TurboFan Optimization & CodeGeneration

  93. IR 䬄韋涸ז㹋遤ـٗحؙ Control Flow Graph TurboFan

  94. #22:Branch[None](#21:SpeculativeNumberLessThan, #9:Loop) #28:IfTrue(#22:Branch) #30:JSStackCheck(#11:Phi, #32:FrameState, #21:SpeculativeNumberLessThan, #28:IfTrue) #33:JSLoadGlobal[0x2f3e1c607881 <String[1]: a>,

    1] (#11:Phi, #34:FrameState, #30:JSStackCheck, #30:JSStackCheck) #2:HeapConstant[0x2f3e1c6022e1 <undefined>]() #39:FrameState #36:StateValues[sparse:^^](#12:Phi, #33:JSLoadGlobal) #37:FrameState#35:Checkpoint(#37:FrameState, #33:JSLoadGlobal, #33:JSLoadGlobal) #38:JSCall[2, 15256, NULL_OR_UNDEFINED] (#33:JSLoadGlobal, #2:HeapConstant, #11:Phi, #39:FrameState, #35:Checkpoint, #33:JSLoadGlobal) #9:Loop(#0:Start, #38:JSCall)

  95. Optimization TurboFanכGraphח㼎׃ג剑黝⻉׾遤ֲ TurboFan

  96. inline ꟼ侧ㄎן⳿׃ךInline⻉ trimming ⵋ麦׃זְNodeך⵴ꤐ type 㘗䱿锷 typed-lowering 㘗ח㛇בְג䒭װㄏ⟀׾״׶知⽃זⳢ椚ח縧ֹ䳔ִ׷ loop-peeling ٕ٦فⰻךⳢ椚׾㢩ח⳿ׅկ

  97. loop-exit-elimination LoopExit׾⵴ꤐ load-elimination 搀꼽ז⦼ך铣׫⳿׃װcheck׾⵴ꤐ simplified-lowering ״׶Ⱗ⡤涸ז⦼דㄏ⟀׾ءٝفٕח㢌䳔ׅ׷ generic-lowering JSفٖؿ؍حؙأך➰ֻㄏ⟀׾״׶ءٝفٕזㄎן⳿׃װ stubךㄎן⳿׃ח㢌䳔ׅ׷ dead-code-elimination

    ⵋ麦♶腉؝٦سך⵴ꤐ

  98. Code generation 剑穄涸חInstructionSelectorהְֲؙٓأָregisterךⶴ➰׾遤 ְծ ֿךؚٓؿַ׵CodeGeneratorָ堣唒铂׾欰䧭׃ג PC(ProgramCounter)ח،إٝـٔ׾剅ֹ⳿׃גְֻ Optimization

  99. Deoptimization

  100. What is Deoptimization? Deoptimization(膴剑黝⻉)הכ剑黝⻉׃׋Assembly؝٦سח✮劍 ׇט⦼ָ床׏׋㜥さחծⱄ䏝؝ٝػ؎ٕ׃湫ׅ堣腉 ׮׍׹׿㼰זְח馉׃׋ֿהכזְ Deoptimizationָ涪欰ׅ׷⢽׾然钠׃ג׫״ֲ Deoptimization

  101. const id = x => x;! const test = obj

    => {! for (let i = 0; i < 100000; i++) {! id(obj.x);! }! };! ! test({x: 1});! test({x: 1, y: 1});!

  102. Wrong Map ➙ך⢽דכ剑ⴱח{x}ךMapח㼎׃ג剑黝⻉ׁ׸׋Assembly׾⳿ ⸂׃׋ָծ ✳㔐湡ךㄎן⳿׃ָ{x,y}ךMap׌׏׋׋׭חծⱄ؝ٝػ؎ٕ׾⡭ ⭑זֻׁ׸ג׃ת׏׋ ׍׳׏ה׌ֽAssembly׾鋖ְג׫״ֲ Deoptimization

  103. 0x451eb30464c 8c 48b9f1c7d830391e0000 REX.W movq rcx, 0x1e3930d8c7f1 0x451eb304656 96 483bca

    REX.W cmpq rcx,rdx 0x451eb304659 99 0f8591000000 jnz 0x451eb3046f0 ;; Check Map!! ... 0x451eb3046f0 130 e81ff9cfff call 0x451eb004014 ;; deoptimization bailout 2

  104. Bailout ֿך״ֲח⳿⸂ׁ׸׋؝٦سחMap׾然钠ׅ׷؝٦س׮ろת׸ג ְ׷ Deoptimizationָ遤׻׸׷ה؝٦سכBytecode㹋遤ח䨱׷ָծ ֿ׸׾Bailoutהㄎע Deoptimization

  105. Summary ⟃♳ָV8ָJS׾㹋遤ׅ׷䊨玎ד֮׷ 儗꟦ך鿪さ♳GCכ満ְ׋ V8ך؝٦سٔ٦ر؍ؚٝך䪮遭瘝כת׋ـؚٗח剅ֻ✮㹀 http://abcdef.gets.b6n.ch/ ׀幠耮֮׶ָהֲ׀ְׂת׃׋