SlideShare a Scribd company logo

V8 javascript engine for フロントエンドデベロッパー

Taketoshi 青野健利
Taketoshi 青野健利

V8 is Google's open source JavaScript engine that is used in Chrome and Node.js. It uses several optimization techniques like hidden classes, inline caching, and TurboFan to improve JavaScript performance. V8 first parses JavaScript into an AST, then compiles it into bytecode which is executed by the Ignition bytecode interpreter or optimized by TurboFan into machine code using techniques like hidden classes to optimize property access and inline caching to optimize function calls.

1 of 77
Downloaded 40 times
V8
 javascript engine
: @brn ( ) : : Cyberagent RightSegment AI Messenger : http://abcdef.gets.b6n.ch/ Twitter: https://twitter.com/brn227
V8 V8 Google javascript Google Chrome javascript
V8 V8 •  •  Hidden Class •  Inline Caching •  GC •  2016 •  CPU Mips Arm X64 X86 7
V8 javascript
V8 Code base V8 108 C++ …
V8 Source AST Bytecode Graph Assembly
Parsing V8 AST AST AbstractSyntaxTree
Abstract Syntax Tree if (x) { x = 100 }
Abstract Syntax Tree IF CONDITION THEN BLOCK EXPRESSION STATEMENT ASSIGN VAR PROXY (X) LITERAL (100) if (x) { x = 100
Parsing Web javascript
Parsing V8
Lazy Parsing function x() {return 1;} FUNCTION(X)
Lazy Parsing function x() {return 1;} x() FUNCTION NAME (x) RETURN LITERAL(1)
Lazy Parsing V8
PreParsing v8::internal::PreParser •  • 
Dive into Parsing V8 Parsing https://docs.google.com/presentation/d/1b- ALt6W01nIxutFVFmXMOyd_6ou_6qqP6S0Prmb1iDs/present? slide=id.p
Abstract Syntax Tree V8 yacc lex
AST Rewriter V8 AST
AST Rewriter javascript Spread var x = [1,2,3]; var y = […x]; V8 AltJS
AST Rewriter do { $R = []; for ($i of x) %AppendElement($R, $i); $R } // src/parsing/parser.cc do for-of
Abstract Syntax Tree AST V8 AST AST …
Abstract Syntax Tree var x = 100
Abstract Syntax Tree var EXPRESSION STATEMENT CALL RUNTIME [IniOalizeVarGlobal] LITERAL (x) LITERAL (100) x 100 ?
Abstract Syntax Tree V8 Runtime C++ AST AST
AST to Bytecode AST AST Bytecode V8 Bytecode 1Byte Bytecode VM Ignition
Igniton V8 Ignition Bytecode AST
Igniton Ignition CPU Ignition BytecodeHandler Bytecode
Igniton
// 擬似的なjavascriptコード        ! var Bytecodes = [0,1,2,3] var index = 0; function dispatch(next) { BytecodeHandlers[next](); } const BytecodeHandlers = { ['0']() {...; dispatch(Bytecodes[index++])}, ['1']() {...; dispatch(Bytecodes[index++])}, ['2']() {...; dispatch(Bytecodes[index++])}, ['3']() {...; dispatch(Bytecodes[index++])} } const firstBytecode = Bytecodes[index++]; BytecodeHandlers[firstBytecode](firstBytecode);
Igniton Dispatch Table 00 01 02 04 08 0f 10 10 Node Node Node MachineCode MachineCode IGNITION_HANDLER Entry Function(Machine Code) グラフからコードを生成 生成したコードを、 DispatchTableの対応する バイトコードのインデックスへ 登録
Igniton Ignition AST V8 AST v8::internal::AstVisitor<Subclass> AstVisitor Visitor AST
Visitor Pattern class Visitor { void Visit(Ast* ast) { ast->Accept(this); } void VisitXXX(XXX* ast) { ast->property->accept(this); } } class Ast(XXX) { void Accept(Visitor* visitor) { visitor->VisitXXX(this) } }
Igniton Bytecode BytecodeArray BytecodeArray
Igniton Dispatch Table Entry Function(Machine Code) BytecodeArray Dispatch Tableから対応するHandlerを取り出して実行 0 1 3 4 5 6 7 8 8 6 1
Code Generation V8 CodeStub Builtins Runtime BytecodeHandler
Code Generation Bytecode Bytecode BytecodeHandler
IGNITION_HANDLER(JumpIfToBooleanFalse, InterpreterAssembler) {! Node* value = GetAccumulator();! // Accumulatorの値を取得! Node* relative_jump = BytecodeOperandUImmWord(0);! // 引数のoperandを取得! Label if_true(this), if_false(this);! BranchIfToBooleanIsTrue(value, &if_true, &if_false);! // valueがtrueならif_true、falseならif_false! Bind(&if_true);! Dispatch();! Bind(&if_false);! // operandのbytecodeまでjump! Jump(relative_jump);! }!
Code Generation Graph
Code Generation C++ DSL
IGNITION_HANDLER(ForInContinue, InterpreterAssembler) {! ...! Branch(WordEqual(index, cache_length), &if_true, &if_false);! Bind(&if_true);! {! SetAccumulator(BooleanConstant(false));! Goto(&end);! }! Bind(&if_false);! {! SetAccumulator(BooleanConstant(true));! Goto(&end);! }! ...! }!
Code Generation MacroAssembler MacroAssembler Assembler V8 masm MacroAssembler
#define __ ACCESS_MASM(masm)! ! static void Generate_StackOverflowCheck(...) {! ! __ LoadRoot(kScratchRegister, Heap::kRealStackLimitRootIndex);! __ movp(scratch, rsp);! ! __ subp(scratch, kScratchRegister);! __ sarp(scratch, Immediate(kPointerSizeLog2));! ! __ cmpp(scratch, num_args);! ! __ j(less_equal, stack_overflow, stack_overflow_distance);! }!
Code Generation GraphResolver CodeGenerator Graph MacroAssembler Assembler
Code Generation MacroAssembler Graph Graph •  CodeStubAssembler •  CodeAssembler •  RawMachineAssembler •  MachineOperatorBuilder
Code Generation e.x Load CodeStubAssembler::Load CodeAssembler::raw_assembler()->Load() RawMachineAssembler::Load AddNode(MachineAssembler::Load()) Graph Leaf Node
Optimization javascript javascript javascript V8 JIT( )
Optimization V8 3 •  Hidden Class •  Inline Caching •  TurboFan
Hidden Class javascript class prototype •  • 
Hidden Class V8 function Point(x, y) { this.x = x; this.y = y }; var point = new Point(1, 1); Point
Map V8 •  •  •  Map Map Map
Map function Point(x, y) { this.x = x; this.y = y; } Map FixedArray [ {a: {offset: 0}}, {b: {offset: 1}} ]
Map javascript
Map Transition V8 transition Map Map
Map Transition function Point(x, y) { this.x = x; this.y = y; } Map FixedArray [ {x: {offset: 0}}, {y: {offset: 1}}, transiOon: {address: …} ] var x = new Point(1, 1); x.z = 1; Map FixedArray [ {x: {offset: 0}}, {y: {offset: 1}}, {z: {offset: 2}} ] transition
Inline Caching Inline Caching
class X {add() {return 1}}! class Y {add() {return 2}}! var m = [new X(), new X(), new Y()];! for (let i = 0; i < m.length; i++) {! m[i].add();! }! !
Inline Caching 初回 V8 add Receiver Map Cached address 1. Search 2. Check 4. Cache 3. Call
Inline Caching 二回目以降 V8 add Receiver Map Cached address 1. Search and Call
Inline Caching Inline Caching 4 •  Premonomorphic •  Monomorphic •  Polymorphic •  Megamorphic
Premonomorphic Premonomorphic IC Stub
Monomorphic Monomorphic Receiver IC
Polymorphic Polymorphic Receiver Polymorphic Map Monomorphic IC
Megamorphic Megamorphic
(Load/Store)IC_Miss LoadIC_Miss StoreIC_Miss IC C++
(Load/Store)IC_Miss 二回目以降 V8 add Receiver (y) Map Cached address (x) 1. Search 2. Compare Map x !== y 3. (Load/Store)IC_Miss
Optimized Compilation V8 Bytecode Generic Runtime
Hot Spot V8 •  • 
Loop Tracing V8 V8 OnStackReplacement
On Stack Replacement for (let i = 0; i < 10000; i++) { doSomething(i); } JumpLoop LoopHeader SlowCode FastCode PC( )
Function Call Tracing Ignition Return Bytecode BytecodeHandler Interrupt Body
Function Interruption function Y() { … } RETURN OP Replace Body しきい値チェック
TurboFan V8 Graph Graph TurboFan
TurboFan TurboFan •  Loop peeling / Loop elimination •  Escape analysis •  Lowering •  Effect and control linearize •  Dead code elimination •  Control flow optimization •  Memory optimization
Deoptimization Map overlow 0 … V8 Bytecode
Pipeline OpOmize Assembler TurboFan Source AST Parser Bytecode Graph IgniOon Compile Optimization Deoptimization
V8 GC V8 GC

More Related Content

V8 javascript engine for フロントエンドデベロッパー