v8 slide collection

The TurboFan architecture / entry points

TurboFan pipeline (high-level)

Code generation example


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
                  -- B0 start (construct frame) --
0x3caafc104060 0 55 push rbp
0x3caafc104061 1 4889e5 REX.W movq rbp,rsp
0x3caafc104064 4 56 push rsi
0x3caafc104065 5 57 push rdi
0x3caafc104066 6 493ba5600c0000 REX.W cmpq rsp,[r13+0xc60]
0x3caafc10406d 13 0f863d000000 jna 80 (0x3caafc1040b0)
-- B2 start --
-- B3 start (deconstruct frame) --
0x3caafc104073 19 488b4518 REX.W movq rax,[rbp+0x18]
0x3caafc104077 23 a801 test al,0x1
0x3caafc104079 25 0f8548000000 jnz 103 (0x3caafc1040c7)
0x3caafc10407f 31 488b5d10 REX.W movq rbx,[rbp+0x10]
0x3caafc104083 35 f6c301 testb rbx,0x1
0x3caafc104086 38 0f8540000000 jnz 108 (0x3caafc1040cc)
0x3caafc10408c 44 488bd3 REX.W movq rdx,rbx
0x3caafc10408f 47 48c1ea20 REX.W shrq rdx, 32
0x3caafc104093 51 488bc8 REX.W movq rcx,rax
0x3caafc104096 54 48c1e920 REX.W shrq rcx, 32
0x3caafc10409a 58 03d1 addl rdx,rcx
0x3caafc10409c 60 0f802f000000 jo 113 (0x3caafc1040d1)
0x3caafc1040a2 66 48c1e220 REX.W shlq rdx, 32
0x3caafc1040a6 70 488bc2 REX.W movq rax,rdx
0x3caafc1040a9 73 488be5 REX.W movq rsp,rbp
0x3caafc1040ac 76 5d pop rbp
0x3caafc1040ad 77 c21800 ret 0x18
-- B4 start (no frame) --
-- B1 start (deferred) --
-- B0 start (construct frame) --
0x3caafc104060 0 55 push rbp
0x3caafc104061 1 4889e5 REX.W movq rbp,rsp
0x3caafc104064 4 56 push rsi
0x3caafc104065 5 57 push rdi
0x3caafc104066 6 493ba5600c0000 REX.W cmpq rsp,[r13+0xc60]
0x3caafc10406d 13 0f863d000000 jna 80 (0x3caafc1040b0)
-- B2 start --
-- B3 start (deconstruct frame) --
0x3caafc104073 19 488b4518 REX.W movq rax,[rbp+0x18]
0x3caafc104077 23 a801 test al,0x1
0x3caafc104079 25 0f8548000000 jnz 103 (0x3caafc1040c7)
0x3caafc10407f 31 488b5d10 REX.W movq rbx,[rbp+0x10]
0x3caafc104083 35 f6c301 testb rbx,0x1
0x3caafc104086 38 0f8540000000 jnz 108 (0x3caafc1040cc)
0x3caafc10408c 44 488bd3 REX.W movq rdx,rbx
0x3caafc10408f 47 48c1ea20 REX.W shrq rdx, 32
0x3caafc104093 51 488bc8 REX.W movq rcx,rax
0x3caafc104096 54 48c1e920 REX.W shrq rcx, 32
0x3caafc10409a 58 03d1 addl rdx,rcx
0x3caafc10409c 60 0f802f000000 jo 113 (0x3caafc1040d1)
0x3caafc1040a2 66 48c1e220 REX.W shlq rdx, 32
0x3caafc1040a6 70 488bc2 REX.W movq rax,rdx
0x3caafc1040a9 73 488be5 REX.W movq rsp,rbp
0x3caafc1040ac 76 5d pop rbp
0x3caafc1040ad 77 c21800 ret 0x18
-- B4 start (no frame) --
-- B1 start (deferred) --



Turbofan IR

Overview

  • Graph based IR
    • Nodes for operations.
    • Edges for value flow, control flow and dependencies.
    • No distinction between basic blocks and statements.
    • Single-static assignment.
  • High/middle/low-level IR layering.
  • Side effects modelled as edges.






节点分层





IR分层和phases

lowering&&Typed Lowering


Representation selection

Representation selection now chooses machine representation and inserts conversions.

Scheduling






High performance JavaScript with V8




1
2
3
4
5
6
7
8
9
10
11
12
function MyObject(x) {
this.X = x;
}
function getX(obj) {
return obj.X;
}
var o = new MyObject(3);
print(getX(o));
...

parallels@ubuntu:~/v8/v8/out.gn/x64.debug$ ./d8 test.js
3


用作参考:https://www.cnblogs.com/yumianhu/p/3707427.html
关于IC的Cahce State,不过内容略过时。




Crankshaft已经废弃,这里只是看下type feedback和check


理解v8 bytecode

https://zhuanlan.zhihu.com/p/28590489
有中文翻译,读起来很快(逃


https://2017.jsconf.eu/speakers/
https://www.chromium.org/developers/how-tos/run-chromium-with-flags

Parsing JavaScript-better lazy than eager?

https://www.youtube.com/watch?v=Fg7niTmNNLg

Ignition - an interpreter for v8

bytecode如何产生

  • 加法
  • 访问对象

    编译bytecode