Igalia, profile picture
Uploaded byIgalia
PDF, PPTX1,081 views

JavaScriptCore's DFG JIT (JSConf EU 2012)

This document summarizes Andy Wingo's talk on JavaScriptCore's optimizing compiler called the DFG JIT. It begins by providing context on Wingo and an overview of JavaScriptCore's compilation pipeline. It then analyzes the performance of DFG JIT on various V8 benchmarks through experimentation with variable warmup times. Key optimizations identified include inlining, integer operations, and floating point arithmetic. The document ends by discussing ways to extract more data from JavaScriptCore like debug options and comparing performance to V8.

Embed presentation

Download as PDF, PPTX
The DFG JIT, Inside & Out JavaScriptCore’s Optimizing Compiler JSConf.EU 2012 Andy Wingo
wingo@igalia.com Compiler hacker at Igalia Contract work on language implementations V8, JavaScriptCore Schemer
Hubris “Now that JavaScriptCore is as fast as V8 on its own benchmark, it’s well past time to take a look inside JSC’s optimizing compiler, the DFG JIT.”
DFG Optimizing compiler for JSC LLInt -> Baseline JIT -> DFG JIT Makes hot code run fast But how good is it?
An empirical approach Getting good code What: V8 benchmarks When: Hacked V8 benchmarks How: Code dive
The V8 benchmarks The best performance possible from an optimizing compiler ❧ full second of warmup ❧ full second of runtime ❧ long run amortizes GC pauses
Baseline JIT vs DFG
Abusing the V8 benchmarks When does the DFG kick in? What does it do? Idea: V8 benchmarks with variable warmup ❧ after 0 ms of warmup ❧ after 5 ms of warmup ❧ after n ms of warmup Small fixed runtime (5 ms)
Caveats Very sensitive ❧ GC ❧ optimization pauses ❧ timer precision ... but then, so is real code Keep close eye on distribution of measurements
Richards Speedup: 3.7X Bit ops, properties, prototypes
TaskControlBlock.prototype.isHeldOrSuspended = function () { return (this.state & STATE_HELD) != 0 || (this.state == STATE_SUSPENDED); }; GetLocal 0x7f4d028abbf4: CheckStructure 0x7f4d028abbf8: 0x7f4d028abc02: 0x7f4d028abc05: GetByOffset 0x7f4d028abc0b: GetGlobalVar 0x7f4d028abc0f: 0x7f4d028abc19: BitAnd 0x7f4d028abc1c: 0x7f4d028abc1f: 0x7f4d028abc25: 0x7f4d028abc28: 0x7f4d028abc2e: mov -0x38(%r13), %rax mov $0x7f4d00109c80, %r11 cmp %r11, (%rax) jnz 0x7f4d028abd15 mov 0x38(%rax), %rax mov $0x7f4d479cdca8, %rdx mov (%rdx), %rdx cmp %r14, %rax jb 0x7f4d028abd2b cmp %r14, %rdx jb 0x7f4d028abd41 and %edx, %eax
CompareEq 0x7f4d028abc30: 0x7f4d028abc32: 0x7f4d028abc34: 0x7f4d028abc37: 0x7f4d028abc3a: xor %ecx, %ecx cmp %ecx, %eax setz %al movzx %al, %eax or $0x6, %eax LogicalNot 0x7f4d028abc3d: xor $0x1, %rax SetLocal 0x7f4d028abc41: mov %rax, 0x0(%r13) Branch 0x7f4d028abc45: test $0x1, %eax 0x7f4d028abc4b: jnz 0x7f4d028abc87 ... 0x7f4d028abc97: ret (End Of Main Path) ...
DeltaBlue Speedup: 4.4X Prototypes, inlining
Inlining At 20ms: Delaying optimization for Constraint.prototype.satisfy (in loop) because of insufficient profiling. Eventually succeeds after 4 more times and 20 more ms; see --maximumOptimizationDelay.
1000 cuts One function optimized about 20ms in: Planner.prototype.addConstraintsConsumingTo = function (v, coll) { var determining = v.determinedBy; var cc = v.constraints; for (var i = 0; i < cc.size(); i++) { var c = cc.at(i); if (c != determining && c.isSatisfied() coll.add(c); } } Many small marginal gains
Crypto Speedup: 4.1X Integers, arrays
function am3(i,x,w,j,c,n) { var this_array = this.array; var w_array = w.array; var xl = x&0x3fff, xh = x>>14; while(--n >= 0) { var l = this_array[i]&0x3fff; var h = this_array[i++]>>14; var m = xh*l+h*xl; l = xl*l+((m&0x3fff)<<14)+w_array[j]+c; c = (l>>28)+(m>>14)+xh*h; w_array[j++] = l&0xfffffff; } return c; }
var l = this_array[i]&0x3fff GetLocal: this_array 0x7f4d02909bf6: mov 0x0(%r13), %r10 GetLocal: i (int32; type check hoisted) 0x7f4d02909bfa: mov -0x40(%r13), %eax GetButterfly: this_array 0x7f4d02909bfe: mov 0x8(%r10), %rdx GetByVal: this_array[i] (array check hoisted) 0x7f4d02909c02: cmp -0x4(%rdx), %eax 0x7f4d02909c05: jae 0x7f4d02909ed2 0x7f4d02909c0b: mov 0x10(%rdx,%rax,8), %rcx 0x7f4d02909c10: test %rcx, %rcx 0x7f4d02909c13: jz 0x7f4d02909ee8 BitAnd: 0x7f4d02909c19: cmp %r14, %rcx 0x7f4d02909c1c: jb 0x7f4d02909efe 0x7f4d02909c22: mov %rcx, %rbx 0x7f4d02909c25: and $0x3fff, %ebx
RayTrace Speedup: 2.5X Floating point, objects with floating-point fields
normalize() normalize : function() { var m = this.magnitude(); return new Flog.RayTracer.Vector(this.x / m, this.y / m, this.z / m); }, DFG inlines as it compiles: inlines this.magnitude() ArithDiv: 0x7f4d0298164b: divsd %xmm1, %xmm0 SetLocal: 0x7f4d0298164f: movd %xmm0, %rdx 0x7f4d02981654: sub %r14, %rdx 0x7f4d02981657: mov %rdx, 0x20(%r13) No typed fields (yet)
EarleyBoyer Speedup: 2.0X Function calls, small short-lived allocations
EarleyBoyer “Performance is a distribution, not a value” Wide distribution indicates nonuniform performance Cause in this case: nonincremental mark GC
RegExp Speedup: 1.2X Regexp compiler test; DFG of no help
Splay Speedup: 1.4X GC test, huge variance
NavierStokes Speedup: 3.0X Floating point arrays, large floating-point functions
No automagic double arrays GetByVal: 0x7f4d02acec1f: 0x7f4d02acec23: 0x7f4d02acec29: 0x7f4d02acec2e: 0x7f4d02acec31: cmp -0x4(%rcx), %r9d jae 0x7f4d02acee0b mov 0x10(%rcx,%r9,8), %rbx test %rbx, %rbx jz 0x7f4d02acee21 GetLocal: 0x7f4d02acec37: Int32ToDouble: 0x7f4d02acec3b: 0x7f4d02acec3e: 0x7f4d02acec44: 0x7f4d02acec47: 0x7f4d02acec4d: 0x7f4d02acec50: 0x7f4d02acec53: 0x7f4d02acec58: 0x7f4d02acec5d: mov -0x50(%r13), %rdi cmp %r14, %rbx jae 0x7f4d02acec5d test %rbx, %r14 jz 0x7f4d02acee37 mov %rbx, %rsi add %r14, %rsi movd %rsi, %xmm0 jmp 0x7f4d02acec61 cvtsi2sd %ebx, %xmm0
Getting data out of JSC jsc --options jsc -d jsc --showDFGDisassembly=true -DJIT_ENABLE_VERBOSE=1, DJIT_ENABLE_VERBOSE_OSR=1 and timestamping hacks on dataLog
Comparative Literature V8 vs JSC: fight! Does JSC beat V8? Does JSC meet V8? Does V8 beat JSC?
Yes
Questions? ❧ igalia.com/compilers ❧ wingolog.org ❧ @andywingo ❧ wingolog.org/pub/jsconf-eu-2012slides.pdf

More Related Content

PDF
function* - ES6, generators, and all that (JSRomandie meetup, February 2014)
byIgalia
 
PDF
Improving Performance of a WebKit Port MIPS Platform (ELC 2014)
byIgalia
 
ODP
LCDS - State Presentation
byRuochun Tzeng
 
PPTX
PHP in 2018 - Q1 - AFUP Limoges
by✅ William Pinaud
 
PPTX
C++ AMP 실천 및 적용 전략
by명신 김
 
PDF
Q4.11: NEON Intrinsics
byLinaro
 
PDF
Q4.11: Using GCC Auto-Vectorizer
byLinaro
 
PDF
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
byAMD Developer Central
 
function* - ES6, generators, and all that (JSRomandie meetup, February 2014)
byIgalia
 
Improving Performance of a WebKit Port MIPS Platform (ELC 2014)
byIgalia
 
LCDS - State Presentation
byRuochun Tzeng
 
PHP in 2018 - Q1 - AFUP Limoges
by✅ William Pinaud
 
C++ AMP 실천 및 적용 전략
by명신 김
 
Q4.11: NEON Intrinsics
byLinaro
 
Q4.11: Using GCC Auto-Vectorizer
byLinaro
 
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
byAMD Developer Central
 

What's hot

PPT
Intro2 Cuda Moayad
byMoayadhn
 
ODP
Dive into CPython Bytecode
byAlex Gaynor
 
PPTX
Java performance jit
bySuken Shah
 
PDF
NIR on the Mesa i965 backend (FOSDEM 2016)
byIgalia
 
PDF
Probability of finding a single qubit in a state
byVijayananda Mohire
 
PDF
Engineering fast indexes
byDaniel Lemire
 
PDF
Autovectorization in llvm
byChangWoo Min
 
PDF
Introduction to RevKit
byMathias Soeken
 
PDF
Tensor Core
byMindos Cheng
 
PPTX
OpenCL Heterogeneous Parallel Computing
byJoão Paulo Leonidas Fernandes Dias da Silva
 
PDF
Android Developer Days: Increasing performance of big arrays processing on An...
byStanfy
 
PDF
Gameboy emulator in rust and web assembly
byYodalee
 
PDF
tokyotalk
byHiroshi Ono
 
PDF
Next Generation Indexes For Big Data Engineering (ODSC East 2018)
byDaniel Lemire
 
PDF
Reversible Logic Synthesis and RevKit
byMathias Soeken
 
PDF
Quantum circuit example in Qiskit
byVijayananda Mohire
 
PDF
The Object Repository - Pulling Objects out of the Ecosystem
byESUG
 
PDF
maXbox Starter 39 GEO Maps Tutorial
byMax Kleiner
 
PPTX
Introduction to FPGAs
byScott Thibault
 
PDF
Introduction to nand2 tetris
byYodalee
 
Intro2 Cuda Moayad
byMoayadhn
 
Dive into CPython Bytecode
byAlex Gaynor
 
Java performance jit
bySuken Shah
 
NIR on the Mesa i965 backend (FOSDEM 2016)
byIgalia
 
Probability of finding a single qubit in a state
byVijayananda Mohire
 
Engineering fast indexes
byDaniel Lemire
 
Autovectorization in llvm
byChangWoo Min
 
Introduction to RevKit
byMathias Soeken
 
Tensor Core
byMindos Cheng
 
OpenCL Heterogeneous Parallel Computing
byJoão Paulo Leonidas Fernandes Dias da Silva
 
Android Developer Days: Increasing performance of big arrays processing on An...
byStanfy
 
Gameboy emulator in rust and web assembly
byYodalee
 
tokyotalk
byHiroshi Ono
 
Next Generation Indexes For Big Data Engineering (ODSC East 2018)
byDaniel Lemire
 
Reversible Logic Synthesis and RevKit
byMathias Soeken
 
Quantum circuit example in Qiskit
byVijayananda Mohire
 
The Object Repository - Pulling Objects out of the Ecosystem
byESUG
 
maXbox Starter 39 GEO Maps Tutorial
byMax Kleiner
 
Introduction to FPGAs
byScott Thibault
 
Introduction to nand2 tetris
byYodalee
 

Similar to JavaScriptCore's DFG JIT (JSConf EU 2012)

PDF
OSCON Presentation: Developing High Performance Websites and Modern Apps with...
byDoris Chen
 
PDF
How much performance can you get out of Javascript? - Massimiliano Mantione -...
byCodemotion
 
PPTX
Node.js behind: V8 and its optimizations
byDawid Rusnak
 
PPTX
Intel JIT Talk
byiamdvander
 
PPTX
Egor Bogatov - .NET Core intrinsics and other micro-optimizations
byEgor Bogatov
 
PDF
Three Optimization Tips for C++
byAndrei Alexandrescu
 
PDF
Three Optimization Tips for C++
byAndrei Alexandrescu
 
PPTX
OLD VERSION - Understanding the V8 Runtime to Maximize Application Performance
byDaniel Fields
 
PPTX
Understanding Javascript Engines
byParashuram N
 
PPTX
Understanding the v8 runtime to maximize application performance
byDaniel Fields
 
PDF
Int64
byBrendan Eich
 
PPTX
Transferring Software Testing and Analytics Tools to Practice
byTao Xie
 
PPTX
How to add an optimization for C# to RyuJIT
byEgor Bogatov
 
PDF
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...
bySpark Summit
 
PDF
Engineering fast indexes (Deepdive)
byDaniel Lemire
 
PDF
JS Responsibilities
byBrendan Eich
 
PDF
Math in V8 is Broken and How We Can Fix It - Athan Reines, Fourier
byNodejsFoundation
 
PDF
Stranger in These Parts. A Hired Gun in the JS Corral (JSConf US 2012)
byIgalia
 
PPTX
DConf 2016: Bitpacking Like a Madman by Amaury Sechet
byAndrei Alexandrescu
 
PPTX
Connect() Mini 2016
byJeff Chu
 
OSCON Presentation: Developing High Performance Websites and Modern Apps with...
byDoris Chen
 
How much performance can you get out of Javascript? - Massimiliano Mantione -...
byCodemotion
 
Node.js behind: V8 and its optimizations
byDawid Rusnak
 
Intel JIT Talk
byiamdvander
 
Egor Bogatov - .NET Core intrinsics and other micro-optimizations
byEgor Bogatov
 
Three Optimization Tips for C++
byAndrei Alexandrescu
 
Three Optimization Tips for C++
byAndrei Alexandrescu
 
OLD VERSION - Understanding the V8 Runtime to Maximize Application Performance
byDaniel Fields
 
Understanding Javascript Engines
byParashuram N
 
Understanding the v8 runtime to maximize application performance
byDaniel Fields
 
Int64
byBrendan Eich
 
Transferring Software Testing and Analytics Tools to Practice
byTao Xie
 
How to add an optimization for C# to RyuJIT
byEgor Bogatov
 
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...
bySpark Summit
 
Engineering fast indexes (Deepdive)
byDaniel Lemire
 
JS Responsibilities
byBrendan Eich
 
Math in V8 is Broken and How We Can Fix It - Athan Reines, Fourier
byNodejsFoundation
 
Stranger in These Parts. A Hired Gun in the JS Corral (JSConf US 2012)
byIgalia
 
DConf 2016: Bitpacking Like a Madman by Amaury Sechet
byAndrei Alexandrescu
 
Connect() Mini 2016
byJeff Chu
 

More from Igalia

PDF
MathML Core in WebKit
byIgalia
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
PDF
Igalia and WebKit: Status update and plans (2025)
byIgalia
 
PDF
Life of a Kernel Bug Fix
byIgalia
 
PDF
Unlocking the Full Potential of WPE to Build a Successful Embedded Product
byIgalia
 
PDF
Advancing WebDriver BiDi support in WebKit
byIgalia
 
PDF
Jumping Over the Garden Wall - WPE WebKit on Android
byIgalia
 
PDF
Collective Funding, Governance and Prioritiation of Browser Engine Projects
byIgalia
 
PDF
Don't let your motivation go, save time with kworkflow
byIgalia
 
PDF
Solving the world’s (localization) problems
byIgalia
 
PDF
The Whippet Embeddable Garbage Collection Library
byIgalia
 
PDF
Nobody asks "How is JavaScript?"
byIgalia
 
PDF
Getting more juice out from your Raspberry Pi GPU
byIgalia
 
PDF
WebRTC support in WebKitGTK and WPEWebKit with GStreamer: Status update
byIgalia
 
PDF
Demystifying Temporal: A Deep Dive into JavaScript New Temporal API
byIgalia
 
PDF
CSS :has() Unlimited Power
byIgalia
 
PDF
Device-Generated Commands in Vulkan
byIgalia
 
MathML Core in WebKit
byIgalia
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
WebXR in Android and Linux with OpenXR
byIgalia
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
Igalia and WebKit: Status update and plans (2025)
byIgalia
 
Life of a Kernel Bug Fix
byIgalia
 
Unlocking the Full Potential of WPE to Build a Successful Embedded Product
byIgalia
 
Advancing WebDriver BiDi support in WebKit
byIgalia
 
Jumping Over the Garden Wall - WPE WebKit on Android
byIgalia
 
Collective Funding, Governance and Prioritiation of Browser Engine Projects
byIgalia
 
Don't let your motivation go, save time with kworkflow
byIgalia
 
Solving the world’s (localization) problems
byIgalia
 
The Whippet Embeddable Garbage Collection Library
byIgalia
 
Nobody asks "How is JavaScript?"
byIgalia
 
Getting more juice out from your Raspberry Pi GPU
byIgalia
 
WebRTC support in WebKitGTK and WPEWebKit with GStreamer: Status update
byIgalia
 
Demystifying Temporal: A Deep Dive into JavaScript New Temporal API
byIgalia
 
CSS :has() Unlimited Power
byIgalia
 
Device-Generated Commands in Vulkan
byIgalia
 

Recently uploaded

PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
December Patch Tuesday
byIvanti
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
The year in review - MarvelClient in 2025
bypanagenda
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 

JavaScriptCore's DFG JIT (JSConf EU 2012)

  • 1.
    The DFG JIT,Inside & Out JavaScriptCore’s Optimizing Compiler JSConf.EU 2012 Andy Wingo
  • 2.
    wingo@igalia.com Compiler hacker atIgalia Contract work on language implementations V8, JavaScriptCore Schemer
  • 3.
    Hubris “Now that JavaScriptCoreis as fast as V8 on its own benchmark, it’s well past time to take a look inside JSC’s optimizing compiler, the DFG JIT.”
  • 4.
    DFG Optimizing compiler forJSC LLInt -> Baseline JIT -> DFG JIT Makes hot code run fast But how good is it?
  • 5.
    An empirical approach Gettinggood code What: V8 benchmarks When: Hacked V8 benchmarks How: Code dive
  • 6.
    The V8 benchmarks Thebest performance possible from an optimizing compiler ❧ full second of warmup ❧ full second of runtime ❧ long run amortizes GC pauses
  • 7.
  • 8.
    Abusing the V8benchmarks When does the DFG kick in? What does it do? Idea: V8 benchmarks with variable warmup ❧ after 0 ms of warmup ❧ after 5 ms of warmup ❧ after n ms of warmup Small fixed runtime (5 ms)
  • 9.
    Caveats Very sensitive ❧ GC ❧optimization pauses ❧ timer precision ... but then, so is real code Keep close eye on distribution of measurements
  • 10.
    Richards Speedup: 3.7X Bit ops,properties, prototypes
  • 11.
    TaskControlBlock.prototype.isHeldOrSuspended = function() { return (this.state & STATE_HELD) != 0 || (this.state == STATE_SUSPENDED); }; GetLocal 0x7f4d028abbf4: CheckStructure 0x7f4d028abbf8: 0x7f4d028abc02: 0x7f4d028abc05: GetByOffset 0x7f4d028abc0b: GetGlobalVar 0x7f4d028abc0f: 0x7f4d028abc19: BitAnd 0x7f4d028abc1c: 0x7f4d028abc1f: 0x7f4d028abc25: 0x7f4d028abc28: 0x7f4d028abc2e: mov -0x38(%r13), %rax mov $0x7f4d00109c80, %r11 cmp %r11, (%rax) jnz 0x7f4d028abd15 mov 0x38(%rax), %rax mov $0x7f4d479cdca8, %rdx mov (%rdx), %rdx cmp %r14, %rax jb 0x7f4d028abd2b cmp %r14, %rdx jb 0x7f4d028abd41 and %edx, %eax
  • 12.
    CompareEq 0x7f4d028abc30: 0x7f4d028abc32: 0x7f4d028abc34: 0x7f4d028abc37: 0x7f4d028abc3a: xor %ecx, %ecx cmp%ecx, %eax setz %al movzx %al, %eax or $0x6, %eax LogicalNot 0x7f4d028abc3d: xor $0x1, %rax SetLocal 0x7f4d028abc41: mov %rax, 0x0(%r13) Branch 0x7f4d028abc45: test $0x1, %eax 0x7f4d028abc4b: jnz 0x7f4d028abc87 ... 0x7f4d028abc97: ret (End Of Main Path) ...
  • 13.
  • 14.
    Inlining At 20ms: Delaying optimizationfor Constraint.prototype.satisfy (in loop) because of insufficient profiling. Eventually succeeds after 4 more times and 20 more ms; see --maximumOptimizationDelay.
  • 15.
    1000 cuts One functionoptimized about 20ms in: Planner.prototype.addConstraintsConsumingTo = function (v, coll) { var determining = v.determinedBy; var cc = v.constraints; for (var i = 0; i < cc.size(); i++) { var c = cc.at(i); if (c != determining && c.isSatisfied() coll.add(c); } } Many small marginal gains
  • 16.
  • 17.
    function am3(i,x,w,j,c,n) { varthis_array = this.array; var w_array = w.array; var xl = x&0x3fff, xh = x>>14; while(--n >= 0) { var l = this_array[i]&0x3fff; var h = this_array[i++]>>14; var m = xh*l+h*xl; l = xl*l+((m&0x3fff)<<14)+w_array[j]+c; c = (l>>28)+(m>>14)+xh*h; w_array[j++] = l&0xfffffff; } return c; }
  • 18.
    var l =this_array[i]&0x3fff GetLocal: this_array 0x7f4d02909bf6: mov 0x0(%r13), %r10 GetLocal: i (int32; type check hoisted) 0x7f4d02909bfa: mov -0x40(%r13), %eax GetButterfly: this_array 0x7f4d02909bfe: mov 0x8(%r10), %rdx GetByVal: this_array[i] (array check hoisted) 0x7f4d02909c02: cmp -0x4(%rdx), %eax 0x7f4d02909c05: jae 0x7f4d02909ed2 0x7f4d02909c0b: mov 0x10(%rdx,%rax,8), %rcx 0x7f4d02909c10: test %rcx, %rcx 0x7f4d02909c13: jz 0x7f4d02909ee8 BitAnd: 0x7f4d02909c19: cmp %r14, %rcx 0x7f4d02909c1c: jb 0x7f4d02909efe 0x7f4d02909c22: mov %rcx, %rbx 0x7f4d02909c25: and $0x3fff, %ebx
  • 19.
    RayTrace Speedup: 2.5X Floating point,objects with floating-point fields
  • 20.
    normalize() normalize : function(){ var m = this.magnitude(); return new Flog.RayTracer.Vector(this.x / m, this.y / m, this.z / m); }, DFG inlines as it compiles: inlines this.magnitude() ArithDiv: 0x7f4d0298164b: divsd %xmm1, %xmm0 SetLocal: 0x7f4d0298164f: movd %xmm0, %rdx 0x7f4d02981654: sub %r14, %rdx 0x7f4d02981657: mov %rdx, 0x20(%r13) No typed fields (yet)
  • 21.
    EarleyBoyer Speedup: 2.0X Function calls,small short-lived allocations
  • 22.
    EarleyBoyer “Performance is adistribution, not a value” Wide distribution indicates nonuniform performance Cause in this case: nonincremental mark GC
  • 23.
  • 24.
  • 25.
    NavierStokes Speedup: 3.0X Floating pointarrays, large floating-point functions
  • 26.
    No automagic doublearrays GetByVal: 0x7f4d02acec1f: 0x7f4d02acec23: 0x7f4d02acec29: 0x7f4d02acec2e: 0x7f4d02acec31: cmp -0x4(%rcx), %r9d jae 0x7f4d02acee0b mov 0x10(%rcx,%r9,8), %rbx test %rbx, %rbx jz 0x7f4d02acee21 GetLocal: 0x7f4d02acec37: Int32ToDouble: 0x7f4d02acec3b: 0x7f4d02acec3e: 0x7f4d02acec44: 0x7f4d02acec47: 0x7f4d02acec4d: 0x7f4d02acec50: 0x7f4d02acec53: 0x7f4d02acec58: 0x7f4d02acec5d: mov -0x50(%r13), %rdi cmp %r14, %rbx jae 0x7f4d02acec5d test %rbx, %r14 jz 0x7f4d02acee37 mov %rbx, %rsi add %r14, %rsi movd %rsi, %xmm0 jmp 0x7f4d02acec61 cvtsi2sd %ebx, %xmm0
  • 27.
    Getting data outof JSC jsc --options jsc -d jsc --showDFGDisassembly=true -DJIT_ENABLE_VERBOSE=1, DJIT_ENABLE_VERBOSE_OSR=1 and timestamping hacks on dataLog
  • 28.
    Comparative Literature V8 vsJSC: fight! Does JSC beat V8? Does JSC meet V8? Does V8 beat JSC?
  • 29.
  • 30.
    Questions? ❧ igalia.com/compilers ❧ wingolog.org ❧@andywingo ❧ wingolog.org/pub/jsconf-eu-2012slides.pdf