JavaScript Core 概述陈浩Jun/2013
Agenda• JavaScript• JavaScript Core & WebCore• JavaScript VM• JavaScript Compiler• JavaScript JIT• And ……
JavaScript
JavaScript• Garbage collection• Dynamic typing• No classes, prototypes allow OOP• eval, call, apply, inner functions, clos...
JavaScript - OOP
JavaScript – Closure & Scope Chain
id win = [webView windowScriptObject];id location = [win valueForKey:@"location"];NSString *href = [location valueForKey:@...
JavaScript Core and WebCore
模块
JavaScript – Running Environment• VM• Global Object• Execution Context– Exec State
Property Access
Execution Context.Global Code.Function Code.Eval Code
JS Binding• W3C Web IDL
JS Binding
JS Binding
Console
JavaScript Execution页面解析相关执行相关
JavaScript Execution
JavaScript Execution
Script Element
HTML Parser
JavaScript Execution
JS blocked by CSS
JavaScript Execution - async
JavaScript Execution - defer
W3C Standard• Running a script– <LINK>
Inside of JSC
Running in JSC
模块功能Front-endBack-end
前端功能组后端功能组
Parser
Lexer & Parseri=3;Variable Equal Constant EndTo assign 3 to variable i.
VM• Register-Based[ 0] enter[ 1] mov r0, Cell: 0133FC40(@k0)[ 4] put_by_id r0, a(@id0), Int32:100(@k1)[ 13] mov r0, Cell: ...
VM• Stack Based 0: bipush 1002: istore_13: sipush 2006: istore_27: sipush 30010: istore_311: iload_112: iload_213: iadd14:...
function sub(a,b){return a-b;}function add(a,b){return a+b;}i=0;while(i<3000){value = add(i,i+2);i=i+1;}value = value + 1;...
Low Level Interpreter• 执行ByteCode• Offlineasm
Bytecode[ 32] put_to_base r1, s(@id0), r0, 35719584[ 37] resolve_base r1, i(@id2), 35719328, 35719616[ 44] mov r0, Int32: ...
JIT – Just in time• 编译为本地代码• 占用执行时间
JIT - Interpreter• Classic Interpreter– Implementation• while(1) { switch(…) …}– Easy implementation– Performance limitati...
JIT• ◮ Compiler generates machine code from bytecode (jit/*)• ◮ Big switch with emit-calls• ◮ Uses target specific macro a...
Baseline JIT• 与Interpreter相似, 执行ByteCode• 转为机器码执行
DFG JIT• Data Flow Graph JIT• 推测优化、局部寄存器分配• 基于数据流图的类型推测– SSA
Traced JIT
Execution – Dynamic Compiler
Type Inference• 对已知类型的数据操作要比查表法快得多,所以需要越早知道数据类型,越有利于提升性能。
Type Inferenceo.x * o.x + o.y * o.y1. Type Prediction2. Type Checks
Garbage Collection• Mark – Sweep– Reference Counting– Bitmap
Forward …
Compiler
SSA• 转为直线型代码,优化的基础
Trampolines• 机器码函数存根• JIT编译后,替换为真实函数的指针。
Trampolines
Inline Cache
Inline Cache• Polymorphic Inline Cache– Source Code:PolymorphicPutByIdList.h/.cpp
Common Sub-expression Elimination• Value numbering• CSE
Register Allocation• Linear Scan• Register AllocationRegisterID *BytecodeGenerator::newRegister()
Generational GC• Card marking Write BarriersTracer:Marks and tracesJava Mutator:Modifies Blue and Green objectsWrite barri...
Any more…
• LLVM IR to JavaScript (Emscripten)– Python,Ruby,Lua for WebBrowser– C++ to JavaScript• JavaScript on LLVM– Farbic Engine...
Garbage Collection• Pause time• Pause predictability• CPU usage• Memory footprint• Virtual memory interaction• Cache inter...
• ECMA Harmony– 6th version
Key Reference• Virtual Machine & JavaScript Engine– <LINK>
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Java scriptcore brief introduction
Upcoming SlideShare
Loading in …5
×

Java scriptcore brief introduction

397 views
264 views

Published on

JavaScript
JavaScript Core & WebCore
JavaScript VM
JavaScript Compiler
JavaScript JIT (SSA,CSE,Inline Cache...)

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
397
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Java scriptcore brief introduction

  1. 1. JavaScript Core 概述陈浩Jun/2013
  2. 2. Agenda• JavaScript• JavaScript Core & WebCore• JavaScript VM• JavaScript Compiler• JavaScript JIT• And ……
  3. 3. JavaScript
  4. 4. JavaScript• Garbage collection• Dynamic typing• No classes, prototypes allow OOP• eval, call, apply, inner functions, closures
  5. 5. JavaScript - OOP
  6. 6. JavaScript – Closure & Scope Chain
  7. 7. id win = [webView windowScriptObject];id location = [win valueForKey:@"location"];NSString *href = [location valueForKey:@"href"];JavaScript in Objective-C
  8. 8. JavaScript Core and WebCore
  9. 9. 模块
  10. 10. JavaScript – Running Environment• VM• Global Object• Execution Context– Exec State
  11. 11. Property Access
  12. 12. Execution Context.Global Code.Function Code.Eval Code
  13. 13. JS Binding• W3C Web IDL
  14. 14. JS Binding
  15. 15. JS Binding
  16. 16. Console
  17. 17. JavaScript Execution页面解析相关执行相关
  18. 18. JavaScript Execution
  19. 19. JavaScript Execution
  20. 20. Script Element
  21. 21. HTML Parser
  22. 22. JavaScript Execution
  23. 23. JS blocked by CSS
  24. 24. JavaScript Execution - async
  25. 25. JavaScript Execution - defer
  26. 26. W3C Standard• Running a script– <LINK>
  27. 27. Inside of JSC
  28. 28. Running in JSC
  29. 29. 模块功能Front-endBack-end
  30. 30. 前端功能组后端功能组
  31. 31. Parser
  32. 32. Lexer & Parseri=3;Variable Equal Constant EndTo assign 3 to variable i.
  33. 33. VM• Register-Based[ 0] enter[ 1] mov r0, Cell: 0133FC40(@k0)[ 4] put_by_id r0, a(@id0), Int32:100(@k1)[ 13] mov r0, Cell: 0133FC40(@k0)[ 16] put_by_id r0, b(@id1), Int32:200(@k2)[ 25] mov r0, Cell: 0133FC40(@k0)[ 28] put_by_id r0, c(@id2), Int32:300(@k3)[ 37] resolve_global r0, a(@id0)[ 43] resolve_global r1, b(@id1)[ 49] add r0, r0, r1[ 54] resolve_global r1, c(@id2)[ 60] mul r0, r0, r1[ 65] ret r0
  34. 34. VM• Stack Based 0: bipush 1002: istore_13: sipush 2006: istore_27: sipush 30010: istore_311: iload_112: iload_213: iadd14: iload_315: imul16: ireturn
  35. 35. function sub(a,b){return a-b;}function add(a,b){return a+b;}i=0;while(i<3000){value = add(i,i+2);i=i+1;}value = value + 1;[ 0] enter[ 1] mov r0, Undefined(@k0)[ 4] resolve_base r1, i(@id0), 20975696, 20978944[ 11] mov r0, Int32: 0(@k1)[ 14] put_to_base r1, i(@id0), r0, 20978944[ 19] resolve r1, i(@id0), 20975712[ 24] jnless r1, Int32: 3000(@k2), 78(->102)[ 28] loop_hint[ 0] enter[ 1] add r0, r-8, r-9[ 6] ret r0
  36. 36. Low Level Interpreter• 执行ByteCode• Offlineasm
  37. 37. Bytecode[ 32] put_to_base r1, s(@id0), r0, 35719584[ 37] resolve_base r1, i(@id2), 35719328, 35719616[ 44] mov r0, Int32: 0(@k3)[ 47] put_to_base r1, i(@id2), r0, 35719616[ 52] resolve r1, i(@id2), 35719344[ 57] jnless r1, Int32: 3000(@k4), 78(->135)[ 61] loop_hint[ 62] resolve_base r1, value(@id3), 35719360, 35719648[ 69] resolve_with_this r5, r2, add(@id4), 35719376[ 75] resolve r4, i(@id2), 35719344[ 80] resolve r6, i(@id2), 35719344[ 0] enter[ 1] sub r0, r-8, r-9[ 6] ret r0
  38. 38. JIT – Just in time• 编译为本地代码• 占用执行时间
  39. 39. JIT - Interpreter• Classic Interpreter– Implementation• while(1) { switch(…) …}– Easy implementation– Performance limitation• Obsoleted in WebKit.
  40. 40. JIT• ◮ Compiler generates machine code from bytecode (jit/*)• ◮ Big switch with emit-calls• ◮ Uses target specific macro assembler and assembler classes• ◮ Target specific assember constructs instruction words• ◮ Register allocation
  41. 41. Baseline JIT• 与Interpreter相似, 执行ByteCode• 转为机器码执行
  42. 42. DFG JIT• Data Flow Graph JIT• 推测优化、局部寄存器分配• 基于数据流图的类型推测– SSA
  43. 43. Traced JIT
  44. 44. Execution – Dynamic Compiler
  45. 45. Type Inference• 对已知类型的数据操作要比查表法快得多,所以需要越早知道数据类型,越有利于提升性能。
  46. 46. Type Inferenceo.x * o.x + o.y * o.y1. Type Prediction2. Type Checks
  47. 47. Garbage Collection• Mark – Sweep– Reference Counting– Bitmap
  48. 48. Forward …
  49. 49. Compiler
  50. 50. SSA• 转为直线型代码,优化的基础
  51. 51. Trampolines• 机器码函数存根• JIT编译后,替换为真实函数的指针。
  52. 52. Trampolines
  53. 53. Inline Cache
  54. 54. Inline Cache• Polymorphic Inline Cache– Source Code:PolymorphicPutByIdList.h/.cpp
  55. 55. Common Sub-expression Elimination• Value numbering• CSE
  56. 56. Register Allocation• Linear Scan• Register AllocationRegisterID *BytecodeGenerator::newRegister()
  57. 57. Generational GC• Card marking Write BarriersTracer:Marks and tracesJava Mutator:Modifies Blue and Green objectsWrite barrier on objectsTracer:Traces rest of graphTracer:Clean blue object
  58. 58. Any more…
  59. 59. • LLVM IR to JavaScript (Emscripten)– Python,Ruby,Lua for WebBrowser– C++ to JavaScript• JavaScript on LLVM– Farbic EngineVM/JIT
  60. 60. Garbage Collection• Pause time• Pause predictability• CPU usage• Memory footprint• Virtual memory interaction• Cache interaction• Effects on program locality• Compiler and runtime impact
  61. 61. • ECMA Harmony– 6th version
  62. 62. Key Reference• Virtual Machine & JavaScript Engine– <LINK>

×