Embed Size (px)
Citation preview
JIT in webkit
What’s JIT
• See http://en.wikipedia.org/wiki/Just-in-time_compilation for more info.
• Just-in-time compilation• Also known as dynamic translation, is a
technique for improving the runtime performance of a computer program.
Normal way
• Either interpreted or static (ahead of time) compilation.
• Interpreted code is translated from a high-level language to a machine code continuously during every execution, whereas statically compiled code is translated into machine code before execution, and only requires this translation once.
JIT way
• JIT compilers represent a hybrid approach, with translation occurring continuously, as with interpreters, but with caching of translated code to minimize performance degradation. It also offers other advantages over statically compiled code at development time, such as handling of late-bound data types and the ability to enforce security guarantees.
Startup delay and optimizations
• JIT typically causes a slight delay in initial execution of an application, due to the time taken to load and compile the bytecode. Sometimes this delay is called "startup time delay". In general, the more optimization JIT performs, the better the code it will generate, but the initial delay will also increase.
Webkit JIT -- SquirellFish Extremeinterface between jit and C++
• The way of argument passing. In SquirellFish Extreme the arguments are never freed, however. The same argument list is passed to the high level C++ callback functions again and again.
• On arm, the return address is stored in the link register.
Webkit JIT -- SquirellFish Extreme constructing constants 1
• Among other things, one interesting advantage of dynamically generated code is that constants can be embedded into the instruction stream. WebKit JIT goes one step further: you can also rewrite constants which are not even known at JIT compilation time. Those constants typically hold cached values used by some fast cases.
Webkit JIT -- SquirellFish Extreme constructing constants 2 -- impl
• On x86 based machines, these features are rather easy to implement, since instructions have a 32 bit immediate field, which is enough to hold any immediate value.
• On ARM, we only have an 8 bit immediate field, which can be rotated by an even number. Therefore, we sometimes need 4 instructions to create a 32 bit number.
Webkit JIT -- SquirellFish Extreme property caching madness
• Dynamic languages like JavaScript have a lot of interesting fetures: we can create or destroy new classes during runtime or assign anything to any variable regardless of its type.
• Property and call target caching to speed up.• Property caching is based on the observation
that the type of a value at a given code location is the same most of the time even for dynamic languages.
Webkit JIT -- SquirellFish Extreme property caching madness -- more
• Resolving an identifier using the current scope chain or using a member of an object is a very slow operation. How can we make it faster? Let's cache the type and the result of the last resolve operation. Next time, when this particular location is reached again, we only have to compare the type of the variable to the cached type. If they are the same, we can use the cached value. This is true for function calls as well.
Webkit JIT -- SquirellFish Extremeimpl more detail
• Use map to get one rwx memory area to store the generated machine code, the same thing as the code area of normal executing mode.
• Least operation on stack, use register instead. Including parameter and return value of js
function. The same for C++ callback invoke from js function.
The end
• That’s all.• Thank you!
