TurboFan: A new code generation architecture for V8

Benedikt Meurer

Google Munich

@bmeurer

Proprietary

Proprietary

Ignition and TurboFan

​

enabled in

​

Chrome Dev / Canary!

Proprietary

Proprietary

Source: medium.com/dev-channel/javascript-start-up-performance-69200f43b201

Proprietary

Why a new code generation architecture?

• Improve baseline performance
• Make performance predictable
• Reduce page load time
• Reduce memory usage
• Reduce complexity

Proprietary

A bit of history...

Proprietary

Proprietary

Compiler pipeline (2008)

Codegen

Semi-optimized Code

Parser

Abstract Syntax Tree

JavaScript Source Code

Proprietary

Compiler pipeline (2010)

Full-

Codegen

Unoptimized Code

Crankshaft

Optimized Code

Parser

Abstract Syntax Tree

JavaScript Source Code

Optimized

Baseline

Optimize

Deoptimize

Proprietary

Compiler pipeline (2014)

Full-

Codegen

Unoptimized Code

Crankshaft

Optimized Code

TurboFan

Parser

Abstract Syntax Tree

JavaScript Source Code

Optimized

Baseline

Optimize

Deoptimize

Proprietary

Compiler pipeline (2016)

Full-

Codegen

Unoptimized Code

Crankshaft

Optimized Code

TurboFan

Parser

Abstract Syntax Tree

Ignition

Bytecode

JavaScript Source Code

Optimized

Baseline

Interpreted

Optimize

Deoptimize

Baseline

(Low-end Android)

Proprietary

WTF?!!1

Proprietary

Proprietary

Compiler pipeline (2017)

Optimized Code

TurboFan

Parser

Abstract Syntax Tree

Ignition

Bytecode

JavaScript Source Code

Optimized

Interpreted

Deoptimize

Optimize

Proprietary

Reduce complexity

Proprietary

Abstract Syntax Tree

Proprietary

Abstract Syntax Tree

const f = (a, b) => a + b * 3;

Proprietary

Abstract Syntax Tree

Proprietary

Supported architectures

Proprietary

Supported architectures

arm

ia32

x64

mips

V8 3.24.9

Proprietary

Architecture-specific LOCs

Proprietary

29%

less architecture-specific code from 2013 to 2017

Proprietary

Unified code generation architecture

TurboFan code

generation

architecture

Intel, ARM, PowerPC,

MIPS

Control flow graph

Proprietary

Unified code generation architecture

• (not just an) Optimizing compiler
• Interpreter bytecode handlers
• Builtins (Object.create, Array.prototype.indexOf, etc.)
• Code stubs / IC subsystem
• WebAssembly code generation

Proprietary

Unified code generation architecture

​

• More opportunities for performance improvements
• Fewer bugs (no more register allocation by hand)
• Easier to port to new architectures

Proprietary

Predictable Performance

Proprietary

Optimization Killers

Proprietary

Optimization Killers

• Generators and async functions
• for-of and destructuring
• try-catch and try-finally
• Compound let or const assignment
• Object literals that contain __proto__, or get or set declarations.
• debugger or with statements
• Literal calls to eval()
• …

Proprietary

Optimization Killers - arguments object

const arr = new Array(4000);�function mymax() { return Math.max.apply(undefined, arguments); }�for (let i = 0; i < 2000; ++i) mymax(...arr);

$ node --trace-opt --trace-deopt apply.js�…�[deoptimizing (DEOPT eager): begin 0x34e770317ea1 <JS Function mymax (SharedFunctionInfo 0x2793cb1f4031)> (opt #5) @2, FP to SP delta: 24, caller sp: 0x7fff5fbf6378]�…�[disabled optimization for 0x2793cb1f4031 <SharedFunctionInfo mymax>, reason: Optimized too many times]�$

Proprietary

Optimization Killers - arguments object

var callbacks = [� function sloppy() {},� function strict() { "use strict"; }�];��function dispatch() {� for (var l = callbacks.length, i = 0; i < l; ++i) {� callbacks[i].apply(null, arguments);� }�}��for(var i = 0; i < 100000; ++i) dispatch(1, 2, 3, 4);

​

Proprietary

Optimization Killers

Source: twitter.com/goodmodule/status/840227134689935362

Proprietary

Baseline Performance

Proprietary

Baseline Performance - Builtins

Proprietary

Baseline Performance - Builtins

• Expectation mismatch: “builtins should be fast”
• TurboFan’s CodeStubAssembler basis for fast builtins
• Ideally no performance cliff

Proprietary

Baseline Performance - RegExp Builtins

Source: v8project.blogspot.com/2017/01/speeding-up-v8-regular-expressions.html

Proprietary

Baseline Performance - Promises & async/await

Source: v8project.blogspot.com/2017/02/v8-release-57.html

Proprietary

Baseline Performance

• Baseline performance matters
• Optimize too early is costly
• Might deoptimize quickly because type feedback not stable yet
• Optimization is expensive
• Generated code quality depends on quality and stability of type feedback

Proprietary

Improve Startup Time

Proprietary

Proprietary

Improve Startup Time

• Bytecode faster to generate
• Better suited for smaller icache - (low-end) mobile
• Parse only once, optimize from bytecode
• Optimize less aggressively - better baseline performance
• Data-driven ICs reduce slow path cost

Proprietary

Reduce Memory Usage

Proprietary

Reduce Memory Usage

• Memory is precious on mobile
• Android devices with 512MiB - 1GiB are common
• Emerging markets
• Ignition code is up to 8x smaller than Full-Codegen code (arm64)

Proprietary

Reduce Memory Usage

Proprietary

Proprietary

Proprietary

Chrome Dev / Canary

Further information: v8project.blogspot.com/2017/02/help-us-test-future-of-v8.html

Proprietary

Node vee-eight-lkgr (Ubuntu/x86_64 build)

Further information: medium.com/@bmeurer/help-us-test-the-future-of-node-js-6079900566f

github.com/v8/node

Proprietary

Node vee-eight-lkgr (source build)

git clone https://github.com/v8/node.git node-v8�cd node-v8�git checkout vee-eight-lkgr�./configure --prefix "$HOME/Applications/node-vee-eight-lkgr"�make install

Further information: medium.com/@bmeurer/help-us-test-the-future-of-node-js-6079900566f

Proprietary

Performance Results

Proprietary

Proprietary

Page Load Time (Top25 Websites)

Proprietary

Page Load Time (LinkedIn Feed)

Source: twitter.com/krisselden/status/839886186218823681

Proprietary

Page Load Time (Script Execution)

Time HTML parser blocked on script execution

Proprietary

Framework Performance (Speedometer)

Source: browserbench.org/Speedometer

Proprietary

Framework Performance (Speedometer)

Source: browserbench.org/Speedometer

Proprietary

Framework Performance (Ember)

Source: twitter.com/codinghorror/status/841775015917887488

Proprietary

Node Server Workloads (AcmeAir)

Throughput on AcmeAir

Proprietary

UglifyJS2

UglifyJS is a JavaScript parser, minifier, compressor or beautifier toolkit.

​

​

​

​

github.com/mishoo/UglifyJS2

Proprietary

Proprietary

Cryptographic / Number Crunching Applications

Source: github.com/indutny/self-signed

Deterministic Prime Number Generation

Proprietary

Performance Advice

Proprietary

Proprietary

Performance Advice

“Premature optimization is the root of all evil”

Proprietary

Performance Advice

• Write idiomatic, declarative JavaScript
• Appropriate language features
• Handle exceptions where necessary
• Use proper collections (Map, Set, WeakMap, WeakSet, etc.)
• Avoid (engine-specific) work-arounds
• File bug reports when something is slow

Proprietary

Performance Advice - Declarative JavaScript

​

Declarative

if (obj !== undefined) { return obj.x; }

Obscure

if (obj) { return obj.x; }

... ...........� 27 cmpq [r13-0x40],rax

31 jz 128

37 test al,0x1

39 setzl bl

42 movzxbl rbx,rbx

45 cmpl rbx,0x0

48 jnz 185

54 cmpq [r13-0x38],rax

58 jz 128

64 movq rdx,[rax-0x1]

68 testb [rdx+0xc],0x10

72 jnz 128

78 cmpq [r13+0x50],rdx

82 jz 160

... ...........

160 vmovsd xmm0,[rax+0x7]

165 movq [rbp-0x18],rbx

169 vxorpd xmm1,xmm1,xmm1

173 vucomisd xmm1,xmm0

177 jz 128

179 movq rbx,[rbp-0x18]

183 jmp 88

185 movq [rbp-0x18],rbx

189 cmpq rax,0x0

193 jz 128

195 movq rbx,[rbp-0x18]

199 jmp 88

... ...........

​

... ...........�23 cmpq [r13-0x60],rax

27 jz 72

... ...........

~15% faster on avg!

Proprietary

Performance Advice - Declarative JavaScript

​

Declarative

function foo6(f, ...args) {� return f(...args);�}

Obscure

function foo5(f) {� switch (arguments.length) {� case 1: return f();� case 2: return f(arguments[1]);� case 3: return f(arguments[1], arguments[2]);� default: {� var args = [];� for (var i = 1; i < arguments.length; ++i) {� args[i - 1] = arguments[i];� }� return f.apply(undefined, args);� }� }�}

​

~4.5x faster on avg!

Proprietary

Proprietary