WebKit FTL JIT 具体做了什么?

题叶
  • 17.3k
回复
阅读 5.2k
2 个回答

早上再读了一下, 后半段没看懂..

前面大致意思, Webkit 原来对 JS 代码做 3 层优化:

The LLInt is optimized for low latency start-up, while the DFG is optimized for high throughput. The first execution of any function always starts in the interpreter tier.

当代码执行次数累积到一定数量, 大致能低效编译代码的成本时, 会切换编译的方式:

As soon as any statement in the function executes more than 100 times, or the function is called more than 6 times (whichever comes first), execution is diverted into code compiled by the Baseline JIT. This eliminates some of the interpreter’s overhead but lacks any serious compiler optimizations. Once any statement executes more than 1000 times in Baseline code, or the Baseline function is invoked more than 66 times, we divert execution again to the DFG JIT

每一层带来的性能提升大概是:

然后, 觉得 DFG 加速还是不够的, 许多编译很耗时的优化都没做过,
于是加入第四层(Forth Tier) LLVM 的优化:

第四层的性能提升大概是这样的:

而且, 就算 Webkit 没有专门识别 ASM.js , ASM 的代码也能被优化(时间越短越好):

因为 LLVM 编译性能开销大, 只有对极少数重复执行次数非常多的代码会使用 FTL 优化:

For Baseline-to-DFG tier-up, we set the counter to -1000 × C where C is a function of the size of the compilation unit and the amount of available executable memory. C is usually close to 1. DFG-to-FTL tier-up is more aggressive; we set the counter to -100000 × C. This ensures that short-running code never results in an expensive LLVM-based compile. Any function that runs for more than approximately 10 milliseconds on modern hardware will get compiled by the FTL.

由于 LLVM 是为静态类型设计的, 这里又为动态语言增加了优化, 带来性能提升(时间越短越好)

文章達大部分讲的是具体优化的技术细节... 看不懂, 主要看图片了...

另外 Hacker News 上提到 V8 的优化有两层, 分别是在 DFG 性能上下,
根据 ASM 生成的代码测试, FLT 的性能高于 V8(不过还是 Firefox 快):
https://news.ycombinator.com/item?id=7741343

没找到和 V8 全面的性能对比...

大致扫了一眼,就是有个很成熟的编译(优化)器叫LLVM,然后webkit那帮人写了个adapter让JS的字节码可以用LLVM的优化器来优化

个人认为比起V8的跳过字节码直接编译成机器码来说还是差了一点,具体成果需要benchmark说话

宣传栏