A compact bytecode format for JavaScriptCore

A Compact Bytecode Format
for JavaScriptCore
Tadeu Zagallo
Apple Inc.

Agenda
• High level overview
• Old bytecode format
• New bytecode format
• Memory comparison
• Type safety improvements

DFG Backend FTL Backend
Parser
Bytecompiler
Interpreter Template JIT DFG Frontend DFG Frontend
DFG FTLBaselineLLInt

Bytecode Goals
• Memory efﬁciency
• Cacheable

Bytecode
// double.js
function double(a) {
return a + a;
}
double(2);
$ jsc -d double.js

Bytecode
[ 0] enter
[ 1] get_scope loc4
[ 3] mov loc5, loc4
[ 6] check_traps
[ 7] add loc7, arg1, arg1,
OperandTypes(126, 126)
[13] ret loc7

Old Bytecode Format
• Used too much memory
• The instruction stream was writable
• It had optimizations that were no longer beneﬁcial

Old Bytecode Format
• Unlinked Instructions
• Compact
• Optimized for storage
• Linked Instructions
• Inﬂated
• Optimized for execution

Unlinked Instruction
1 byte 1 byte 1 byte 1 byte 2 bytes
op_add
0x1A
dst
0xF8
lhs
0x01
rhs
0x01
operandTypes
0xFEFE

Linked Instruction
8 bytes 8 bytes 8 bytes 8 bytes 8 bytes
op_add
0x0000000010003240
dst
0xFFFFFFFFFFFFFFF8
lhs
0x0000000000000001
rhs
0x0000000000000001
arithProﬁle
0x00000000100039D8

Execution
• Direct threading
• Inline caching

Execution
• ofﬂineasm overview
• Direct threading
• Inline caching

ofﬂineasm
macro load(tmp, getter)
getter(tmp)
loadi [tmp], tmp
end
_label:
load(t0, macro(tmp) move 42, tmp end)

ofﬂineasm
getter(tmp)
loadi [tmp], tmp
end
_label:
Temporary registers: t0-t5

ofﬂineasm
getter(tmp)
loadi [tmp], tmp
end
_label:
• b for byte
• h for 16-bit
• i for 32-bit
• q for 64-bit
• p for pointer
Instruction sufﬁxes

ofﬂineasm
getter(tmp)
loadi [tmp], tmp
end
_label:
Macros are lambda expressions that take zero or more
arguments and return code

ofﬂineasm
getter(tmp)
loadi [tmp], tmp
end
_label:
Macros may be anonymous

ofﬂineasm
getter(tmp)
loadi [tmp], tmp
end
_label:
And macros can also be passed as arguments to other
macros

Direct Threading
macro dispatch(instructionSize)
addp instructionSize * PtrSize, PC
jmp [PC]
end
8 bytes 8 bytes 8 bytes 8 bytes
...
op_mov
0x000010011080
dst
0xFFFFFFFFFFA
src
0xFFFFFFFFFFB
op_add
0x000010003240
...
PC

8 bytes 8 bytes 8 bytes 8 bytes
...
op_mov
0x000010011080
dst
0xFFFFFFFFFFA
src
0xFFFFFFFFFFB
op_add
0x000010003240
...
Direct Threading
jmp [PC]
end
PC

Inline Caching
object.field
get_by_id object, field

Inline Caching
Structure #0x197
ﬁeld 0x10
x 0x20
Y 0x30
object #1
0x10 42
0x20 “foo”
0x30 false
object #2
0x10 [13, 42]
0x20 true
0x30 {}

Inline Caching
object.field
get_by_id object, field, 0, 0
Structure ID Offset

object.field
get_by_id object, field, 0, 0
Structure #0x197
ﬁeld 0x10
x 0x20
Y 0x30
object #1
0x10 42
0x20 “foo”
0x30 false

object.field
get_by_id object, field, 0x197, 0x10
Structure #0x197
ﬁeld 0x10
x 0x20
Y 0x30
object #1
0x10 42
0x20 “foo”
0x30 false

New Bytecode
• Compact
• No separate linked format
• Multiple encoding sizes
• Cacheable
• No runtime values
• Read-only instruction stream

Narrow Instructions
1 byte 1 byte 1 byte 1 byte 1 byte 1 byte
op_add
0x1A
dst
0xF8
lhs
0x01
rhs
0x01
operandTypes
0xFE
metadataID
0x00

Wide Instructions
(32-bit words)
1 byte 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes
op_wide
0x01
op_add
0x0000001A
dst
0xFFFFFFF8
lhs
0x00000001
rhs
0x00000001
operandTypes
0xFFFFFFFE
metadataID
0x00010000

Metadata Table
op_add
op_call
…
0 1 …
arithProfile: ArithProfile() ArithProfile() …
0 1 …
arithProfile: ArithProfile() ArithProfile() …
valueProfile: ValueProfile() ValueProfile() …

Metadata Table
~200 opcodes × 8 bytes × ~23k tables
=
~36MB

Metadata Table
Header Payload
0x0 0x4 … 0x100 0x110 0x120 …
op_add 
0x100
op_call
0x120
… OpAdd::Metadata[0] OpAdd::Metadata[1] OpCall::Metadata[0] …
• Allocate the whole table as a single chunk of memory
• Only allocate space for opcodes that have metadata
• Change the header from pointer to unsigned offset

Execution
• Indirect threading
• Inline caching
• Wide instruction execution

Indirect Threading
jmp [PC]
end

Indirect Threading
addp instructionSize, PC
loadb [PC], t0
leap _g_opcodeMap, t1
jmp [t1, t0, PtrSize]
end

Inline Caching
MetadataTable [ OpcodeID ] [ MetadataID ]
CallFrame
CodeBlock Instruction Stream

Wide Instruction Execution
loadb [PC], t0
end
_llint_op_wide:
loadi 1[PC], t0
leap _g_opcodeMapWide, t1

loadb [PC], t0
end
_llint_op_wide:
loadi 1[PC], t0
leap _g_opcodeMapWide, t1
Wide Instruction Execution

apple.com
0 MB
2 MB
4 MB
6 MB
Before After
Description Before After %
Unlinked 0.55 MB 0.57 MB +4%
Linked 4.05 MB
2.14 MB -57%
Metadata 0.99 MB
Total 5.60 MB 2.71 MB -52%

reddit.com
0 MB
10 MB
20 MB
30 MB
Before After
Linked 19.51 MB
11.37 MB -54%
Metadata 5.34 MB
Total 27.61 MB 14.45 MB -48%

facebook.com
0 MB
10 MB
20 MB
30 MB
40 MB
Before After
Unlinked 3.11 MB 2.99 MB -4%
Linked 22.43 MB
13.66 MB -52%
Metadata 6.51 MB
Total 32.04 MB 16.65 MB -48%

gmail.com
0 MB
20 MB
40 MB
60 MB
Before After
Linked 40.28 MB
25.51 MB -52%
Metadata 12.75 MB
Total 59.21 MB 35.40 MB -40%

gmail.com
• More than 12k code blocks
• More than 830k instructions
• 270k wide instructions (33%)

Wide Instructions
1 byte 2 bytes 2 bytes 2 bytes 2 bytes 2 bytes 2 bytes
op_wide16
0x00
op_add
0x001A
dst
0xFFF8
lhs
0x0001
rhs
0x0001
operandTypes
0xFEFE
metadataID
0x0100
(16-bit words)

Metadata Table
Header Payload
0x0 0x2 … 0x80 0x90 0xA0 …
op_add 
0x80
op_call
0xA0
… OpAdd::Metadata[0] OpAdd::Metadata[1] OpCall::Metadata[0] …

gmail.com
0 MB
20 MB
40 MB
60 MB
Old Format New Format +16-bit
Description Old Format New Format + 16-bit
Unlinked 6.17 MB 9.89 MB 6.40 MB
Linked 40.28 MB
25.51 MB 20.03 MB
Metadata 12.75 MB
Total 59.21 MB 35.40 MB 26.42 MB

gmail.com
0 MB
10 MB
20 MB
30 MB
40 MB
New Format +16-bit
Description New Format + 16-bit %
Unlinked 9.89 MB 6.40 MB -35%
Linked
25.51 MB 20.03 MB -21%
Metadata
Total 35.40 MB 26.42 MB -26%

gmail.com
0 MB
20 MB
40 MB
60 MB
Old Format New Format + 16-bit
Description Before 16-bit %
Linked 40.28 MB
20.03 MB -62%
Metadata 12.75 MB
Total 59.21 MB 26.42 MB -55%

Old Instruction Deﬁnition
{ "name": "op_add", "length": 5 }

Old Instruction Access
SLOW_PATH_DECL(slow_path_add)
{
JSValue lhs = OP_C(2).jsValue();
JSValue rhs = OP_C(3).jsValue();
...
}

{
JSValue lhs = exec->r(pc[2].u.operand).jsValue();
JSValue rhs = exec->r(pc[3].u.operand).jsValue();
…
}

union {
void* pointer;
Opcode opcode;
int operand;
unsigned unsignedValue;
WriteBarrierBase<Structure> structure;
StructureID structureID;
WriteBarrierBase<SymbolTable> symbolTable;
WriteBarrierBase<StructureChain> structureChain;
WriteBarrierBase<JSCell> jsCell;
WriteBarrier<Unknown>* variablePointer;
Special::Pointer specialPointer;
PropertySlot::GetValueFunc getterFunc;
LLIntCallLinkInfo* callLinkInfo;
UniquedStringImpl* uid;

New Instruction Deﬁnition
op :add,
args: {
dst: VirtualRegister,
lhs: VirtualRegister,
rhs: VirtualRegister,
operandTypes: OperandTypes,
},
metadata: {
arithProfile: ArithProfile,
}

Opcode Struct
struct OpAdd : public Instruction {
static constexpr OpcodeID opcodeID = op_add;
VirtualRegister m_dst;
VirtualRegister m_lhs;
VirtualRegister m_rhs;
OperandTypes m_operandTypes;
unsigned m_metadataID;
};

Metadata Struct
struct OpAdd::Metadata {
WTF_MAKE_NONCOPYABLE(Metadata);
public:
Metadata(const OpAdd& __op)
: m_arithProfile(__op.m_operandTypes)
{ }
ArithProfile m_arithProfile;
};

Autogenerate all the things!
• Instruction ﬁtting
• Instruction decoding (narrow vs wide)
• Pretty printing
• Constants for ofﬂineasm
• Opcode IDs
• ...

New Instruction Access
{
OpAdd bytecode = pc->as<OpAdd>();
JSValue lhs = GET_C(bytecode.m_lhs);
JSValue rhs = GET_C(bytecode.m_rhs);
...
}

New Instruction Access
{
OpAdd bytecode = pc->as<OpAdd>();
JSValue lhs = exec->r(bytecode.m_lhs.offset());
JSValue rhs = exec->r(bytecode.m_rhs.offset());
...
}

A compact bytecode format for JavaScriptCore

More Related Content

What's hot (15)

Similar to A compact bytecode format for JavaScriptCore (20)

Recently uploaded (20)

A compact bytecode format for JavaScriptCore