why is it adding 0x2?

29 views
Skip to first unread message

Ilya Kantor

unread,
May 26, 2014, 2:40:39 PM5/26/14
to v8-u...@googlegroups.com
Hello,

I'm exploring v8 disasm or this code:
```
function walkLength(x) { 
  for(var i=0; i<arr.length; i++) arr[i]++;
}
```

That's what I analyze: 
out/ia32.release/d8 --print-opt-code --print_code_verbose --code-comments in.js  > res

In section B4 of walkLength I see:

```
                  ;;; <@48,#40> bounds-check
0x2e34f629   105  3bd1           cmp edx,ecx                 ;; debug: position 271
0x2e34f62b   107  0f833e000000   jnc 175  (0x2e34f66f)
                  ;;; <@50,#41> load-keyed
0x2e34f631   113  8b5c5007       mov ebx,[eax+edx*2+0x7]
                  ;;; <@52,#43> add-i
0x2e34f635   117  83c302         add ebx,0x2
0x2e34f638   120  0f8036000000   jo 180  (0x2e34f674)
                  ;;; <@54,#55> store-keyed
0x2e34f63e   126  895c5007       mov [eax+edx*2+0x7],ebx
                  ;;; <@56,#58> add-i
0x2e34f642   130  83c202         add edx,0x2                 ;; debug: position 260
```

The question is: why is it increment as "add ebx, 0x2" on line 117, why not "add ebx, 0x1" ?

Ben Noordhuis

unread,
May 26, 2014, 3:16:30 PM5/26/14
to v8-u...@googlegroups.com
V8 uses tagged pointers[1] internally. The least significant bit is
used to discern between pointers and integers. Adding two to a tagged
integer increments it by one while leaving the tag bit intact.

[1] http://en.wikipedia.org/wiki/Tagged_pointer

Ilya Kantor

unread,
May 26, 2014, 4:38:12 PM5/26/14
to v8-u...@googlegroups.com
Hi Ben, 

Thanks for the reply.

Will the code get further optimizations at run-time or --print-opt-code gives the maximum optimization?

---
Best Regards,
Ilya Kantor



--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/NQ5LX6Wj9NI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to v8-users+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ben Noordhuis

unread,
May 27, 2014, 8:34:14 AM5/27/14
to v8-u...@googlegroups.com
On Mon, May 26, 2014 at 10:37 PM, Ilya Kantor <ili...@gmail.com> wrote:
> Hi Ben,
>
> Thanks for the reply.
>
> Will the code get further optimizations at run-time or --print-opt-code
> gives the maximum optimization?

Once it's optimized, it's optimized. What can happen though is that a
function first gets optimized, then deoptimized because one of the
preconditions fails, then optimized again after some time when it's
hot and stable (again).
Reply all
Reply to author
Forward
0 new messages