in the javascripts ffconf 2014 andy wingo
TRANSCRIPT
![Page 1: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/1.jpg)
javascriptsin the javascripts
ffconf 2014
andy wingo
![Page 2: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/2.jpg)
![Page 3: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/3.jpg)
thees6circusiscomingtotown
es-discuss clownshoes
C++ knife-jugglers
JavaScript acrobats
![Page 4: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/4.jpg)
buildinges.nextines.now
Hark, an agenda:
Why?❧
How: JavaScriptCore❧
How: SpiderMonkey❧
How: V8❧
![Page 5: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/5.jpg)
whyimplementjs injs?
![Page 6: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/6.jpg)
js isfasterthanc++
![Page 7: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/7.jpg)
js isfasterthanc++
JS can optimize in ways that C++ can’t
dynamic inlining❧
inline allocation (and possiblyscalar replacement)
❧
inline hard-wiring of user objectshapes (slot offsets, getters)
❧
![Page 8: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/8.jpg)
js isfasterthanc++
No JS/C++ transition cost
Especially important for callbacks (e.g.forEach)
![Page 9: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/9.jpg)
js isfasterthanc++
JavaScriptCore’s Oliver Hunt, January2014:
“The initial proof of concept isArray.prototype.every, this shows a65% performance improvement, andthat improvement is significantly hurtby our poor optimisation of op_in.”
![Page 10: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/10.jpg)
jsmatchesjssemanticsbetter
Proxies, accessors, order of effects,has-property versus get-property,user-implemented iteration protocol,exceptions, catch
Terse:for (var x of y) z(x);
![Page 11: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/11.jpg)
jsmoresecurethanc++
GC-related bugs approximatelyimpossible
SM, V8; JSC immune❧
No C++ knife-throwing work-relatedaccidents
integer overflow, use-after-free, etc❧
Cross-iframe leakage concernslessened
![Page 12: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/12.jpg)
choosyhackerschoosejs
Goal: As much in JS as possible
For speed, for security, formaintainability
How?
![Page 13: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/13.jpg)
simplestmodel:javascriptcore
“Methods can be implemented in JS”
![Page 14: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/14.jpg)
example Source/JavaScriptCore/builtins/Array.prototype.jsfunction foo() { return 'ahoy ffconf';}
Source/JavaScriptCore/runtime/ArrayPrototype.cppfoo arrayProtoFuncFoo DontEnum|Function 0
![Page 15: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/15.jpg)
weirdjs: jscedition
Function source compiled separately
Access to globals forbidden in general
Initial values of globals accessible via @prefix, e.g. @Object
Add @call and @apply
http://svn.webkit.org/repository/webkit/trunk@163195
![Page 16: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/16.jpg)
morecomplicated:spidermonkey
“Self-hosted JS” files concatenated andevaluated – more normal model
C++ binds functions by name toprototype properties
![Page 17: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/17.jpg)
feature:es.next‘pipelines’
Old SpiderMonkey:(x*2 for (x in [0,1,2].keys()))
Erstwhile ES6:(for (x of [0,1,2].keys()) x*2)
Maybe ES7:[0,1,2].keys().map(x=>x*2)
Ideally on IteratorPrototype, butlet’s hack it
![Page 18: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/18.jpg)
example js/src/builtin/Iterator.jsfunction* IteratorMap(f) { for (var x of this) yield f(x);}
![Page 19: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/19.jpg)
example No function* at boot-time :(
But, ES6 object literalsfunction IteratorMap(f) { var iter = this[std_iterator](); return { next(val) { var result = iter.next(val) return result.done ? result : { value: callFunction(f, iter, result.value), done: false }; }, [std_iterator]: IteratorIdentity, }}
![Page 20: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/20.jpg)
example Link to C++ files; grep for surroundingidentifiers, make similar modifications(e.g. in jsiter.cpp)js> for (var x of [1,2,3].keys().map(x=>x*2)) print(x)024
![Page 21: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/21.jpg)
nerfthewebforward
![Page 22: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/22.jpg)
nerfthewebforward
Your search - "nerf the web forward" -did not match any documents.
![Page 23: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/23.jpg)
nerfthewebforward
(like, nerf is like a more resilientpolystyrene foam)
![Page 24: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/24.jpg)
nerfthewebforward
(the more joke explanation slides, themore amusing the joke, right?)
![Page 25: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/25.jpg)
nerfthewebforward
(right?)
![Page 26: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/26.jpg)
caveats @@iterator called before or after firstnext()?
Prototype chain of the result of map()?
Should final result.value bemapped?
%IteratorPrototype%
No spec; spec wonkiness
throw()?
next() applied to different object?
![Page 27: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/27.jpg)
v8 Story time!
![Page 28: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/28.jpg)
languagesarelikeoperatingsystems
Visit a page : Install an app
Visit about:blank : Boot OS
Weird self-hosted JS part of OS, notapp
![Page 29: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/29.jpg)
genesis In the beginning, there was the emptyfunction
and the Object function
and its prototype property
![Page 30: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/30.jpg)
genesis And Goog looked upon it and saw thatit was good
![Page 31: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/31.jpg)
genesis Then the strict mode function “maps”(hidden classes)
Then the first global object
Then Array, Number, Boolean, String,Symbol, Date, RegExp, JSON,ArrayBuffer, the TypedArrays, Map,Set, iterator result shapes, WeakMap,WeakSet, arguments object shapes, ...
![Page 32: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/32.jpg)
genesis And Goog looked upon them and sawthat they were good
![Page 33: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/33.jpg)
genesis And Goog looked upon them and sawthat they were good
But FFS it’s a lot of C++, innit?
![Page 34: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/34.jpg)
how 2js
Problem: Need to define helpers in JS,but they shouldn’t be in the user’sscope
Solution: Second global object for self-hosted JS to play in; natives mutate toproduce a more beautiful global
![Page 35: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/35.jpg)
builtins,globals
Global: A global object, correspondingto a user-facing script-level scope
builtins: The global object currentwhen self-hosted JS is being defined
In builtins, user-facing global boundto global
Somewhat confusingly, in V8, “self-hosted JS facilities” are called “natives”
![Page 36: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/36.jpg)
on theseventhday
So, “natives”. That’s JavaScript y’all!
![Page 37: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/37.jpg)
example src/generator.jsfunction* GeneratorObjectMap(f) { for (var x of this) yield f(x);}
![Page 38: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/38.jpg)
weirdjs, v8edition
Verbs
% prefix for low-level C++ runtimefunctions (--allow-natives-syntax)
❧
%_ prefix for magical “inline”runtime functions (%_CallFunction,%_IsSmi)
❧
macros (TO_UINT32, IS_NUMBER)❧
![Page 39: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/39.jpg)
weirdjs, v8edition
Nouns too
global❧
InternalArray (to allow builtins touse .push() without worryingabout user pollution)
❧
Suggested reading order
runtime.js❧
v8natives.js❧
array.js❧
![Page 40: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/40.jpg)
snapshots Lots of work amirite?
Optimization: Serialize heap of new-born world
Load fresh heap from disk to “boot”
Necessary in context of Chrome’smulti-process model
![Page 41: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/41.jpg)
note:thedom issomethingelse
“Blink-in-JS”
Kentaro Haro: DOM binding overheadis 5-15% in real web
DOM objects live in a 1-to-Nrelationship to V8 globals
Search for “Hardening security ofcontent scripts”
![Page 42: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/42.jpg)
butseriously
Strict spec reading
Strict spec translation (optimize later ifever)
Tests (especially proxies, getters, orderof operations)
Patch submission
Feature flags (in v8)
![Page 43: in the javascripts ffconf 2014 andy wingo](https://reader030.vdocuments.mx/reader030/viewer/2022012502/617bd0ff8d8899572271c90a/html5/thumbnails/43.jpg)
tx nerf the web forward!
http://wingolog.org/
.
big kid circus, by ray forster: https://www.flickr.com/photos/94418464@N08/8686092191