The past, present and future of JS engines

Node+JS Interactive 2019

Montreal, Canada

@a0viedo

1958-1960

1970-1980

interpreterPascal

p-code machine (Pascal)

1980-1990

Important new concepts

adaptive optimization

generation garbage collection

The first wave

const userList = getUsers();

for (const user of userList) {
	enrich(user)
}

compiler

1990-2000

A decade of many languages

Programming languages

Java

JavaScript

Python

Number of PCs

The second wave

const userList = getUsers();

for (const user of userList) {
	enrich(user)
}

baseline JIT

optimizing JIT

2000-2010

Into the browser wars

Internet users

5%

of the world's population

interpreterJavaScript

JavaScriptCore (2008)

optimizing JITinterpreterbytecode

SpiderMonkey (2008)

optimizing JITbaseline JITdeoptprofiling

V8 (2008)

2010-2020

The beginning of the mobile era

Internet users

28.7%

of the world's population

Optimization tradeoffs - memory

Optimization tradeoffs - latency

baseline JITbytecodeIonMonkeydeopttype inferenceinterpreter

SpiderMonkey (2016)

simple JITbytecodefull JITdeopttype inferenceinterpreter

ChakraCore (2016)

baseline JITinterpreterDFG JITbytecodedeopt

JavaScriptCore (2013)

baseline JITinterpreterDFG JITFTL JITbytecodedeoptprofiling +type inference

JavaScriptCore (2016)

baseline JITASTCrankshaftdeopttype inferenceparser

V8 (2016)

V8 (2016)

TurboFan bytecode + types deopt Ignition

V8 (2017)

V8 (2017)

precise

conservative

V8

spidermonkey

JSC

ChakraCore

Garbage collectors

Pwn2Own Tokyo 2019

Pwn2Own Tokyo 2019

20k USD bounty for integer overflow that could end up in a reverse shell on a TV

60k USD bounty for integer overflow on Amazon Echo

2020-?

vs

more purpose-specific JavaScript engines?

like JerryScript, Duktape, Hermes...

Internet users

58.8%

of the world's population

bit.ly/ppf-js-engines

@a0viedo

thank you!