浅谈WebKit之JavaScriptCore/V8
WebKit作為一個瀏覽器引擎,其中Javascript實現包括JavaScriptCore和V8,為了能更全面的了解WebKit,我們需要深入的了解Javascript實現的基本原理、其在WebKit中的作用以及與其他部分之間的交互,同時與Gecko中的Javacript實現作初步的對比。讓我們開始了解WebKit之Javascript實現JavaScriptCore、V8之旅吧。
一、Javascript實現的作用
正與淺談Gecko關鍵部分之六認識javascript實現及應用部分對什么是javascript的描述那樣,在WebKit中其Javascript實現,同樣相當于一個符合ECMAScript標準的動態庫,其往往依附于瀏覽器引擎,由瀏覽器引擎來提供運行環境,并控制或發起javascript實現進行編譯、解析執行腳本、垃圾回收等,同樣需提供對瀏覽器引擎擴展的支持如Dom Binding等;
由于Web2.0的提出,動態網頁的交互如運行ajax更加的頻繁,Javascript腳本運行的總體效率以及安全往往成為瀏覽器內核的關鍵,而其Javascript實現就擔負著如此重任。
二、JavaScriptCore實現特點
相對于其他的Javascript實現,JavaScriptCore提出了虛擬機的概念,在編譯腳本時生成高效的bytecode,bytecode統一在一個虛擬機的環境中執行。而其高效的虛擬機實現常稱為SquirrelFish,通過Announcing SquirrelFish、Introducing SquirrelFish Extreme可更進一步了解關于SquirrelFish的相關內容。
三、V8實現特點
Fast Property Access
To reduce the time required to access JavaScript properties, V8 does not use dynamic lookup to access properties. Instead, V8 dynamically createshidden classes?behind the scenes. This basic idea is not new - the prototype-based programming language Self used maps to do something similar. (See for example, An Efficient Implementation of Self, a Dynamically-Typed Object-Oriented Language Based on Prototypes). In V8, an object changes its hidden class when a new property is added.
Dynamic Machine Code Generation
V8 compiles JavaScript source code directly into machine code when it is first executed. There are no intermediate byte codes, no interpreter. Property access is handled by inline cache code that may be patched with other machine instructions as V8 executes.
During initial execution of the code for accessing a property of a given object, V8 determines the object's current hidden class. V8 optimizes property access by predicting that this class will also be used for all future objects accessed in the same section of code and uses the information in the class to patch the inline cache code to use the hidden class. If V8 has predicted correctly the property's value is assigned (or fetched) in a single operation. If the prediction is incorrect, V8 patches the code to remove the optimisation.
Efficient Garbage Collection
V8 reclaims memory used by objects that are no longer required in a process known as garbage collection. To ensure fast object allocation, short garbage collection pauses, and no memory fragmentation V8 employs a stop-the-world, generational, accurate, garbage collector. This means that V8:
- stops program execution when performing a garbage collection cycle.
- processes only part of the object heap in most garbage collection cycles. This minimizes the impact of stopping the application.
- always knows exactly where all objects and pointers are in memory. This avoids falsely identifying objects as pointers which can result in memory leaks.
In V8, the object heap is segmented into two parts: new space where objects are created, and old space to which objects surviving a garbage collection cycle are promoted. If an object is moved in a garbage collection cycle, V8 updates all pointers to the object.
四、JavaScriptCore、V8如何與WebCore交互
在WebCore::Frame的數據結構中包含數據成員KJSProxy* m_jscript;而在Chrome的代碼中調整為JSBridge* m_jscript;而針對不同實現JavaScriptCore、V8,分別有:
class KJSBridge : public JSBridge {
public:
KJSBridge(Frame* frame) : m_proxy(new KJSProxy(frame)) { }
virtual ~KJSBridge() { delete m_proxy; }
........................
private:
KJSProxy* m_proxy;
};
class V8Bridge : public JSBridge {
public:
explicit V8Bridge(Frame* frame);
virtual ~V8Bridge();
.......................
private:
V8Proxy* m_proxy;
};
V8Bridge::V8Bridge(Frame* frame) {
m_proxy = new V8Proxy(frame);
}
V8Bridge::~V8Bridge() {
delete m_proxy;
}
而不同的KJSProxy與V8Proxy分別對應不同的Javascript實現,它們分別實現了與WebCore之間的共同接口,其主要數據結構分別如下:
class KJSProxy {
Frame* m_frame;
KJS::ProtectedPtr< KJS::JSDOMWindow> m_globalObject;
int m_handlerLineno;
.........................................
};
class V8Proxy {
Frame* m_frame;
v8::Persistent<v8::context> m_context;
v8::Persistent<v8::object> m_global;
// Special handling of document wrapper;
v8::Persistent m_document;
int m_handlerLineno;
...........................
};
具體不同Javascript實現如何實現與WebCore的接口,需了解不同Javascript實現邏輯;
如對Javascript實現邏輯及基本原理感興趣,可具體參考其提供的api及sample等等;
至于Dom Binding的實現,JavaScriptCore與V8通過通過同樣的方式來實現,可參考 淺談WebKit之WebCore篇 ?中所描述的Javascript實現如何與WebCore集成等;
具體Dom Binding的實現可參考generate-bindings.pl生成的代碼,其中的內容一定會讓你受益非淺,同時為將Javascript實現嵌入到其他應用中去提供非常有益的參考。如對window的實現,特別是open方法的實現,很值得研究研究。。。
五、初步對比JavaScriptCore、V8、SpiderMonkey等
具體JavaScriptCore、V8、SpiderMonkey、TracMonkey執行效率對比如何,不同的測試方法會有不同的測試結果,在這里不再闡述。
就個人了解而言,覺得JavaScriptCore關于對象的方法、屬性的安全訪問控制方面略有欠缺;
SpiderMonkey作為最早一批實現Javascript的引擎,其代碼使用C語言來實現,稍現復雜,沒有象后來的實現如JavaScriptCore、V8等借鑒了最新的虛擬機技術如JVM等;
V8作為新近推出的Javascript實現,正與其特點所描述,擁有很多優勢,同時基于C++實現,充分利用了C++ template,代碼相對簡潔,便于學習使用;
關于TracMonkey請參考Firefox to get massive JavaScript performance boost
六、參考資源
Wiki Javascript
V8
Announcing SquirrelFish
Introducing SquirrelFish Extreme
SpiderMonkey Internals
Tamarin
總結
以上是生活随笔為你收集整理的浅谈WebKit之JavaScriptCore/V8的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 浅谈WebKit之WebCore
- 下一篇: JavaScript Binding