The document discusses how JavaScript engines work under the hood to execute code. It explains that engines first tokenize and parse code into an abstract syntax tree. Variables are then located in memory and their values retrieved, which can involve lookups in objects or arrays. Values are boxed and typed for operations, which engines try to optimize through just-in-time compilation by tracking types. Operations are performed and results are stored, with garbage collection maintaining memory. Future ECMAScript changes may impact these processes. The conclusion advocates type safety, dense arrays, and avoiding operations requiring repeated coercion.
3. Executing z = x + y Read operation from memory Get location of x and y Read values for x and y Unbox x and y. Choose meaning of “+”, perform “+” Save z to memory Do garbage.
4. 1. Read operation from memory… String “z = x + y” is passed into tokenizer. Webkit uses Flex (LEX) Accommodate semi colon insertion, etc. Tokenizer output fed to parser Webkit uses Bison, bottom up shift reduce parser Gecko has top down parser Statement now available as Abstract Syntax Tree (AST)
5. 2. Get locations of x and y X & Y could be number, string, object, null, undefined, array, etc. Offsets directly available for primitives Values also depend on context of execution Closures (activation contexts) Local Variables Object properties Scope modifiers – eval, with, etc.
6. 2. Get values of x – Array If x is a actually array - obj[x] Dense array have offsets Created using 0..N or push Gecko creates sparse array on N..0 Adding obj[“name”] fails optimization
7. 2. Get values of x – Object If X is an object property (obj.x) Looks up current object or up the prototype chain Inline Cache (IC) the value Objects have shape – {x:1} is different from {x:1,y:2} Webkit stores memory offsets in hidden classes New shape created for every new property. IC can read from prototype without walking tree Closures only save path, still have to walk every time. OpCodes generated for each shape Obj.x ==> read shape1[member1]
8. 3. Read boxed input … JavaScript variable assignments are un-typed. Assignments stored as boxed inputs x could be (int32 | 100) – indicating type and value Javascript numbers are IEEE-754 floating point. Who cares, just use 32 bit to optimize. Overflow to doubles. Ways to Box values (ref) Tagging the LSBs (ref) Nan Boxing (ref) – 51 bit of NaN space for non-doubles (Webkit) Nun Boxing (favor doubles in NAN – Mozilla pun)