[WebKit] JavaScriptCore Analysis--Basic article (i) JSC and WebCore

First look at the official basic introduction, just a few words are stuffed with keywords.

Squirrelfish, the official name is JavaScriptCore, including register-based (register-based virtual machines), direct-threaded, high-level bytecode engine (bytecode engines). It uses a one-time compiler (One-pass compiler) based on the built-in copy propagation (replication propagation algorithm) to delay generating bytecode (bytecodes) from the syntax tree (Syntax tree).

This shows the complexity of javascriptcore implementation. As a rookie who is studying hard, I am willing to give myself such a challenge, by recording and summarizing the learning content, divided into two large paragraphs from the internal perspective to analyze JavaScriptCore. The first is the basic article, which is to understand how JavaScriptCore works with WebKit and involves some basic concepts of some JavaScript engines. Then a high-level article tries to explain the core technologies in JavaScriptCore, such as Byte Code Compiler, JIT, VMS, and GC.

Content may appear obscure, if just want to simply understand the browser JS engine some basic content, recommend reading the following article. They can also be very helpful in understanding what's behind. Relative to this data, the series focuses on analyzing the implementation of JSC from the base and from the example. No way to achieve high level, can only pursue close to the realization.

JavaScriptCore, JS implementation of WebKit (i)

JavaScriptCore, WebKit JS implementation (end)

Why V8 engine so fast?

Of course, the knowledge of JavaScript is essential, it is recommended to read one (JavaScript core guide), if you have time to learn more about the links mentioned therein.

I. JavaScriptCore and WebCore

The relationship between the two can be simply used to denote:

JSC provides two important functions for WebCore:

1. JS script parsing Execution (Scriptcontroller)

This is achieved primarily by invoking the two C interfaces provided by JavaScriptCore, Checksyntax and evaluate.

2. js Bindings of DOM node

DOM nodes corresponding to the JS bindings can be traced back to Jsc::jsnonfinalobject, and then to Jsobject, to achieve and JSC bound together.

* About JS binding, you can first look at this article: Add a new DOM object for JavaScript binding three ways and implementation. As for the details of the JSC implementation, it will be expanded later.

Two. JavaScriptCore Basic work process

JSC The simplest execution of the process is as follows, and then after the JIT and so on the basis of optimization.

Three. Execution of JavaScript scripts

The following hierarchy describes the steps that the script performs. For details related to compilation and execution, it is explained later.

3.1 Interaction of interface layers

JSC, like several other major JS engine, is a library that provides a simple API for callers to use.

From the JSC interface, the parsing execution of a complete JavaScript script can be summarized in the following ways:

The process is simple, but obviously some keywords have to be understood, such as VMS, Global Object, Execstate. Their relationship can also be explained by a picture:

VM, Virtual machine, JavaScript is run with a runtime environment. SpiderMonkey is called the runtime.

Globalobject-A global object when the script executes. A global organization manages the execution environment and individual sub-objects.

Execstate is used to record script execution contexts or environments, and is also managed by Globalobject. Spidermoney and Apple-encapsulated javascriptcore.framework are called contexts. It can be understood as an object that executes a script, except that the objects it produces and uses is shared and can be accessed by Globalobject.

The JS interpreter is implemented in slightly different ways, JSC is a global Object that creates the context (Execstate), and SpiderMonkey is created by the execution context to create global variables. However, regardless of the implementation, the global variables and context are all one-to-many, although in principle it is allowed to occur in a couple of cases.

Finally, the JSC implementation of the JS script interface definition, it is very good to understand:

jsvalue Evaluate (execstate* exec,constsourcecode& source,Jsvalue Thisvalue,jsvalue* returnedexception);

*thisvalue is the This of JavaScript, which represents the performer, but not necessarily the creator.

* Using JSC's sample code, you can see the jsc.cpp in WebKit.

* If you feel that you are not speaking clearly, read here (JavaScript Core guide).

3.2 JSC API to execute scripts

Is the activity diagram of the JSC API function evaluate:

The point is that it builds a Programexecutable object with the script content to execute, and then calls interpreter to execute the Programexecutable object that represents the script.

Programexecutable and interpreter are JSC core classes, Programexecutable is responsible for compiling code bytecode, which belongs to the interpreter function group , While interpreter is responsible for parsing execution bytecode, it belongs to the VM functional group .

the two dump functions provided by *interpreter are also useful for parsing code, dumpcallframe and dumpregisters.

Further down the content, is a compilation and execution of the process, follow-up further.

Four. Response of DOM bindings

The implementation on the parse here:

Analysis of JS binding of WebKit

And another can deepen understanding:

Three ways to add new Dom objects for JavaScript binding and implementation

Reprint Please specify source: Http://blog.csdn.net/horkychen

[WebKit] JavaScriptCore Analysis--Basic article (i) JSC and WebCore