V8 VS Duktape

Source Code: Key V8 APIs are defined in v8.h, isolate.cc, and api.cc (see V8 GitHub, version 12.5).

V8 GitHub Repository

It's a bit hard to do comparisons without going into threat models and all that _fun_ stuff :shrug:

For example, JS runs in almost every browser on earth too, yet it took V8 devs 2 years to find out that `Math.expm1()` could return -0.0 (https://chromium.googlesource.com/v8/v8.git/+/56f7dda67fdc97...). This is a cherry-picked example, and JS is clearly more complex than WASM, but still.

Just because stuff runs on a lot of devices doesn't mean it's more or less secure.

Linux runs on quite a few devices too, yet we still find bugs, people still don't ship updates to said bugs, yadda yadda yadda.

My point is just that lots of devs often skip the threat modeling and just think "I'll slap it in a WASM thingie an it'll be fine". Well good luck.

Much of the standard library in v8 is written in Torque, a custom language.

https://v8.dev/docs/torque

Example file for array.find(…): https://github.com/v8/v8/blob/5fe0aa3bc79c0a9d3ad546b79211f0...

V8 Docs || V8 Github || Chrome University 2018: Life Of A Script If you like the post then follow me for more and subscribe on youtube Dev Studio

Thank god!

Presumably this new API will fix the fact that JS does in fact know about some time zones, but not most.

Shield your eyes from this monstrosity that will successfully parse some dates using `new Date()` in some select special time zones, but assume UTC in the other cases:

https://github.com/v8/v8/blob/781c20568240a1e59edcf0cb5d713a...

And that happened in 2021.

https://chromium.googlesource.com/v8/v8.git/+/HEAD/include/c...

Due to the nature of web engine workloads migrating objects to being GC'd isn't performance negative (as most people would expect). With care it can often end up performance positive.

There are a few tricks that Oilpan can apply. Concurrent tracing helps a lot (e.g. instead of incrementing/decrementing refs, you can trace on a different thread), in addition when destructing objects, the destructors typically become trivial meaning the object can just be dropped from memory. Both these free up main thread time. (The tradeoff with concurrent tracing is that you need atomic barriers when assigning pointers which needs care).

This is on top of the safey improvements you gain from being GC'd vs. smart pointers, etc.

One major tradeoff that UAF bugs become more difficult to fix, as you are just accessing objects which "should" be dead.

> If that standard library would be written in JS, a new browser (or rather a new JS engine being a part of the browser) could just use some existing implementation

That sounds great, but I'm doubtful of the simplicity behind this approach.

If my understanding is correct, v8 has transitioned to C++[0] and Torque[1] code to implement the standard library, as opposed to running hard-coded JavaScript on setting up a new context.

I suspect this decision was made as a performance optimization, as there would obviously be a non-zero cost to parsing arbitrary JavaScript. Therefore, I doubt a JavaScript-based standard library would be an acceptable solution here.

[0]: https://github.com/v8/v8/tree/main/src/runtime

Im my projects I search for single file libs.(like https://github.com/svaarala/duktape etc...)

Use lrand48(), or better, implement a high-quality RNG like PCG or splitmix64.

You can also refer to the Unicode routines of other small JS engines[1,2], those don’t use ICU either, although the implementations are mercilessly size-optimized (to put it politely) and restricted to what the target JS version requires (e.g. casemapping but no normalization).

[1] https://github.com/bellard/quickjs/blob/master/libunicode.c

[2] https://github.com/svaarala/duktape/blob/master/src-input/du...

I was expecting this to be about Duktape <https://github.com/svaarala/duktape>, but heh, for sure no. I'd bet $1 there's no way youtube-dl would switch, but I wonder if yt-dlp would?

Fast math optimizations can break code like this by breaking isNaN.

I was porting a C++ project to a certain platform - and that platform enabled a -ffast-math equivalent by default in Release (but not Debug) builds! This broke duktape, a JS engine said project embedded, in some nasty and subtle ways. Instead of storing a number/pointer/??? (8 bytes) + type tag (4? bytes) for each dynamically typed JS value, duktape can bit-pack values into a single 8 byte "double" value by storing object/string handles as NaN values - this isn't an uncommon trick for dynamically typed scripting stuff:

https://github.com/svaarala/duktape/blob/c3722054ea4a4e50f48...

Naturally, the -ffast-math equivalent broke isNaN checks, which caused random object/string handles to be mistakenly reinterpreted as "numbers" - but only in Release builds, for this one particular platform, in one rarely taken branch, so neither QA nor CI caught it, leading to hours of manufacturing a repro case, stepping through an absurd amount of code, and then finally looking at the default build rules and facepalming.

Cursing the platform vendor under my breath, I overrode the defaults to align with the defaults of every other config x platform combination we already had: no fast math. If you want those optimizations, use SSE-friendly NaN-avoiding intrinsics - or, if you must use the compiler flags, ensure you do so consistently across build configs and platforms, perhaps limited to a few TUs or modules if possible. This allows you to have a chance at using your Debug builds to debug the resulting "optimizations".

Sure. For example, DukTape is an implementation of Javascript designed to be embedded in other projects. Google's V8 Javascript engine (used in Chrome), can also be embedded, see Node.Js for example.

- Duktape (4.8k stars)