WebKit作為一個(gè)瀏覽器引擎，其中Javascript實(shí)現(xiàn)包括JavaScriptCore和V8，為了能更全面的了解WebKit，我們需要深入的了解Javascript實(shí)現(xiàn)的基本原理、其在WebKit中的作用以及與其他部分之間的交互，同時(shí)與Gecko中的Javacript實(shí)現(xiàn)作初步的對(duì)比。讓我們開始了解WebKit之Javascript實(shí)現(xiàn)JavaScriptCore、V8之旅吧。

一、Javascript實(shí)現(xiàn)的作用
正與淺談Gecko關(guān)鍵部分之六認(rèn)識(shí)javascript實(shí)現(xiàn)及應(yīng)用部分對(duì)什么是javascript的描述那樣，在WebKit中其Javascript實(shí)現(xiàn)，同樣相當(dāng)于一個(gè)符合ECMAScript標(biāo)準(zhǔn)的動(dòng)態(tài)庫(kù)，其往往依附于瀏覽器引擎，由瀏覽器引擎來(lái)提供運(yùn)行環(huán)境，并控制或發(fā)起javascript實(shí)現(xiàn)進(jìn)行編譯、解析執(zhí)行腳本、垃圾回收等，同樣需提供對(duì)瀏覽器引擎擴(kuò)展的支持如Dom Binding等；

由于Web2.0的提出，動(dòng)態(tài)網(wǎng)頁(yè)的交互如運(yùn)行ajax更加的頻繁，Javascript腳本運(yùn)行的總體效率以及安全往往成為瀏覽器內(nèi)核的關(guān)鍵，而其Javascript實(shí)現(xiàn)就擔(dān)負(fù)著如此重任。

二、JavaScriptCore實(shí)現(xiàn)特點(diǎn)
相對(duì)于其他的Javascript實(shí)現(xiàn)，JavaScriptCore提出了虛擬機(jī)的概念，在編譯腳本時(shí)生成高效的bytecode，bytecode統(tǒng)一在一個(gè)虛擬機(jī)的環(huán)境中執(zhí)行。而其高效的虛擬機(jī)實(shí)現(xiàn)常稱為SquirrelFish，通過(guò)Announcing SquirrelFish、Introducing SquirrelFish Extreme可更進(jìn)一步了解關(guān)于SquirrelFish的相關(guān)內(nèi)容。

三、V8實(shí)現(xiàn)特點(diǎn)
Fast Property Access
To reduce the time required to access JavaScript properties, V8 does not use dynamic lookup to access properties. Instead, V8 dynamically createshidden classes?behind the scenes. This basic idea is not new - the prototype-based programming language Self used maps to do something similar. (See for example, An Efficient Implementation of Self, a Dynamically-Typed Object-Oriented Language Based on Prototypes). In V8, an object changes its hidden class when a new property is added.

Dynamic Machine Code Generation
V8 compiles JavaScript source code directly into machine code when it is first executed. There are no intermediate byte codes, no interpreter. Property access is handled by inline cache code that may be patched with other machine instructions as V8 executes.

During initial execution of the code for accessing a property of a given object, V8 determines the object's current hidden class. V8 optimizes property access by predicting that this class will also be used for all future objects accessed in the same section of code and uses the information in the class to patch the inline cache code to use the hidden class. If V8 has predicted correctly the property's value is assigned (or fetched) in a single operation. If the prediction is incorrect, V8 patches the code to remove the optimisation.

Efficient Garbage Collection
V8 reclaims memory used by objects that are no longer required in a process known as garbage collection. To ensure fast object allocation, short garbage collection pauses, and no memory fragmentation V8 employs a stop-the-world, generational, accurate, garbage collector. This means that V8:

• stops program execution when performing a garbage collection cycle.
• processes only part of the object heap in most garbage collection cycles. This minimizes the impact of stopping the application.
• always knows exactly where all objects and pointers are in memory. This avoids falsely identifying objects as pointers which can result in memory leaks.

In V8, the object heap is segmented into two parts: new space where objects are created, and old space to which objects surviving a garbage collection cycle are promoted. If an object is moved in a garbage collection cycle, V8 updates all pointers to the object.

四、JavaScriptCore、V8如何與WebCore交互
在WebCore::Frame的數(shù)據(jù)結(jié)構(gòu)中包含數(shù)據(jù)成員KJSProxy* m_jscript;而在Chrome的代碼中調(diào)整為JSBridge* m_jscript;而針對(duì)不同實(shí)現(xiàn)JavaScriptCore、V8，分別有：
class KJSBridge : public JSBridge {
public:
KJSBridge(Frame* frame) : m_proxy(new KJSProxy(frame)) { }
virtual ~KJSBridge() { delete m_proxy; }
........................
private:
KJSProxy* m_proxy;
};

class V8Bridge : public JSBridge {
public:
explicit V8Bridge(Frame* frame);
virtual ~V8Bridge();
.......................
private:
V8Proxy* m_proxy;
};
V8Bridge::V8Bridge(Frame* frame) {
m_proxy = new V8Proxy(frame);
}
V8Bridge::~V8Bridge() {
delete m_proxy;
}

而不同的KJSProxy與V8Proxy分別對(duì)應(yīng)不同的Javascript實(shí)現(xiàn)，它們分別實(shí)現(xiàn)了與WebCore之間的共同接口，其主要數(shù)據(jù)結(jié)構(gòu)分別如下:
class KJSProxy {
Frame* m_frame;
KJS::ProtectedPtr< KJS::JSDOMWindow> m_globalObject;
int m_handlerLineno;
.........................................
};

class V8Proxy {
Frame* m_frame;
v8::Persistent<v8::context> m_context;
v8::Persistent<v8::object> m_global;
// Special handling of document wrapper;
v8::Persistent m_document;
int m_handlerLineno;
...........................
};
具體不同Javascript實(shí)現(xiàn)如何實(shí)現(xiàn)與WebCore的接口，需了解不同Javascript實(shí)現(xiàn)邏輯；

如對(duì)Javascript實(shí)現(xiàn)邏輯及基本原理感興趣，可具體參考其提供的api及sample等等；

至于Dom Binding的實(shí)現(xiàn)，JavaScriptCore與V8通過(guò)通過(guò)同樣的方式來(lái)實(shí)現(xiàn)，可參考 淺談WebKit之WebCore篇 ?中所描述的Javascript實(shí)現(xiàn)如何與WebCore集成等；

具體Dom Binding的實(shí)現(xiàn)可參考generate-bindings.pl生成的代碼，其中的內(nèi)容一定會(huì)讓你受益非淺，同時(shí)為將Javascript實(shí)現(xiàn)嵌入到其他應(yīng)用中去提供非常有益的參考。如對(duì)window的實(shí)現(xiàn)，特別是open方法的實(shí)現(xiàn)，很值得研究研究。。。

五、初步對(duì)比JavaScriptCore、V8、SpiderMonkey等
具體JavaScriptCore、V8、SpiderMonkey、TracMonkey執(zhí)行效率對(duì)比如何，不同的測(cè)試方法會(huì)有不同的測(cè)試結(jié)果，在這里不再闡述。

就個(gè)人了解而言，覺得JavaScriptCore關(guān)于對(duì)象的方法、屬性的安全訪問(wèn)控制方面略有欠缺；

SpiderMonkey作為最早一批實(shí)現(xiàn)Javascript的引擎，其代碼使用C語(yǔ)言來(lái)實(shí)現(xiàn)，稍現(xiàn)復(fù)雜，沒有象后來(lái)的實(shí)現(xiàn)如JavaScriptCore、V8等借鑒了最新的虛擬機(jī)技術(shù)如JVM等；

V8作為新近推出的Javascript實(shí)現(xiàn)，正與其特點(diǎn)所描述，擁有很多優(yōu)勢(shì)，同時(shí)基于C++實(shí)現(xiàn)，充分利用了C++ template，代碼相對(duì)簡(jiǎn)潔，便于學(xué)習(xí)使用；

關(guān)于TracMonkey請(qǐng)參考Firefox to get massive JavaScript performance boost

六、參考資源
Wiki Javascript
V8
Announcing SquirrelFish
Introducing SquirrelFish Extreme
SpiderMonkey Internals
Tamarin

總結(jié)

以上是生活随笔為你收集整理的浅谈WebKit之JavaScriptCore/V8的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。