1. 86
  1.  

  2. 18

    God is dead.

    $ ./qjs
    QuickJS - Type "\h" for help
    qjs > os.platform
    "aix"
    
    1. 11

      The existence of so many high-quality (ECMA|Java)Script engines is at least due in part to the comprehensive Test262 compliance test. This framework provides exhaustive testing to ensure an implementation’s compliance with the standard.

      I’m aware of conformance tests for POSIX-specified languages (sh, awk, etc), C, C++, C#, PostScript, and PDF.

      There was once an attempt to have a comprehensive conformance test for Smalltalk implementations but I was never able to find if it ever actually got to a usable state. I’m unaware of conformance tests for REXX, sadly.

      1. 1

        Do you have a link to conformance tests for C? I didn’t know such a thing exists.

        1. 2

          The Plum Hall suite is the one that I’m aware of. I’m sure there are others.

          Apparently this is highly regarded as well.

      2. 18
        1. Bellard is as impressive as always.

        2. Someone found a use-after-free.

        1. 8

          A bit of context on the ‘someone’ for those interested: qwertyoruiop is the individual who created (half of) the Yalu jailbreak for iOS 10, and has contributed to many other big jailbreaking releases for both iOS and other platforms (e.g., PS4).

          1. 2

            I don’t understand that use after free. Isn´t that a legit use of js? That is: isn’t the interpreter doing what it is supposed to do? Or not?

            1. 1

              use after free is using the content of a pointer after the memory of it was released, allowing writing at any part of the process running the javascript interpreter. It means, that it allow going outside of the javascript sandbox and as such allow for a webpage taking full control of your computer. As any important security bug, it is a way for any virus or malware to install itself on a computer.So definitely it is not a legit use of js.

              1. 1

                i was asking if the use after free bug is JS or in the interpreter.

                1. 2

                  The bug is in the interpreter here. The JS in the link is a proof-of-concept exploit for the bug.

          2. 1

            This is a quick reminder that script VMs are hard to develop, especially for complexe PLT such as JavaScript. Never ever run arbitrary code in those kind of interpreter, even if you believed you hardened it by removing privileged functions or I/Os. FWIW, don’t even try to run to run arbitrary code in widely used engine such as spidermonkey or V8 if they are not sandboxed. RCE still get found every now and then.

          3. 10

            Rolling one’s own Unicode! This library sounds like it could be useful on its own:

            A specific Unicode library was developped so that there is no dependency on an external large Unicode library such as ICU. All the Unicode tables are compressed while keeping a reasonnable access speed.

            The library supports case conversion, Unicode normalization, Unicode script queries, Unicode general category queries and all Unicode binary properties.

            The full Unicode library weights about 45 KiB (x86 code).

            1. 7

              I note that it uses reference counting with cycle collector, just like CPython. I always thought it is a good design that should be more popular.

              1. 2

                Spidermonkey does or did this.

                1. 1

                  Yeah, I like knowing I won’t run out of file descriptors if something abnormal happens (like an exception) too many times.

                  1. 1

                    (I misread your comment, sorry)

                2. 4

                  Almost complete ES2019 support

                  Amazing. Duktape is still very very partial on post-ES5 features, so this should be a good replacement.

                  1. 3

                    This gets me pretty excited. Previously there was no alternative to NodeJS when you wanted to do server-side javascript, to alleviate “blank page syndrome” for NoJS clients.

                    1. 3

                      Previously there was no alternative to NodeJS when you wanted to do server-side

                      What is wrong with Rhino? Or Spidermonkey, which Gnome uses for gnome shell?

                      1. 3

                        I believe Rhino is no longer actively developed and does not support all of ES 6.

                    2. 2

                      I wonder how fast it is compared to V8. I don’t know of any published numbers for how fast V8 runs the ECMAScript Test Suite, which was the main metric provided in this post.

                      1. 3

                        I assume V8 is much faster since it JITs.

                        1. 4

                          JITs help most with repetitive / tightly looped code. I don’t think that’s the common case for JS. Certainly it’s an important case for some types of applications, e.g. I’m sure Google Sheets couldn’t handle large spreadsheets without a JIT. But I’m willing to bet the majority of websites see no measurable benefit from V8’s JIT. So I’m much more interested in comparing speed evaluating the ECMAScript Test Suite than, say, rendering the Mandelbrot set.

                          1. 2

                            These days V8 has an interpreter to aid fast startup and to avoid doing unnecessary work for code that’s only run once or twice. Given the effort the various JS engines have made over the past 15 years or so in improving performance of real world JS I generally trust they’re doing what they can.

                            1. 2

                              Right, I’m not saying I think QuickJS might beat V8. I’m just wondering how close it comes. 10% of V8 would not impress me, but 80% (for JIT-unfriendly workloads) would be a significant achievement.

                              1. 2

                                Folks reported it is closer to 3%

                                1. 2

                                  Wait, as in 3ms in v8 takes 100ms in QuickJS (eg. 97% slower)? Or, what takes 97ms in V8 takes 100ms (eg, 3% slower)?

                                  My guess, given Peter’s framing is the former…

                                  1. 4

                                    300µs startup and teardown time is pretty quick though. On my MacBook Pro nodejs takes 40ms wall time to launch and stop.

                                    node <<< ‘’ 0.04s user 0.01s system 91% cpu 0.058 total

                                    So for quick scripts where the wall time would be dominated by those 40ms, QuickJS would win. That immediately makes me think of cloud serverless scripts (Google Cloud Functions, AWS Lambda, Azure Functions).

                                    I’m also curious about @st3fan’s 3% figure, what people? And where? But it seems plausible to me.

                                    1. 2

                                      It’s not a fair comparison though. Node is a framework, it’s not a JS engine. Try comparing with d8, which is the v8 shell.

                                      For instance:

                                      TIMEFORMAT='%3R'; time (./qjs -e '')
                                      0.007
                                      TIMEFORMAT='%3R'; time (v8-7.6.303 -e '')
                                      0.031
                                      TIMEFORMAT='%3R'; time (node <<< '')
                                      0.069
                                      

                                      Still a big difference between v8 and quickjs obviously, but now we’re not looking at how long node takes to load the many javascript files that it reads by default (for instance to enable require). :)

                      2. 1

                        It’s remarkable that the source code isn’t hosted on any of the popular source code platforms (github, etc.).

                        1. 13

                          I would say that’s normal, considering other popular software like Linux, bash, and cpython until a few years ago.

                          What is abnormal is that there’s no source repo at all, just tarballs. Which makes it less meaningful to host a mirror on github.

                          As far as I remember, some people were working on TCC, another Ballard project, and had problems with the use of CVS for collaboration. This was many years ago though.

                          1. 8

                            Welcome back in the distributed web. :)

                          2. 1

                            Personally, whenever I visit Bellard’s site, I feel both: inspired and overwhelmed, because I work constantly to be better than I previously was, and certainly I have progressed a lot, but I can’t confirm if one day I will be as prolific as Bellard is. His work is remarkable, to say the least, and I’m glad people as him do this kind of neat things that help me keep going.

                            1. 1

                              Bellard is such a prolific developer. Does anyone know if this supports stuff like the Webworkers API for multithreading?

                              1. 2

                                It does not.