[HN Gopher] Engineering code quality in Firefox ___________________________________________________________________ Engineering code quality in Firefox Author : caution Score : 95 points Date : 2020-04-21 20:07 UTC (2 hours ago) (HTM) web link (hacks.mozilla.org) (TXT) w3m dump (hacks.mozilla.org) | rstefanic wrote: | > Our next major challenge: We are dealing with 21 million lines | of code. | | I think I just fail to understand the true complexity of a | browser, but how is Firefox 21 million lines of code? How can a | browser be 21 million lines of code? That just seems so large for | what a browser does. | NikolaeVarius wrote: | What doesn't a browser do these days. | gen220 wrote: | Email! For now ;) http://catb.org/jargon/html/Z/Zawinskis- | Law.html | 2fifty3 wrote: | remember Opera and Seamonkey (and Lotus Notes) back when | the all-in-one email/browser/cal/notes application concept | was still kicking | vkou wrote: | Having worked on codebases that are more than 10 million LOC, | I'm surprised that Firefox's functionality fits into such a | small amount of code. | kryptiskt wrote: | A browser lays out text and graphics (for any script in any | locale), does GPU accelerated 3D rendering, handles network | communication, plays video, plays audio, provides | accessibility, parses a bunch of languages, compiles a couple | of languages to machine code run in a security sandbox (and has | a separate optimizing compiler), provides database storage, | implements a plugin system, provides support for 25 years of | legacy standards. And a bunch of more things. | spyridonas wrote: | Chrome is 25M, so they are close. Yeah i think its too much as | well. | thinkharderdev wrote: | It doesn't seem that crazy to me. Calling them web browsers is | kind of anachronistic at this point. Just the JS engine itself | seems like it would be massively complex. It's a VM with a JIT | compiler which I can only imagine is quite cumbersome to | implement securely | jdlshore wrote: | I think you're underestimating what browsers do. They have an | incredibly performant and highly-tuned VM, an extremely | flexible and powerful layout engine, a comprehensive set of | media players, and that's not even talking about networking, | security, and UI. | mrmonkeyman wrote: | This seems to scream "separate me!". Why is it acceptable to | put all this responsibility into one giant ugly ball? We | desperately need separate layout engines, parsers, renderers, | etc. Assemble-your-own-browser. | djanogo wrote: | I was thinking about Firefox development quality while trying to | figure out why the f does Firefox CPU usage fluctuate between 1 | and 5% with one background tab open and only one plugin installed | (containers). The same URL when opened in safari goes to 0.1% or | 0.0. I tried to look up dom timeout config settings and tried to | set aggressive timeouts, but in the end I gave up. | | There must be something fundamentally wrong if apps can't stfu | and be at 0% while in background with simplest use case. I am | going back to close app's when I am done using it. | mschuster91 wrote: | Chrome has the same issue. The thing is, Safari is _deeply_ | connected to OS X and its internals to save as much energy as | possible. Apple can do this and tie the code to the specific | hardware, kernel, and what else matters that Safari runs on as | they control everything. Chrome and Firefox cannot. | | I would not be surprised if someone tells me that parts of | Safari hook into private APIs in the kernel, the graphics | driver and the other parts of the graphic and input stack to | achieve the (measurable!) performance advantage over other | browsers. For me personally, this is uncompetitive behavior | that should be punished, but oh well, anti-trust legislation | isn't exactly something that got much use over the last decades | :( | spijdar wrote: | You think Apple should be punished for creating a vertically | integrated stack? | | Setting aside private APIs as I have no idea what Safari does | or doesn't use (although vast portions of it are open source, | enough that you can compile modern versions of WebKit and | "upgrade" the ancient WebKit on PowerPC Macs), another | browser could be just as closely integrated as Safari. | Obviously, the cost/benefit ratio is awful for Mozilla and | Google, so they won't, but why should Apple cripple their own | software? Safari's development costs, as part of MacOS, are | funded by profits from Mac sales. Safari is deeply integrated | with MacOS which is in turn deeply integrated with the Mac. | | In my opinion the whole point of the Mac is this vertical | integration, and the main value-add of Apple's sphere. If you | don't value that, there are cheaper options where cheaper and | more flexible software is available. | | To me, an anti-trust suit would make sense for Safari on iOS, | where Apple has locked all competitors out (in practice). | Saying Apple should be fined for Safari because it's more | integrated and efficient and that's not fair to Chrome and | Firefox seems a bit silly, especially given (desktop) | Safari's relatively small usage numbers. All IMO of course. | paulryanrogers wrote: | Doesn't Safari also lag in implementing new or battery-hungry | features? I suspect that could be a big factor too. | _startingover wrote: | The rendering engine is open source. You're welcome to audit | it here: https://webkit.org/getting-the-code/ | m463 wrote: | _the f does Firefox_ ... _same URL when opened in safari_ | | It would be interesting to compare the safari budget/manpower. | Even given that, I would imagine safari only has to support | one-ish OS, and probably has help from the OS group. | gsnedders wrote: | The WebKit team is smaller than the corresponding team at | Mozilla, even if you look at the subset of of identical roles | across both organizations (and e.g. ignore those working on | the Firefox network stack). | | That said, it's worthwhile remembering that WebKit does very | much maintain all the abstractions to be cross-platform (and | Apple do still maintain a Windows port), even if it does try | and leverage plenty of OS libraries in a way neither Firefox | nor Chrome do. | the8472 wrote: | Besides the devtools profiler, which may not capture everything | there's a whole-application profiler for firefox, that might | provide some insight: https://profiler.firefox.com/ But try the | devtools one first, it's easier to use. | Bnshsysjab wrote: | I've gotten in the habit of killing Firefox before going to | bed, the processes seem to run away and peg the CPU | periodically throughout the night. It seems to be generally | Facebook, but other JS heavy sites have similar issues. | webmobdev wrote: | I am glad they are looking into this: | | Sorry for the following rant, but I really don't think of Firefox | browser when I think of code quality. (Still don't even though it | has improved a lot in some areas). | | When it comes to browsers, I still feel the old Opera browser | (presto), that had more features, was blazing fast and small in | size (in memory) is a very good example of a finely engineered | software. In the early versions they really cared about | optimizing for performance, using less memory and less power (on | mobile devices) - I am amazed that years after, modern browsers | are bloatier now than ever and just don't seem to care as much | about these aspect as much as Opera did. | | Questions like how modular is Firefox, how easy is it to | customize Firefox (add or remove feature from the code), how easy | is it for someone to use the Gecko rendering engine in their own | project etc. all kind of indicate the bloatier, messier nature of | the code within Firefox (in my opinion). | | It's like browser developers now a days only care about adding | more features (read bloat) without considering any constraints | ... | gsnedders wrote: | Presto wouldn't be so memory efficient on today's web; web | applications typically ran into plenty of places where memory | consumption was worse in Presto versus WebKit, for example. (A | simple example here is that each DOM Node was larger in Presto | than any other browser, if I'm not forgetting.) | | But ultimately a lot of this comes down to different | considerations: when the majority of your revenue comes from | companies who care about running on limited devices, of | _course_ the company invested more in running well on them. And | I wouldn't hold up Presto as a great example of modularity or | the ability to embed the rendering engine in other projects. | unethical_ban wrote: | I appreciate the acknowledgement of needing to tolerate | previously acceptable conditions while scanning and remediating | those same conditions point forward. | | I wish IT auditors understood this concept better. | alephnan wrote: | We had an "open-ended" project in an undergraduate Computer | Security course to discover a 0-day in Firefox. The professor (a | researcher, not lecturer, by trade) didn't really have a | curriculum, and said this artifact accounted for 70-80% of our | grade. | | Trying to compile Firefox was already a challenge. That, and each | compile took an hour. IIRC, Firefox is built on some esoteric | architecture / design pattern that's definitely beyond the scope | of design patterns undergraduate students are familiar with. | | By the end of the term, no one discovered a 0-day, unsurprising | considering half the class didn't even try. There were 90 | students in the class, and I ended up being the only person to | produce a JS payload that would crash Firefox in one of the newer | HTML5 libraries. It's neither a zero-day or exciting or | profitable vulnerability though. | | Realizing everyone in the class would fail, the professor changed | the grade of this project to only account for 30% of the grade. I | spent most of my time on this project while disregarding the rest | of the busy work for the class. In the end, I got a C grade while | my peers who didn't even attempt to tackle this project received | higher grades. | vikramkr wrote: | That makes no sense as a class design - are there so many zero | days in firefox that are so easy to find that you can expect | undergrads to casually find enough that you can base 70% of the | class grade on it? | vkou wrote: | I'm sorry that your professor treated their instruction as an | open-ended research project. ___________________________________________________________________ (page generated 2020-04-21 23:00 UTC)