[HN Gopher] Engineering code quality in Firefox
___________________________________________________________________
Engineering code quality in Firefox
Author : caution
Score : 95 points
Date : 2020-04-21 20:07 UTC (2 hours ago)
(HTM) web link (hacks.mozilla.org)
(TXT) w3m dump (hacks.mozilla.org)
| rstefanic wrote:
| > Our next major challenge: We are dealing with 21 million lines
| of code.
|
| I think I just fail to understand the true complexity of a
| browser, but how is Firefox 21 million lines of code? How can a
| browser be 21 million lines of code? That just seems so large for
| what a browser does.
| NikolaeVarius wrote:
| What doesn't a browser do these days.
| gen220 wrote:
| Email! For now ;) http://catb.org/jargon/html/Z/Zawinskis-
| Law.html
| 2fifty3 wrote:
| remember Opera and Seamonkey (and Lotus Notes) back when
| the all-in-one email/browser/cal/notes application concept
| was still kicking
| vkou wrote:
| Having worked on codebases that are more than 10 million LOC,
| I'm surprised that Firefox's functionality fits into such a
| small amount of code.
| kryptiskt wrote:
| A browser lays out text and graphics (for any script in any
| locale), does GPU accelerated 3D rendering, handles network
| communication, plays video, plays audio, provides
| accessibility, parses a bunch of languages, compiles a couple
| of languages to machine code run in a security sandbox (and has
| a separate optimizing compiler), provides database storage,
| implements a plugin system, provides support for 25 years of
| legacy standards. And a bunch of more things.
| spyridonas wrote:
| Chrome is 25M, so they are close. Yeah i think its too much as
| well.
| thinkharderdev wrote:
| It doesn't seem that crazy to me. Calling them web browsers is
| kind of anachronistic at this point. Just the JS engine itself
| seems like it would be massively complex. It's a VM with a JIT
| compiler which I can only imagine is quite cumbersome to
| implement securely
| jdlshore wrote:
| I think you're underestimating what browsers do. They have an
| incredibly performant and highly-tuned VM, an extremely
| flexible and powerful layout engine, a comprehensive set of
| media players, and that's not even talking about networking,
| security, and UI.
| mrmonkeyman wrote:
| This seems to scream "separate me!". Why is it acceptable to
| put all this responsibility into one giant ugly ball? We
| desperately need separate layout engines, parsers, renderers,
| etc. Assemble-your-own-browser.
| djanogo wrote:
| I was thinking about Firefox development quality while trying to
| figure out why the f does Firefox CPU usage fluctuate between 1
| and 5% with one background tab open and only one plugin installed
| (containers). The same URL when opened in safari goes to 0.1% or
| 0.0. I tried to look up dom timeout config settings and tried to
| set aggressive timeouts, but in the end I gave up.
|
| There must be something fundamentally wrong if apps can't stfu
| and be at 0% while in background with simplest use case. I am
| going back to close app's when I am done using it.
| mschuster91 wrote:
| Chrome has the same issue. The thing is, Safari is _deeply_
| connected to OS X and its internals to save as much energy as
| possible. Apple can do this and tie the code to the specific
| hardware, kernel, and what else matters that Safari runs on as
| they control everything. Chrome and Firefox cannot.
|
| I would not be surprised if someone tells me that parts of
| Safari hook into private APIs in the kernel, the graphics
| driver and the other parts of the graphic and input stack to
| achieve the (measurable!) performance advantage over other
| browsers. For me personally, this is uncompetitive behavior
| that should be punished, but oh well, anti-trust legislation
| isn't exactly something that got much use over the last decades
| :(
| spijdar wrote:
| You think Apple should be punished for creating a vertically
| integrated stack?
|
| Setting aside private APIs as I have no idea what Safari does
| or doesn't use (although vast portions of it are open source,
| enough that you can compile modern versions of WebKit and
| "upgrade" the ancient WebKit on PowerPC Macs), another
| browser could be just as closely integrated as Safari.
| Obviously, the cost/benefit ratio is awful for Mozilla and
| Google, so they won't, but why should Apple cripple their own
| software? Safari's development costs, as part of MacOS, are
| funded by profits from Mac sales. Safari is deeply integrated
| with MacOS which is in turn deeply integrated with the Mac.
|
| In my opinion the whole point of the Mac is this vertical
| integration, and the main value-add of Apple's sphere. If you
| don't value that, there are cheaper options where cheaper and
| more flexible software is available.
|
| To me, an anti-trust suit would make sense for Safari on iOS,
| where Apple has locked all competitors out (in practice).
| Saying Apple should be fined for Safari because it's more
| integrated and efficient and that's not fair to Chrome and
| Firefox seems a bit silly, especially given (desktop)
| Safari's relatively small usage numbers. All IMO of course.
| paulryanrogers wrote:
| Doesn't Safari also lag in implementing new or battery-hungry
| features? I suspect that could be a big factor too.
| _startingover wrote:
| The rendering engine is open source. You're welcome to audit
| it here: https://webkit.org/getting-the-code/
| m463 wrote:
| _the f does Firefox_ ... _same URL when opened in safari_
|
| It would be interesting to compare the safari budget/manpower.
| Even given that, I would imagine safari only has to support
| one-ish OS, and probably has help from the OS group.
| gsnedders wrote:
| The WebKit team is smaller than the corresponding team at
| Mozilla, even if you look at the subset of of identical roles
| across both organizations (and e.g. ignore those working on
| the Firefox network stack).
|
| That said, it's worthwhile remembering that WebKit does very
| much maintain all the abstractions to be cross-platform (and
| Apple do still maintain a Windows port), even if it does try
| and leverage plenty of OS libraries in a way neither Firefox
| nor Chrome do.
| the8472 wrote:
| Besides the devtools profiler, which may not capture everything
| there's a whole-application profiler for firefox, that might
| provide some insight: https://profiler.firefox.com/ But try the
| devtools one first, it's easier to use.
| Bnshsysjab wrote:
| I've gotten in the habit of killing Firefox before going to
| bed, the processes seem to run away and peg the CPU
| periodically throughout the night. It seems to be generally
| Facebook, but other JS heavy sites have similar issues.
| webmobdev wrote:
| I am glad they are looking into this:
|
| Sorry for the following rant, but I really don't think of Firefox
| browser when I think of code quality. (Still don't even though it
| has improved a lot in some areas).
|
| When it comes to browsers, I still feel the old Opera browser
| (presto), that had more features, was blazing fast and small in
| size (in memory) is a very good example of a finely engineered
| software. In the early versions they really cared about
| optimizing for performance, using less memory and less power (on
| mobile devices) - I am amazed that years after, modern browsers
| are bloatier now than ever and just don't seem to care as much
| about these aspect as much as Opera did.
|
| Questions like how modular is Firefox, how easy is it to
| customize Firefox (add or remove feature from the code), how easy
| is it for someone to use the Gecko rendering engine in their own
| project etc. all kind of indicate the bloatier, messier nature of
| the code within Firefox (in my opinion).
|
| It's like browser developers now a days only care about adding
| more features (read bloat) without considering any constraints
| ...
| gsnedders wrote:
| Presto wouldn't be so memory efficient on today's web; web
| applications typically ran into plenty of places where memory
| consumption was worse in Presto versus WebKit, for example. (A
| simple example here is that each DOM Node was larger in Presto
| than any other browser, if I'm not forgetting.)
|
| But ultimately a lot of this comes down to different
| considerations: when the majority of your revenue comes from
| companies who care about running on limited devices, of
| _course_ the company invested more in running well on them. And
| I wouldn't hold up Presto as a great example of modularity or
| the ability to embed the rendering engine in other projects.
| unethical_ban wrote:
| I appreciate the acknowledgement of needing to tolerate
| previously acceptable conditions while scanning and remediating
| those same conditions point forward.
|
| I wish IT auditors understood this concept better.
| alephnan wrote:
| We had an "open-ended" project in an undergraduate Computer
| Security course to discover a 0-day in Firefox. The professor (a
| researcher, not lecturer, by trade) didn't really have a
| curriculum, and said this artifact accounted for 70-80% of our
| grade.
|
| Trying to compile Firefox was already a challenge. That, and each
| compile took an hour. IIRC, Firefox is built on some esoteric
| architecture / design pattern that's definitely beyond the scope
| of design patterns undergraduate students are familiar with.
|
| By the end of the term, no one discovered a 0-day, unsurprising
| considering half the class didn't even try. There were 90
| students in the class, and I ended up being the only person to
| produce a JS payload that would crash Firefox in one of the newer
| HTML5 libraries. It's neither a zero-day or exciting or
| profitable vulnerability though.
|
| Realizing everyone in the class would fail, the professor changed
| the grade of this project to only account for 30% of the grade. I
| spent most of my time on this project while disregarding the rest
| of the busy work for the class. In the end, I got a C grade while
| my peers who didn't even attempt to tackle this project received
| higher grades.
| vikramkr wrote:
| That makes no sense as a class design - are there so many zero
| days in firefox that are so easy to find that you can expect
| undergrads to casually find enough that you can base 70% of the
| class grade on it?
| vkou wrote:
| I'm sorry that your professor treated their instruction as an
| open-ended research project.
___________________________________________________________________
(page generated 2020-04-21 23:00 UTC)