A collection of links to published articles, blog posts, talks, and other important pieces of history of the SpiderMonkey JavaScript engine.
The goal is try to collect together much of what has been written about SpiderMonkey across the internet. This includes research done atop SpiderMonkey, as well as techniques and advances within the engine.
Annotations
- 🏚 Obsolete: Code removed from today’s SpiderMonkey codebase.
- 🎓 Academic Source
- đź“„ Link to PDF
- đź“˝ Video
History
General history of the SpiderMonkey JavaScript engine:
- JavaScript: The First 20 Years, Allen Wirfs-Brock and Brendan Eich (2020) (Especially Part 1, Section 5: From Mocha to SpiderMonkey)
- Historic SpiderMonkey Releases A collection of SpiderMonkey releases curated by Wes Garland.
- Mapping the monkeysphere Chris Leary (2011)
VM
Information about the SpiderMonkey Engine
- Compiler Compiler, Yulia Startsev (2020) đź“˝ Playlist
- How do Generators… Generate, in SpiderMonkey?, Matthew Gaudet (2020)
- A Brief note on Environments and Scopes in SpiderMonkey, Matthew Gaudet (2020)
- Implementing Private Fields for JavaScript, Matthew Gaudet (2021)
Debugger
- Making SpiderMonkey’s Debugger Just-in-Time, Shu-yu Guo (2014)
Embedding
SpiderMonkey is designed to be embedded in other programs. This section covers this embedding, and people talking about it
- SpiderMonkey Embedding Examples
- Code-generating Away the Boilerplate in Our Migration Back to Spidermonkey, Jason Carey (2016)
Exploits
Garbage Collection
- Garbage collection - MDN
- GC Rooting Guide - MDN
- Compacting Garbage Collection in SpiderMonkey, Jon Coppeard (2015)
- Generational Garbage Collection in Firefox, Steve Fink (2014)
- Incremental GC in Firefox 16!, Bill McCloskey (2012)
Compiler Technology
SpiderMonkey has a lot of compiler technology, and has had many different JIT compilers embedded within it.
- Debugging in the Time of JITs, Shu-yu Guo (2014)
- A Beginners Guide to SpiderMonkey’s MacroAssembler, Matthew Gaudet (2019)
Tracemonkey 🏚
TraceMonkey was the first JIT compiler added to SpiderMonkey, and removed in Mozilla 11.
-
Trace-based just-in-time type specialization for dynamic languages, Brendan Eich, Andreas Gal, Mike Shaver, David Anderson, David Mandelin, Mohammad R. Haghighat, Blake Kaplan, Graydon Hoare, Boris Zbarsky, Jason Orendorff, Jesse Ruderman, Edwin W. Smith, Rick Reitmaier, Michael Bebenita, Mason Chang, Michael Franz, PDLI (2009) 🎓
-
An Overview of TraceMonkey, David Mandelin (2009)
JaegerMonkey 🏚
The first method compiler added to SpiderMonkey.
- Improving JavaScript performance with JägerMonkey, ? (2010)
- Starting JägerMonkey, Dave Mandelin (2010)
- Land Ho, Fast JavaScript, David Anderson (2010)
- JaegerMonkey development diary - shaping up THE JavaScript engine for Firefox 4.0, Soumya Deb (2010)
IonMonkey
The second method JIT compiler in SpiderMonkey. Warp, enabled by default in Firefox 83, has replaced the graph construction (IonBuilder) portion of Ion.
- IonMonkey in Firefox 18, David Anderson (2012)
- Just-in-Time Value specialization, Igor Costa, Péricles Alves, Henrique Nazaré Santos, Fernando Magno Quintão Pereira, CGO (2013) 🎓 📄
- Recover Instructions, Nicolas B. Pierron (2014)
- Optimizing Away, Nicolas B. Pierron (2014)
Exploitation Reports
- A journey into IonMonkey: root-causing CVE-2019-9810, Axel “0vercl0k” Souchet (2019)
- Exploiting CVE-2019-17026 - A Firefox JIT Bug, Max Van Amerongen (2020)
- CVE-2024-29943, Jack Ren (2024)
WarpBuilder
A new compiler frontend, creating MIR from bytecode, replacing the previous IonBuilder and Type Inference system.
- Warp: Improved JS performance in Firefox 83, Jan de Mooij (2020)
OdinMonkey (asm.js)
- asm.js in Firefox Nightly, Luke Wagner (2013)
- asm.js AOT compilation and startup performance, Luke Wagner (2014)
Rabaldr (wasm baseline compiler)
- Making WebAssembly even faster: Firefox’s new streaming and tiering compiler, Lin Clark (2018)
- firefox’s low-latency webassembly compiler, Andy Wingo (2020)
BaldrMonkey (WebAssembly)
- Making asm.js/WebAssembly compilation more parallel in Firefox, Benjamin Bouvier (2016) (story of the refactoring of Odin into Baldr + parallel compilation)
- Calls between JavaScript and WebAssembly are finally fast 🎉, Lin Clark (2018) (fast calls between JIT and WebAssembly in both ways)
Baseline
- The Baseline Compiler Has Landed, Kannan Vijayan (2013)
- The Baseline Interpreter: a faster JS interpreter in Firefox 70, Jan de Mooij (2019)
CacheIR
- CacheIR: A new approach to Inline Caching in Firefox, Jan de Mooij (2017)
Type Inference 🏚
- Fast and precise hybrid type inference for JavaScript, Brian Hackett, Shu-yu Guo (2012) 🎓 📄
Optimization Tracking 🎓 🏚
- Optimization Coaching for JavaScript, Vincent St-Amour, Shu-yu Guo, ECOOP (2015) đź“„