Google's Chrome Browser is About To Get a Lot Faster

Google has shipped a new JavaScript compiler for its V8 JavaScript engine in Chrome called Sparkplug that promises a much faster web experience -- and it does it by 'cheating', according to the engineers on the project. From a report: Sparkplug is part of Chrome 91, which Google released on Tuesday with security updates but also some key changes under the hood that improve its powerful JavaScript engine, V8. Microsoft relies on V8 these days too after ditching its Chakra JavaScript engine from legacy Edge and moving to Chromium for the new Edge browser and switching to V8. Google says Chrome 91 has 23% faster performance thanks to Sparkplug's integration into V8's JavaScript pipeline.

JavaScript - the scourge of the internet

[Anonymous Coward]

If only I could disable it and still have a functional web experience. It's the single biggest security threat that exists in 2021.

Re:

[Anonymous Coward]

Please point to the programming language that could provide the kind of web experience you'd like, and has had no security holes ever.

Re:

[Anonymous Crowded]

I, personally, question the experience altogether. I don't need sliding windows and gliding menus. Just like no frames, not turning on flash, there should be a usable no-javascript. The fact that every company on the planet thinks that as long as the document is done loading, everything is fine is just dumb.

Just like google down-ranked pages that weren't optimized for mobile to force everyone's hand . . . I don't see why having a page that gets you the same functionality without the frills shouldn't be

Re:

[grasshoppa]

While I agree that animated menus and windows are not needed, I disagree with the position that that's all javascript does. I'd point out that, in fact, animation is an extremely small piece of it's overall functionality.

There are so many things JS does on even a simple page that to remove it would be akin to removing html, and in general this is to the end user's benefit.

Re: JavaScript - the scourge of the internet

[VeryFluffyBunny]

All the things JavaScript does? Ah, you must mean all the surveillance it does. Yes, vitally important & we certainty need it to be more efficient. /End sarcasm

Re:

[grasshoppa]

It can certainly be used for that, and I have no doubts that it is.

It's also used for dynamic view generation that, were it absent, would necessitate a redesign of our backend servers to be radically less efficient. It's also used for UIX quality of life improvements.

javascript is ever bit as critical to today's web as html.

Re:

[VeryFluffyBunny]

It can certainly be used for that, and I have no doubts that it is.

It's also used for dynamic view generation that, were it absent, would necessitate a redesign of our backend servers to be radically less efficient. It's also used for UIX quality of life improvements.

javascript is ever bit as critical to today's web as html.

UX? How about Twitter being sluggish to unresponsive on a mid-range smartphone. Just one example. In many cases, JS makes the UX worse.

Re:JavaScript - the scourge of the internet

[Synonymous Cowered]

Let just look at Google Maps. How would you provide that sort of experience, outside of going back to 1990 and running the Microsoft Streets exe from your CD-ROM? I think a very nice map tool, where you can slide, zoom, toggle layers, do a search that drops pins on the map, click on those pins and get information about the business, switch to street view so you can get a real idea of what you expect to see as you drive up....those are all insanely valuable features, and I like being able to do it via a website with nothing to install. Dedicated native mobile apps partially fill that role, but I find the desktop web based maps a much nicer experience (plus, for all I know, the mobile apps may well be just a wrapper around the web app anyway). So how would you propose to do an experience like that?

Re:

[Pieroxy]

It is sad how companies are trying to twist anything into something it was not intended for.

That's called progress. Get used to it, nobody was successful in trying to stop it.

On a more serious note, native apps can do that better only if they can access more things in the host system, and then they become a security threat of a bigger magnitude. If the app lives in a sandbox where it cannot access everything, how if the web any more insecure?

Also, a huge advantage of a web app is that you can deploy it in a few seconds, to all your clients. The incurring cost is much lower as your API doesn't need

Re:

[Gavagai80]

If things like google maps weren't on the web, Linux/BSD users would be out of luck. Windows would be required for daily tasks.

Re:

[OrangeTide]

No scripting at all is probably faster than any performance enhancement to the JavaScript interpreter. Executing nothing is faster than executing something. I can beat Usain Bolt if the race is unequal, he runs 100m and I run 0m. Of course nobody will be impressed, my 0m dash is not very flashy or entertaining to watch.

I feel that a limited not Turing complete language that satisfies halting would be a good step in the right direction for a domain specific language used for document mark up. Although most o

Re:

[Viol8]

Oh really? Pray tell how many remote hacks there are that arn't browser based these days and that also don't require javascript.

Re:

[MrL0G1C]

And the quickest way to get the most infections is to get to the OS via the browser.

Otherwise explain to me how some hacker is going to hack my PC at 'OS level' without having physical access to the PC.

Re:

[Gavagai80]

The way most computers get infected is convincing idiots to install their software (trojans). It doesn't matter if they offer the malware via email client or web browser or newsgroup reader or by leaving USB drives on the sidewalk.

I've been using web browsers for 23 years and have never been infected even once, so reports of their vulnerability seem overblown.

Re:

[MrL0G1C]

But if you're knowledgable enough not to install a trojan then the browser is still the most likely infection vector. Savvy internet users know that ad blocking is good idea because ads have in the past been bought by hackers who then inject malicious javascript to exploit unpatched browsers.

Re:

[MikeDataLink]

If only I could disable it and still have a functional web experience. It's the single biggest security threat that exists in 2021.

Seriously? Cite your sources. You can't. Your statement is made up.

Re:

[IWantMoreSpamPlease]

I"m not a programmer, so I"m unsure if this is accurate, but it certainly looks to be a good source
https://www.securecoding.com/b... [securecoding.com]

Re:

[narcc]

As it turns out, not very accurate at all. Everyone here is looking for vulnerabilities caused by client-side JavaScript in web browsers, something not addressed by your link, save a generic XSS thing.

Re:

[IWantMoreSpamPlease]

Fair enough, like I said, I"m not a programmer and was not certain I was looking at the right thing.

Re:

[theCoder]

While it is unlikely that JavaScript will be able to install malware on your computer, there are some things that JavaScript can do that are likely undesirable. Things such as cryptocurrency mining and privacy violations through various trackers. Not to mention just being annoying like stealing hotkeys. As an example, Jira steals alt+1, alt+2, etc to do things in Jira instead of switching to the first, second, third, etc tab. Other sites capture "/" to put focus in the search bar when I want to search i

Re: JavaScript - the scourge of the internet

[DI4BL0S]

Thats why any developer company worth its salt uses CSP (Content Security Policy) to protect against any JavaScript or CSS not coming from predefined sources. There are plugins that disable them, but just like the os cant protect users that install malware themselves, developers cant protect users that install malicious browser plugins

Re:

[careysub]

"Turing complete" is an extremely low bar. Essentially any computing framework with memory and conditional expressions is Turing-complete. This is a useless standard for judging whether a tool or language presents a security risk.

Re:

[The Wily Coyote]

Umm don't you need some kind of jump (backwards) to be Turing complete. Or you need self modify code. Any code with only conditionals must eventually finish since conditionals always increment the program counter and the size of every program is finite.

Re:

[lexman098]

If only I could remove computers from my network and still have a functional workforce. It's the single biggest security threat that exists in 2021.

You want more functionality, you take on more risk/expense. It's an inherent issue for any technology space.

Re: JavaScript - the scourge of the internet

[Lowell Boggs]

Exactly

Let me guess

[oldgraybeard]

they are removing all the tracking, telemetry and ad spewing parts. Right!! wink wink

Re: Let me guess

[TuballoyThunder]

Wrong. They optimized the tracking code to improve efficiency.

Javascript is not the web.

[Bandwidth_]

Like always, to google and other mega-corps, the web is javascript and that's what they'll concentrate on. Browsers are now virtual machines designed for running opaque DRM applications instead of of actual HTML and files being served.

Re:

[MightyMartian]

It's been moving in that direction for over 20 years now.

Re:

[jfdavis668]

You're right. I'm going back to cgi-bin.

Re:

[thsths]

Still better than PNaCl, or asm.js.

Security?

[SuperKendall]

Just curious if this kind of "cheating" is the kind that leads to additional security vulnerabilities, I get nervous when I see statements like "thanks to Sparkplug's integration into V8's JavaScript pipeline.".

Re:

[K. S. Kyosuke]

*All* contemporary implementations of dynamic languages gain performance by "cheating". Every mainstream JS implementation is fast because of "cheating". Even Java is fast because of "cheating" -- Java got its cheating methods in HotSpot from StrongTalk (in fact, so did Google's V8). But you can always cheat if you don't get caught, so everything is fine as long if you can pretend to not have cheated when caught.

Re:

[scalptalc]

*All* contemporary implementations of dynamic languages gain performance by "cheating".

"Cheating" is faster because it has fewer letters than "Do no evil".

Re:

[RoccamOccam]

Only if you include [space] as a letter, which I do not! :-)

Re:

[The Wily Coyote]

I must admit I am not really sure how Java is "cheating", and nor am I sure how Google's new Javascript compiler is cheating. Can someone explain what is cheating about either of these -- all I read was sound sensible engineering to improve performance.

No security impact and no cheating either

[jensend]

No. As I said in another comment [slashdot.org], the emphasis on "cheating" is simply bad journalism, making too much of one careless phrase in the v8 dev blog [v8.dev]. The only "cheating" is that the non-optimizing compiler takes the interpreter's bytecode as its input rather than re-parsing etc from scratch. If using the interpreter's bytecode were a security problem, it would already be a security problem with the existing interpreter.

Re:

[careysub]

No. As I said in another comment [slashdot.org], the emphasis on "cheating" is simply bad journalism, making too much of one careless phrase in the v8 dev blog [v8.dev].

Quite so. It is dangerous to make a humorous remark, or an colorful but inexact analogy to a reporter. They are certain to glom on to that and highlight it as a key focus of their piece. I have seen New York Times journalists take a single remark out of context to misrepresent a major study. Since even reading the abstract is too hard for a reporter.

Re:Security?

[AmiMoJo]

Much better explanation on their blog: https://v8.dev/blog/sparkplug [v8.dev]

It's not really cheating. Basically they have an interpreter and they have an optimising compiler. They inserted a new compiler between the two.

The new one is non optimising, it's goal is to just build a binary as fast as possible to eliminate a lot of the interpreter overhead. That way they can start executing as fast as possible while the optimiser works away.

It's actually a very simple compiler, basically just turns the interpreter bytecode into a series of function calls.. Very similar to old BASIC compilers like the AMOS one.

Re:

[SuperKendall]

Hmm, it sounds OK on the face of it I guess... although with two forms of binaries being run (optimized and non-optimized) it seems like that possibly increases security risks since you have two paths modifying/creating executable code.

Re:

[jensend]

It's conceivable that there could be an exploitable bug in the new non-optimizing compiler. But that wouldn't be a security impact from the "cheating." If the non-optimizing compiler were "not cheating," i.e. doing its own independent lexical, syntactical, and semantic analysis &c of the Javascript source code, this could open possibilities for new security risks. Using the interpreter's bytecode avoids those possibilities.

As I said above, if using the interpreter's bytecode were a security problem, it

Re:

[serviscope_minor]

It's actually a very simple compiler, basically just turns the interpreter bytecode into a series of function calls.

Fun fact, it's called "threaded code" and has nothing to do with threads.

https://en.wikipedia.org/wiki/... [wikipedia.org]

Very similar to old BASIC compilers like the AMOS one.

I didn't know that.

BBC 4 lyfe

Re:

[AmiMoJo]

Thanks, that's interesting. Written a few systems like that without knowing the terminology.

I remember BBC BASIC was very fast for an interpreted language. Only really used it much on the Archimedes though.

No it won't

[Anonymous Coward]

Even if the javascript engine gets a lot faster, the browsing experience will remain the same as the number of javashit tracker, miners popups and malware expand to restore your usual browsing speed.

Re:

[93 Escort Wagon]

Even if the javascript engine gets a lot faster, the browsing experience will remain the same as the number of javashit tracker, miners popups and malware expand to restore your usual browsing speed.

Well, yeah - Google likes to sell these things as if they're a benefit for you, but it's really about cramming more and more telemetry and advertising into your web experience.

Re:

[ArchieBunker]

Webpages today don't render any faster than they did back in 1998 with a low end Pentium. The hardware is orders of magnitude faster.

Sigh on the engine analogies

[JoeyRox]

FTA: "The Sparkplug compiler sits between V8's Ignition bytecode interpreter and the TurboFan optimizing compiler."

Re:

[Viol8]

Yeah, its all a bit wannabe isn't it. You can just imagine the pasty faced devs sitting in a basement wishing they were working on something a bit more macho than a browser engine so co-opt the naming as a plan B.

Re:

[serviscope_minor]

FTA: "The Sparkplug compiler sits between V8's Ignition bytecode interpreter and the TurboFan optimizing compiler."

TurboFan? What is this, the batmobile?

Re:

[The Wily Coyote]

It's call TurboFan for a reason. When you run javascript code your fans spin up to turbo level.

Chrome leaks user's data like a sponge...

[Brane2]

Who cares about its speed.
They are using that to coax users to run their applications in their cloak anyway.
Nowadays your browser is a major entry point into one's computer and tool for surveillance that expands far above browsing habits.

again, tech journalism fail

[jensend]

and it does it by 'cheating', according to the engineers on the project

This is just about the dumbest possible takeaway from the linked dev blog.

They say the existing compiler "TurboFan" optimizes well at the cost of relatively high compilation time. The browser often won't decide that this compilation time is worth it, so too much JS gets executed much more slowly on the interpreter. So they're adding a second compiler, "SparkPlug," that takes bytecode from the interpreter and outputs machine code directly without analysis or optimization.

The 'cheating' in the dev blog only refers to using the interpreter's bytecode rather than parsing &c afresh.

This is hardly the first time that browser makers have added faster, more naive compilation stages that eat bytecode - for instance, Mozilla's JaegerMonkey back in 2010. Browser makers are always juggling the optimization benefits vs compilation time tradeoffs.

Re:

[burningcpu]

I'd imagine that tech journalists often know better, but use such words to draw in the non-techy, emotionally-driven, audience.

What's the tradeoff

[Rosco P. Coltrane]

What extra bit of privacy will we have to lose, or which extra incompatible Google-only bit of webery will this marvelous browser quietly make ubiquitous until it becomes unavoidable?

Google never does anything for its own safe. There has to be something unpleasant behind the shiny facade.

JavaScript is the oppression tool of the masses

[temp20210528]

without JS they wouldn't have reCaptcha. without JS cloudflare wouldn't be able to perform "are you robot", ie the robot which didn't pay them for pass through.

Re:

[James Norton]

I wouldn't mind going back to days of old when we found what we needed with text based "browsing" using gopher, NNTP, mutt and FTP etc.

Re:

[narcc]

I always thought that had gopher "won", it would have made mobile browsing much nicer in the days before smartphones -- and a bit better in the days afterward!

But let's not pretend that gopher would have remained just as was. It would have evolved just like the web evolved as users demanded more. It may have even evolved faster, as Gopher was so easy to implement.

I can imagine all sorts of horrible ways gopher could have grown that are far worse than what we have now. Its so much more formal and rigid t

Laptop fan

[gladish]

Does this mean the fan on my laptop will finally stop?

Nope

[ChangeOnInstall]

Any performance improvement in Chrome will only result in content and advertising companies throwing more garbage down the pipe.

Improving JavaScript performance simply improves the number of lines of code that can be executed while a website runs one core at 100% busy-looping/doing effectively nothing. Adware developers don't particularly care about your computer or the cumulative energy cost of operating their product.

Run an ad-blocker and help save the planet: https://www.google.com/search?... [google.com]

Re:

[systemd-anonymousd]

We should just go back to gopher with in-line thumbnails and allow blank ads to compute x million hashes for crypto, then give you a cut. Any website that then shows you ads on top of it forfeits their crypto profits.

But can we disable ...

[aergern]

The flag to disable this buggy and useless tab bar mouse/trackpad scroll doesn't work. HOLY crap it's annoying and they inflicted it on Linux users first. It sucks and is a total disruption to workflow. Google adding features that aren't baked and can't be turned off seems to be the norm today.

Browser Speed

[EnsilZah]

I keep seeing these stories about improvements in browser speed once in a while.
I've been using computers since around '95, I've seen my share of issues with browsers; crashes, eating up ungodly amounts of RAM, etc, but I never felt browser speed or its efficiency in running Javascript was an issue that affected me in any noticeable way.
What am I missing?

Re:

[caseih]

You probably don't use Google on-line applications then. Google Voice is slow as molasses and often just stops working entirely. Google Docs can also struggle sometimes. Why they thought a ton of javascript was a good idea when GV worked just fine before without it, I do not know. Google also needs JS to run faster so that their tracking and ad systems won't get noticed as much by the end user.

Re:

[systemd-anonymousd]

Google Voice is abandonware, a relic from a time when they needed to collect TB of voice samples to train their RNNs for realtime human speech recognition and synthesis.

Re:

[bn-7bc]

What subreddit are you reading and what are your computers specs, I prows reddit reguølary and never experience the slowed down, then again I'm also running Pihole so the slowdowns you report might be due to ad scripts being nuked at my end

That's why today Chorme failed several times...

[maitas]

Today Chrome asked for a reboot to upgrade. After that I had several pages fail to load and still having the problem.
Firefox works fine on those pages.

Will we get our printers back?

[Applehu Akbar]

The last few releases of Chrome have ‘protected’ us from able to print displayed pages. Will Google finally recognize this as a bug, not a feature, and fix it?

Why bother?

[systemd-anonymousd]

Pointless. Browsers today are 1,000 faster than browsers from 10 years ago, running on what would be literal supercomputers, but the Internet doesn't feel faster. Why bother increasing the speed of browsers when webdevs will just throw more javascript and bloat onto websites?

I find most of the web unwatchable ..

[takionya]

I find most of the web unwatchable without noscript. Except more and more sites are unusable with noscript enabled. Without noscript there are continuous, slide-ins, overlays and pop-ups offering to install a windows update. I assume noscript won't work with Sparkplug.

Cool! A V8 without CO2...

[martinfb]

Wow! In the ever-morphing automotive world from fossil fuel to EVs, we can still drive a "V8"!