IOS 4.3 Nitro JS engine disabled for full screen apps and uiwebview (opens in new tab)

(mobilexweb.com)

88 pointsmarcusramberg15y ago43 comments

43 comments

27 comments · 8 top-level

buymorechuck15y ago· 8 in thread

I suspect the reason is due to security concerns about running JIT executable code in 3rd-party apps. I have a harder time understanding full-screen web apps, however. Those should be running within some kind of full-screen Mobile Safari mode.

happybuy15y ago

Yes I believe when the SquirrelFish (now Nitro) JS engine was initially announced that it relied on allowing certain items in memory to become executable (most likely due to the JS interpretation and then execution) - and that due to the security model in iOS and the ARM processors this was not allowed.

In general I believe its good to not allow random bits of memory to become executable as it can easily introduce a large number of security and memory overflow vulnerabilities.

Perhaps as part of iOS 4.3, Apple has allowed Safari to circumvent this restriction but not any other application. Which would make sense because they control and are responsible for Safari, but to allow any application to circumvent this restriction could open iOS up to large security issues.

blinkingled15y ago

>Perhaps as part of iOS 4.3, Apple has allowed Safari to circumvent this restriction but not any other application.

Given Safari is the biggest attack surface and regularly falls prey to exploits they should also disable the JIT for Safari. (Most iOS exploits like the Pwn2Own ones, and jailbreakme.com ones are due to bugs in Safari.)

1 more reply

russell_h15y ago

I think this is the answer.

A JIT works by compiling some chunk of code into a section of executable memory, then jumping to that location. As I understand it, iOS hasn't previously allowed execution of code from "data memory" (various people were curious about this very thing when it was announced they were shipping a JIT). Presumably, the Safari process has some special flag that allows it to write to executable memory, but most other processes do not. My guess is that someone forgot to add this flag to whatever application handles "full screen" pages, although maybe there is a legitimate reason for this.

Edit:

An example of the curiosity I mentioned: http://twitter.com/mraleph/status/43030240175468544

justincormack15y ago

Probably time for Apple to start using the process sandboxing from Chromium in Safari. If you are running a jit you need to make data executable so it isnt going away. As Apple control the OS they should be able to design a good Javascript sandbox.

1 more reply

smcj15y ago

When did apple start caring about security?

dunham15y ago

It's possible that only MobileSafari.app is signed with the entitlements needed to do JIT (write to executable memory segments?). The full-screen web apps open as separate applications and might not look like MobileSafari to the OS.

comex15y ago

Exactly-- only MobileSafari has the "dynamic-codesigning" entitlement, but full-screen web apps open in WebSheet.app. This is almost certainly an oversight. On the other hand, I doubt App Store apps will get that entitlement anytime soon.

statictype15y ago

Can't be security. From what I understood Web apps work in the browser but when bookmarked as home-screen icons, they don't use the new js engine (even though it's still running in Safari)

Benign explanation: some bug in safari

Tin foil hat explanation: Apple doesn't want web apps to be as good as native apps. This explanation kind of falls apart when you ask why they would bother boosting the js engine at all.

zitterbewegung15y ago· 5 in thread

I wonder what is the reasoning behind disabling the faster JS engine for full screen apps and uiwebview?

kgutteridge15y ago

The cynics view would be because as the web app approach becomes less distinguishable from native apps speed, those web applications end up running as well on equivalent speed hardware such as Android and other platforms as they would on iOS, ceding some of iOS advantage in the richness and diversity of its applications.

However it should be noted most of the popular applications in the iOS app store are in fact games

The real reason is likely to be more to do with security around the js runtime, especially when UIWebView is placed in "wrapped" applications

masklinn15y ago

Or just a bug due to the setup process of UIWebView or "offline" webapps not enabling Nitro where Safari's usage of webkit does.

ig0rskee15y ago

Does anybody have insights into general performance implications of using UIWebViews vs Mobile Safari?

buymorechuck15y ago

There are several, but in particular, JavaScript seems to run 2X slower in UIWebViews vs Safari. on iOS 4.3

tgriesser15y ago

From what I've been able to find, UIWebViews run as they traditionally have on 4.2, the JS just runs 2x faster exclusively in Mobile Safari, so no performance hit, just no gain either.

geuis15y ago· 3 in thread

Some numbers for folks to examine based on 3x test of each state:

Non-fullscreen: 4094.5ms (test average) Fullscreen: 10528.2ms (test average)

geuis15y ago

A follow-up. I'm running sunspider on both my iPhone 4 w/ 4.3 and iPad v1 with 4.3 to get better numbers on this. I'm actually seeing my iPhone is 2x faster than the iPad in completing this test. This seems odd...

geuis15y ago

Yes, what was odd was that the 4.3 update started but hadn't finished when I was running those tests. Merde. I'm updating my numbers.

geuis15y ago

I've done more thorough testing and posted the results here: http://news.ycombinator.com/item?id=2318412

I've re-done the tests for the iPad. Mobile Safari javascript is more than 2x as fast when run in the browser versus fullscreen mode.

naz15y ago· 2 in thread

I think Hanlon's razor applies here. A lot of people will be slating Apple for sabotaging non-native apps, but it's really just a bug.

benologist15y ago

Yes, it's bug #108978: Can't figure out where to extract 30% of revenue from.

alextgordon15y ago

How does making app store apps slower increase apple's revenue?

2 more replies

matclayton15y ago· 1 in thread

Does apple actively want native apps to out perform html5? Of course, but enough that would hinder the natural install points, seems a little crazy even for apple...... is this the same on the iPad and iPhone/iPod?

Klonoar15y ago

You can't actively want what will always be. I love Webkit/et all, but people need to get this through their heads that native will always trump JS when it comes to iOS development.

geuis15y ago

To add another note to this, its a bug that Apple seems to know about. I can't link to it because its marked CONFIDENTIAL across the top of the dev forums, but in short its known about and being investigated.

some1else15y ago

I would paraphrase this to "Nitro JS not enabled for fullscreen apps and UIWebView".

Their exact motives will be revealed when they announce whether they plan to fix it or not.

Sure looks like a convenient bug though. In a sense, Microsoft probably didn't intentionally loose to other browsers with IE6, it was just very convenient for them to keep the entire web application ecosystem gimped for a few releases of Office...

g-roc15y ago

it's a known issue to apple, several bug reports have been filed, so let's wait and see (hope). it's pretty discouraging nevertheless. if you want to confirm with the V8 benchmark, you can use my homescreen-enabled version (version 5) here: http://pavingways.com/test/v8-5/ - numbers are around 230 in safari to only 90 as a homescreen app :(

j / k navigate · click thread line to collapse

43 comments

27 comments · 8 top-level

buymorechuck15y ago· 8 in thread

happybuy15y ago

In general I believe its good to not allow random bits of memory to become executable as it can easily introduce a large number of security and memory overflow vulnerabilities.

blinkingled15y ago

>Perhaps as part of iOS 4.3, Apple has allowed Safari to circumvent this restriction but not any other application.

1 more reply

russell_h15y ago

I think this is the answer.

Edit:

An example of the curiosity I mentioned: http://twitter.com/mraleph/status/43030240175468544

justincormack15y ago

1 more reply

smcj15y ago

When did apple start caring about security?

dunham15y ago

comex15y ago

statictype15y ago

Can't be security. From what I understood Web apps work in the browser but when bookmarked as home-screen icons, they don't use the new js engine (even though it's still running in Safari)

Benign explanation: some bug in safari

Tin foil hat explanation: Apple doesn't want web apps to be as good as native apps. This explanation kind of falls apart when you ask why they would bother boosting the js engine at all.

zitterbewegung15y ago· 5 in thread

I wonder what is the reasoning behind disabling the faster JS engine for full screen apps and uiwebview?

kgutteridge15y ago

However it should be noted most of the popular applications in the iOS app store are in fact games

The real reason is likely to be more to do with security around the js runtime, especially when UIWebView is placed in "wrapped" applications

masklinn15y ago

Or just a bug due to the setup process of UIWebView or "offline" webapps not enabling Nitro where Safari's usage of webkit does.

ig0rskee15y ago

Does anybody have insights into general performance implications of using UIWebViews vs Mobile Safari?

buymorechuck15y ago

There are several, but in particular, JavaScript seems to run 2X slower in UIWebViews vs Safari. on iOS 4.3

tgriesser15y ago

From what I've been able to find, UIWebViews run as they traditionally have on 4.2, the JS just runs 2x faster exclusively in Mobile Safari, so no performance hit, just no gain either.

geuis15y ago· 3 in thread

Some numbers for folks to examine based on 3x test of each state:

Non-fullscreen: 4094.5ms (test average) Fullscreen: 10528.2ms (test average)

geuis15y ago

Yes, what was odd was that the 4.3 update started but hadn't finished when I was running those tests. Merde. I'm updating my numbers.

geuis15y ago

I've done more thorough testing and posted the results here: http://news.ycombinator.com/item?id=2318412

I've re-done the tests for the iPad. Mobile Safari javascript is more than 2x as fast when run in the browser versus fullscreen mode.

naz15y ago· 2 in thread

I think Hanlon's razor applies here. A lot of people will be slating Apple for sabotaging non-native apps, but it's really just a bug.

benologist15y ago

Yes, it's bug #108978: Can't figure out where to extract 30% of revenue from.

alextgordon15y ago

How does making app store apps slower increase apple's revenue?

2 more replies

matclayton15y ago· 1 in thread

Klonoar15y ago

You can't actively want what will always be. I love Webkit/et all, but people need to get this through their heads that native will always trump JS when it comes to iOS development.

geuis15y ago

some1else15y ago

I would paraphrase this to "Nitro JS not enabled for fullscreen apps and UIWebView".

Their exact motives will be revealed when they announce whether they plan to fix it or not.

g-roc15y ago

j / k navigate · click thread line to collapse