End of an Era: Mozilla Quietly Removes asm.js from Firefox as WebAssembly Reigns SupremeIn a major technical cleanup that marks the closing chapter of early experimental web acceleration, Mozilla has officially deprecated and deactivated asm.js support within its browser ecosystem. Ryan Hunt, a core engineer on Mozilla’s SpiderMonkey JavaScript engine team, detailed that the feature was removed starting with the release of Firefox 148 in February.
Remarkably, the removal went almost entirely unnoticed by the general public. Because asm.js is strictly a specialized, strict subset of standard JavaScript, older websites utilizing the technology do not break; instead, they gracefully fall back and continue to execute as standard JS scripts.
The Evolution of Near-Native Web Performance
The history of running heavy, compiled code (like C or C++) inside a web browser at near-native execution speeds has been a long-standing battleground for browser vendors.
Google's NaCl Initiative (2008): Google introduced Native Client (NaCl) and later Portable Native Client (PNaCl). This approach attempted to execute actual sandboxed architecture-dependent binaries directly inside the browser. However, it suffered from severe cross-browser portability issues and complex security considerations.
Mozilla's Counter-Approach (asm.js): Instead of using raw binaries like Google’s NaCl, Mozilla developed asm.js. It functioned by compiling native languages down into a highly restricted, heavily optimized subset of plain text JavaScript. This allowed advanced browser engines to easily translate the highly structured code into native machine binary arrays, unlocking massive execution speeds while keeping the code completely valid under normal JS syntax rules.
The Victory of WebAssembly (Wasm) and Attack Surface Reduction
As browser development matured, the tech industry successfully collaborated to establish WebAssembly (Wasm) as the definitive, open standard for high-performance browser execution. WebAssembly’s standardized bytecode format eliminated the need for interim, makeshift solutions.
On the competitive front, Google completely deprecated PNaCl back in 2018. Following suit, Mozilla removal of asm.js from SpiderMonkey yields critical enterprise advantages: it significantly streamlines the engineering codebase, lightens ongoing maintenance overhead, and systematically eliminates an archaic block of legacy code, thereby drastically shrinking the browser’s potential security exploit attack surface.
Most technologies, when removed from a system, tend to immediately break older websites (Breaking Changes). However, because the creators of asm.js in the past were forward-thinking, designing it as simply a form of JavaScript code written in unusual syntax (e.g., using |0 to force the computer to treat it as an integer), the result was that when engineers removed the browser's special scanning system in version 148, that code simply processed through a regular JS executable. It might have run slightly slower, but the website didn't break (Elegant Degradation). This is a great lesson in system architecture design.
Although asm.js achieved speeds close to those of a normal machine (almost half the speed of native C++), its status as a "text-based JS" meant browsers spent a tremendous amount of time and energy reading and compiling the code before it could execute. In the next era, the world collaborated to create WebAssembly (Wasm), a tiny binary code structure from the outset. As a result, modern websites run demanding 3D games, AI models in browsers, and design tools like Figma much faster and more stably.
From a DevSecOps perspective, any code left unused on the system for too long becomes a prime target for hackers to exploit vulnerabilities and create memory corruption exploits. Mozilla's decision to remove asm.js allowed them to delete thousands of lines of backend source code from the SpiderMonkey engine, reducing the burden on their engineering team for bug maintenance and making the browser overall much more secure and lightweight.
Waymo Halts Robotaxi Runs in Atlanta and San Antonio After Flash Floods Paralyze Self-Driving Fleets.
Source: SpiderMonkey
End of an Era: Mozilla Quietly Removes asm.js from Firefox as WebAssembly Reigns SupremeIn a major technical cleanup that marks the closing chapter of early experimental web acceleration, Mozilla has officially deprecated and deactivated asm.js support within its browser ecosystem. Ryan Hunt, a core engineer on Mozilla’s SpiderMonkey JavaScript engine team, detailed that the feature was removed starting with the release of Firefox 148 in February.
Remarkably, the removal went almost entirely unnoticed by the general public. Because asm.js is strictly a specialized, strict subset of standard JavaScript, older websites utilizing the technology do not break; instead, they gracefully fall back and continue to execute as standard JS scripts.
The Evolution of Near-Native Web Performance
The history of running heavy, compiled code (like C or C++) inside a web browser at near-native execution speeds has been a long-standing battleground for browser vendors.
Google's NaCl Initiative (2008): Google introduced Native Client (NaCl) and later Portable Native Client (PNaCl). This approach attempted to execute actual sandboxed architecture-dependent binaries directly inside the browser. However, it suffered from severe cross-browser portability issues and complex security considerations.
Mozilla's Counter-Approach (asm.js): Instead of using raw binaries like Google’s NaCl, Mozilla developed asm.js. It functioned by compiling native languages down into a highly restricted, heavily optimized subset of plain text JavaScript. This allowed advanced browser engines to easily translate the highly structured code into native machine binary arrays, unlocking massive execution speeds while keeping the code completely valid under normal JS syntax rules.
The Victory of WebAssembly (Wasm) and Attack Surface Reduction
As browser development matured, the tech industry successfully collaborated to establish WebAssembly (Wasm) as the definitive, open standard for high-performance browser execution. WebAssembly’s standardized bytecode format eliminated the need for interim, makeshift solutions.
On the competitive front, Google completely deprecated PNaCl back in 2018. Following suit, Mozilla removal of asm.js from SpiderMonkey yields critical enterprise advantages: it significantly streamlines the engineering codebase, lightens ongoing maintenance overhead, and systematically eliminates an archaic block of legacy code, thereby drastically shrinking the browser’s potential security exploit attack surface.
Most technologies, when removed from a system, tend to immediately break older websites (Breaking Changes). However, because the creators of asm.js in the past were forward-thinking, designing it as simply a form of JavaScript code written in unusual syntax (e.g., using |0 to force the computer to treat it as an integer), the result was that when engineers removed the browser's special scanning system in version 148, that code simply processed through a regular JS executable. It might have run slightly slower, but the website didn't break (Elegant Degradation). This is a great lesson in system architecture design.
Although asm.js achieved speeds close to those of a normal machine (almost half the speed of native C++), its status as a "text-based JS" meant browsers spent a tremendous amount of time and energy reading and compiling the code before it could execute. In the next era, the world collaborated to create WebAssembly (Wasm), a tiny binary code structure from the outset. As a result, modern websites run demanding 3D games, AI models in browsers, and design tools like Figma much faster and more stably.
From a DevSecOps perspective, any code left unused on the system for too long becomes a prime target for hackers to exploit vulnerabilities and create memory corruption exploits. Mozilla's decision to remove asm.js allowed them to delete thousands of lines of backend source code from the SpiderMonkey engine, reducing the burden on their engineering team for bug maintenance and making the browser overall much more secure and lightweight.
Waymo Halts Robotaxi Runs in Atlanta and San Antonio After Flash Floods Paralyze Self-Driving Fleets.
Source: SpiderMonkey
Comments
Post a Comment