Introduction to WebKit¶
WebKit is an open-source Web browser engine. It’s a framework in macOS and iOS, and used by many first party and third party applications including Safari, Mail, Notes, Books, News, and App Store.
What is WebKit?¶
The WebKit codebase is mostly written in C++ with bits of C and assembly, primarily in JavaScriptCore, and some Objective-C to integrate with Cocoa platforms.
It primarily consists of the following components, each inside its own directory in Source:
- bmalloc - WebKit’s malloc implementation as a bump pointer allocator. It provides an important security feature, called IsoHeap, which segregates each type of object into its own page to prevent type confusion attacks upon use-after-free.
- WTF - Stands for Web Template Framework. WebKit’s template library. The rest of the WebKit codebase is built using this template library in addition to, and often in place of, similar class templates in the C++ standard library. It contains common container classes such as Vector, HashMap (unordered), HashSet, and smart pointer types such as Ref, RefPtr, and WeakPtr used throughout the rest of WebKit.
- JavaScriptCore - WebKit’s JavaScript engine; often abbreviated as JSC.
JSC parses JavaScript and generates byte code, which is then executed by one of the following four tiers.
Many tiers are needed to balance between compilation time and execution time.
Also see Phil's blog post about Speculation in JavaScriptCore.
- Interpreter - This tier reads and executes instructions in byte code in C++.
- Baseline JIT - The first Just In Time compiler tier serves as the profiler as well as a significant speed up from the interpreter.
- DFG JIT - Data Flow Graph Just In Time compiler uses the data flow analysis to generate optimized machine code.
- FTL JIT - Faster than Light Just In Time compiler which uses B3 backend. It’s the fastest tier of JSC. JavaScriptCode also implements JavaScriptCore API for macOS and iOS applications.
- WebCore - The largest component of WebKit, this layer implements most of the Web APIs and their behaviors.
Most importantly, this component implements HTML, XML, and CSS parsers and implements HTML, SVG, and MathML elements as well as CSS.
It also implements CSS JIT, the only Just In Time compiler for CSS in existence.
It works with a few tree data structures:
- Document Object Model - This is the tree data structure we create from parsing HTML.
- Render Tree - This tree represents the visual representation of each element in DOM tree computed from CSS and also stores the geometric layout information of each element.
- WebCore/PAL and WebCore/platform - Whilst technically a part of WebCore, this is a platform abstraction layer for WebCore so that the rest of WebCore code can remain platform independent / agnostic across all the platforms WebKit can run on: macOS, iOS, Windows, Linux, etc... Historically, most of this code resided in WebCore/platform. There is an ongoing multi-year project to slowly migrate code to PAL as we remove the reverse dependencies to WebCore.
- WebKitLegacy (a.k.a. WebKit1) - This layer interfaces WebCore with the rest of operating systems in single process and implements WebView on macOS and UIWebView on iOS.
- WebKit (a.k.a. WebKit2) - This layer implements the multi-process architecture of WebKit, and implements WKWebView on macOS and iOS.
WebKit’s multi-process architecture consists of the following processes:
- UI process - This is the application process. e.g. Safari and Mail
- WebContent process - This process loads & runs code loaded from websites. Each tab in Safari typically has its own WebContent process. This is important to keep each tab responsive and protect websites from one another.
- Networking process - This process is responsible for handling network requests as well as storage management. All WebContent processes in a single session (default vs. private browsing) share a single networking session in the networking process.
- WebInspector / WebDriver - WebKit’s developer tool & automation tool for Web developers.