Emscripten and New Javascript Engine Bring Unreal Engine To Firefox

MojoKid writes "There's no doubt that gaming on the Web has improved dramatically in recent years, but Mozilla believes it has developed new technology that will deliver a big leap in what browser-based gaming can become. The company developed a highly-optimized version of Javascript that's designed to 'supercharge' a game's code to deliver near-native performance. And now that innovation has enabled Mozilla to bring Epic's Unreal Engine 3 to the browser. As a sort of proof of concept, Mozilla debuted this BananaBread game demo that was built using WebGL, Emscripten, and the new JavaScript version called 'asm.js.' Mozilla says that it's working with the likes of EA, Disney, and ZeptoLab to optimize games for the mobile Web, as well." Emscripten was previously used to port Doom to the browser.

Chrome

[The+MAZZTer]

Looks like Chrome is looking to do this as well.

Re:I don't care

[The+MAZZTer]

A lot of plugins are only built for 32-bit browsers. It is a lot more work to get 32-bit plugins working in a 64-bit browser than in a 32-bit browser. Plus, there is no real advantage to using a 64-bit browser unless you want it to use more than 2gb of memory, and I thought one of the common complaints was that Firefox uses too much memory?

I'm not sure what you think the big deal is.

"new JavaScript version called 'asm.js.'"

[K.+S.+Kyosuke]

Asm.js is *not* a "new JavaScript version". Asm.js is to JavaScript what Squeak Slang is to Smalltalk, what Richard Kelsey's Pre-Scheme is to RxRS Scheme, and, more remotely, what RPython is to Python (although RPython is much richer in comparison with the other restricted languages, and really not all that JITtable - the translation process is very slow).

Re:I don't care

[wierd_w]

I've ued 64bit builds of nightly for some time now.

The issue is getting plugins to play nice.

You can't really blame Mozilla for not wanting to jump the shark, when they will catch all the flames for plugin makers who refuse to make their plugins 64bit friendly.

Right now, it's "whaaaaaa! I want 64bit builds!"

They offer a 64bit build, and then its "whaaaa! Flash plugin doesn't work! Noscript doesn't work! Adblock Plus doesn't work! Its horrible, and it crashes to boot!"

The market has to build up enough pressure to push out the colonic obstructions in the way of 64bit adoption as the new standard. It will take awhile.

Re:Remember the good old days?

[Pieroxy]

What happened to seeing a grid of 80x25 characters on a black background? Progress.

Re:I don't care

[dyingtolive]

You're wrong! 64 bit is better because the number is bigger! It has more bits! AC learned this when he got his MBA.

Re:Hot Dog!

Javascript is to Java as a smart person is to you.

64-bit gives better security

[pavon]

Plus, there is no real advantage to using a 64-bit browser unless you want it to use more than 2gb of memory

ASLR (Address Space Layout Randomization) is far more effective in a 64-bit address space than in a 32-bit address space. Browsers need all the layers of protection they can get from exploits.

On the other hand, WebGL gives any website in the world nearly direct access to exploit bugs in GPU drivers, significantly increasing the attack surface of the browser. I say nearly, because the browser does check all parameters for possible buffer overflow conditions before passing them onto OpenGL calls, but any other type of exploit is still possible.

I would definitely prefer that Firefox prioritize features that increase security over those that decrease it.

Re:Remember the good old days?

Yeah, now instead of just floppies as a virus transmission medium, they're really write-once run everywhere.

No more customizing ASM for elf/win32. Better yet, because it's delivered over HTTP in a browser that's already authenticated to a proxy server if there is one, we have an instant authenticated outbound tunnel which can utilize json-p to establish a backchannel as long as the browser is open to any other HTTP service!

But best of all, the new and improved technology ships in with built-in advertising frameworks, remote execution tracking, user analytics, the ability to sniff platform information, and built-in DRM -- if I unplug my server nobody can run the app ever again.

Look -- you can call it progress because the UX is improved, because the system is faster than the old ones (the same way my phone is faster than an old TI or the ENIAC ...)

But I dispute your use of the word progress, as do many other wholly reasonable individuals. The system runs are fractions of native speed on poorly specified, highly ambiguous platforms. It strips away my control of local execution, and 'just happens to' hand over information that was traditionally not reported to all types of unidentified third parties.

Beyond that, a lot of this completely and utterly circumvents the traditional IT process. What used to involve testing, specification has been replaced with "requires chrome 21+" -- except it will import three different scripts, which will load 20 more remote scripts (all anonymously namespaced to avoid conflict/collision), load 4 different versions of jQuery between them (CDN will speed it up if done properly) -- any single one of which *might* be swapped out at any time without notification to IT.

And any single one of which is technically capable of doing all of the horrible things I mentioned above -- in addition to delivering the traditional problems in the form of a real exploit.

You can keep your damned progress, and I'll keep my computer.

Re:Javascript engine evolution

[hairyfeet]

Considering the fact that Windows has had low rights mode for 6 years now and Firefox STILL doesn't support it? I don't know how much I'd trust running GPU code on their browser. Heck I don't know if I'd trust it on ANY browser but at least the Chromium based do sandboxing and use low rights mode to help minimize the risk.

Just see my "Yahoo porn bug" to see why supporting low rights mode is good and not supporting it is bad, that trick that allows spammers to send spam to every address in someone's Yahoo email ONLY works on Firefox, not on Chromium based nor IE, because in those browsers the browser has less rights than the user.

Lets face it we really only have 3 major GPU vendors now and modern GPUs have processors, memory, and firmware, so they are just ripe for being the next big attack vector. Running code from any old website straight onto the GPU is just asking for it IMHO, just as Flash games were often used as an attack vector in the past anything that lets you get close enough to bare metal to get "near native" speeds is gonna be a nasty security risk.

Re:I don't care

[Enderandrew]

64-bit browsers are inherently more secure, and can access more memory. Native 64-bit apps also run faster. You're trying to call someone an idiot without realizing that you don't know what you're talking about in claiming there are no advantages.

http://arstechnica.com/information-technology/2012/11/64-bit-firefox-for-windows-should-be-prioritized-not-suspended/

Re:I don't care

[Enderandrew]

Firefox these days uses less memory than Chrome.

http://www.ghacks.net/2012/06/21/chrome-uses-way-more-memory-than-firefox-opera-or-internet-explorer/

Mind you, Chrome is still my everyday browser, but Firefox has gotten really good at being efficient with memory.

Re:Javascript engine evolution

I suspect the security concerns about WebGL are overblown. The code that runs on the GPU are vertex and fragment shaders. The shader language is very limited and exposes only a small surface between the host and the GPU. You can load/compile shader code, assign uniforms/attributes, share frame buffers and textures and that's about it. It's not as though the coder gets unfettered access to the entire DirectX stack.

Both firefox and chrome sanitize shader code so shaders can't play with whatever unsafe features some GPU might implement. One strength of WebGL (and OpenGL ES that's it's based on) is that the fixed function OpenGL API is gone; everything is done with shaders. That means the huge user-land fixed function API is gone and you're left with a simple API that just loads shader code and data (vectors, textures etc.) So the user-land attack surface is relatively small.

Vulnerabilities have been found in individual drivers but they've been few and fixed quickly. WebGL exploits are highly unlikely to be portable; they'll attack certain versions of GPU+drivers on certain OSs... broadly successful exploits won't be feasible.

Re:Javascript engine evolution

[buchner.johannes]

Ah, my mistake. "use asm" is a proposed Javascript feature:

... asm.js, a strict subset of JavaScript that can be used as a low-level, efficient target language for compilers. The asm.js language provides an abstraction similar to the C/C++ virtual machine: a large binary heap with efficient loads and stores, integer and floating-point arithmetic, first-order function definitions, and function pointers.

http://asmjs.org/spec/latest/
Also interesting:

You could write your programs in Asm.js, but the idea is that you will use other languages that compile to Asm.js. This opens up the possibility of converting existing desktop apps to run in the browser. Emscripten, for example, is a compiler that converts the LLVM bitcode intermediate language to either JavaScript or the asm.js subset.

http://www.i-programmer.info/news/167-javascript/5694-firefox-runs-javascript-games-at-native-speed.html

Re:Not me

[Mr.+McGibby]

That's fine. Plenty of people are doing it already. So nobody that matters really cares what you think.

Re:Remember the good old days?

[Hentes]

This. The web is popular because it's a simple way to deploy something that works across different OSes and different devices. On the users' part, no installation isrequired, and web apps are safely sandboxed. The web is thriving because of the shortcomings of native platforms.

"near-native performance"?

[edxwelch]

It says that it's twice as slow as native c code. This must be a new definition of the word "near".

Re:Remember the good old days?

[tibman]

"them" could be anyone, including you. Spinning up Apache is something any beginner developer can work through. Or even better, just pay 3$ a month for a place to host your stuff. Now you are one of "them". I understand your argument but it's like saying we shouldn't use wikipedia because they could nuke the website tomorrow to spite us. I don't want to go back to Encarta on a CD.

Re:WHY?!?

[spage]

Why? Because you're in a browser right now and it's the most popular software platform ever.

Where's the controller/joystick API for the web browser?

https://wiki.mozilla.org/GamepadAPI

WebGL is just VRML version 2.

No it isn't.

We have too many layers of cruft/abstraction layers/API's to deal with.

WebGL sends shader programs to the GPU which executes them. There isn't a layer underneath it.

A properly designed "world browser" that actually starts in the 3D environment and perhaps renders flat 2D web pages as such would make a lot more sense instead of trying to shoehorn 3D into a 2D "web page"

People had no interest in such world browsers, several companies including Microsoft offered them in the 90s and they all died. Microsoft's 1997 technology was called Chrome (yes, really), and they promised "Chromeffects would turn a web browser into a rippling, 3D space with audio and video playback".

Meanwhile people do like 3D games, they do love running things in their browser, and the fullscreen API lets the game canvas go fullscreen. Enjoy your lawn.