This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
This is the Bun WebKit fork - a customized version of WebKit's JavaScriptCore engine optimized for Bun's runtime. The repository contains three core components:
- JavaScriptCore (JSC): The JavaScript engine with multi-tier JIT compilation
- WTF (Web Template Framework): Platform abstraction and utility library
- bmalloc: High-performance memory allocator
# Debug build (recommended for development)
bun build.ts debug
# Release build
bun build.ts release
# Release with LTO (Link Time Optimization)
bun build.ts lto# macOS
bash mac-release.bash
# Linux (Docker-based)
bash release.sh
# Linux musl (Docker-based)
bash musl-release.sh
# Windows
./windows-release.ps1# Configure
cmake -G Ninja \
-DPORT=JSCOnly \
-DENABLE_STATIC_JSC=ON \
-DUSE_BUN_JSC_ADDITIONS=ON \
-DUSE_BUN_EVENT_LOOP=ON \
-DENABLE_FTL_JIT=ON \
-DCMAKE_BUILD_TYPE=Debug \
/path/to/webkit
# Build
cmake --build . --target jscUSE_BUN_JSC_ADDITIONS=ON: Enable Bun-specific featuresUSE_BUN_EVENT_LOOP=ON: Use Bun's event loop implementationENABLE_FTL_JIT=ON: Enable the FTL (Faster Than Light) JIT tierENABLE_STATIC_JSC=ON: Build static libraries instead of sharedENABLE_SANITIZERS=address: Enable AddressSanitizer for debugging
JSC uses a 4-tier JIT compilation strategy:
-
LLInt (
llint/): Low-level interpreter written in assembly- First execution tier for all code
- Collects profiling data for optimization decisions
-
Baseline JIT (
jit/): Template-based JIT compiler- Quick compilation with inline caching
- Moderate optimizations
-
DFG (
dfg/): Data Flow Graph optimizer- SSA-based intermediate representation
- Type speculation and profiling-guided optimizations
-
FTL (
ftl/): Highest optimization tier- Uses B3 backend (
b3/) for advanced optimizations - LLVM-level optimization capabilities
- Uses B3 backend (
-
Runtime (
runtime/): Core VM, object model, and built-in typesVM.h/cpp: Central virtual machine orchestratorJSGlobalObject.h/cpp: Global JavaScript environmentJSValue.h: Value representation system
-
Parser (
parser/): JavaScript parsing and AST generation- Recursive descent parser with semantic analysis
- Module dependency resolution
-
Bytecode (
bytecode/,bytecompiler/): Bytecode generation and managementBytecodeGenerator: AST to bytecode compiler- Profiling metadata and optimization hints
-
Heap (
heap/): Garbage collection and memory management- Generational GC with incremental marking
- IsoSubspace for type isolation
-
API (
API/): External interfaces- C API: Traditional JSContextRef/JSValueRef interface
- Objective-C API: Higher-level wrappers
Platform abstraction layer providing:
- Threading: Cross-platform thread management and synchronization
- Memory: Smart pointers (RefPtr, UniquePtr) and containers
- Text: String handling with AtomString optimizations
- Utilities: Assertions, logging, time handling
Key files:
wtf/Platform.h: Platform detection and configurationwtf/FastMalloc.h/cpp: Performance-optimized memory allocationwtf/text/AtomString.h: Interned string implementationwtf/RunLoop.h: Event loop abstraction
High-performance memory allocator with:
- IsoHeap: Type-segregated heaps for security and performance
- Gigacage: Security boundaries for typed arrays
- Scavenger: Periodic memory decommit
- libpas: Physical Address Space management
-
V8 Heap Snapshot Support
heap/BunV8HeapSnapshotBuilder.h/cpp- Generates V8-compatible heap snapshots for debugging tools
-
AsyncLocalStorage
runtime/InternalFieldTuple.h- Node.js-compatible async context tracking
-
Inspector Extensions
inspector/protocol/BunFrontendDevServer.json- Custom dev server domain for HMR and bundling
-
Enhanced Error Handling
- Stack trace improvements
- Better error reporting for development
Custom event loop implementation for Bun's runtime requirements
# After building
./WebKitBuild/Debug/bin/jsc [script.js]
./WebKitBuild/Release/bin/jsc [script.js]# C++ tests
./WebKitBuild/Debug/bin/testmasm
./WebKitBuild/Debug/bin/testb3
# JavaScript tests (from JSTests directory)
./Tools/Scripts/run-javascriptcore-tests- For JavaScript execution: Start with
runtime/,interpreter/,jit/ - For memory/GC work: Focus on
heap/,bmalloc/ - For optimizations: Look at
dfg/,ftl/,b3/ - For API changes: Check
API/and bindings - For platform code: See
wtf/and platform-specific subdirectories
- Use debug builds for development (
bun build.ts debug) - Enable sanitizers for memory debugging:
ENABLE_SANITIZERS=address - Use
dataLog()for printf-style debugging in JSC code - Set breakpoints in tier transitions:
DFG::Plan::compileInThread,FTL::compile
- Adding opcodes: Edit
bytecode/BytecodeList.rb, regenerate with build - Runtime functions: Add to appropriate
runtime/*files - JIT optimizations: Modify relevant tier in
jit/,dfg/, orftl/ - Heap/GC changes: Update
heap/components
- Use
ninjafor faster incremental builds ccachecan significantly speed up rebuilds- For quick iterations, build only
jsctarget instead of full WebKit
GitHub Actions workflows (.github/workflows/build.yml) build for:
- macOS: x64/arm64, debug/release/ASAN builds
- Linux: x64/arm64, glibc/musl, debug/release/LTO/ASAN
- Windows: x64, debug/release
Artifacts are automatically published to GitHub releases as autobuild-{sha}.
- IsoHeaps provide type segregation for security
- Gigacage prevents out-of-bounds access in typed arrays
- Conservative stack scanning ensures C++ integration safety
- LLInt provides fast startup
- Baseline JIT balances compilation time vs execution speed
- DFG/FTL optimize hot code paths
- Inline caches accelerate property access
- Polymorphic inline caches handle multiple types efficiently
- Main thread runs JavaScript execution
- Compiler threads handle JIT compilation
- Marking threads assist with garbage collection
- DFG/FTL compilation happens off the main thread