What does it do?

Prepack is a tool that optimizes JavaScript source code: Computations that can be done at compile-time instead of run-time get eliminated. Prepack replaces the global code of a JavaScript bundle with equivalent code that is a simple sequence of assignments. This gets rid of most intermediate computations and object allocations.


Hello World

(function () {
  function hello() { return 'hello'; }
  function world() { return 'world'; }
  global.s = hello() + ' ' + world();
(function () {
  s = "hello world";

Elimination of abstraction tax

(function () {
  var self = this;
  ['A', 'B', 42].forEach(function(x) {
    var name = '_' + x.toString()[0].toLowerCase();
    var y = parseInt(x);
    self[name] = y ? y : x;
(function () {
  _a = "A";
  _b = "B";
  _4 = 42;


(function () {
  function fibonacci(x) {
    return x <= 1 ? x : fibonacci(x - 1) + fibonacci(x - 2);
  global.x = fibonacci(23);
(function () {
  x = 28657;

Module Initialization

(function () {
  let moduleTable = {};
  function define(id, f) { moduleTable[id] = f; }
  function require(id) {
    let x = moduleTable[id];
    return x instanceof Function ? (moduleTable[id] = x()) : x;
  global.require = require;
  define("one", function() { return 1; });
  define("two", function() { return require("one") + require("one"); });
  define("three", function() { return require("two") + require("one"); });
  define("four", function() { return require("three") + require("one"); });
three = require("three");
(function () {
  function _2() {
    return 3 + 1;

  var _1 = {
    one: 1,
    two: 2,
    three: 3,
    four: _2

  function _0(id) {
    let x = _1[id];
    return x instanceof Function ? _1[id] = x() : x;

  require = _0;
  three = 3;

Note how most computations have been pre-initialized. However, the function that computes four (_2) remains in the residual program since it was not called at initialization time.

Environment Interactions and Branching

  function fib(x) { return x <= 1 ? x : fib(x - 1) + fib(x - 2); }
  let x =;
  if (x === 0) x = fib(10);
  global.result = x;
(function () {
  var _0 =;
  if (typeof _0 !== "number") {
    throw new Error("Prepack model invariant violation");
  result = _0 === 0 ? 55 : _0;

How does it work?

A few things have to come together to realize Prepack:

  • Abstract Syntax Tree (AST)Prepack operates at the AST level, using Babel to parse and generate JavaScript source code.
  • Concrete ExecutionAt the core of Prepack is an almost ECMAScript 5 compatible interpreter — implemented in JavaScript! The interpreter closely follows the ECMAScript 2016 Language Specification, with a focus on correctness and spec conformance. You can think of the interpreter in Prepack as a clean reference implementation of JavaScript.

    The interpreter has the ability to track and undo all effects, including all object mutations. This enables speculative optimizations.

  • Symbolic ExecutionIn addition to computing over concrete values, Prepack’s interpreter has the ability to operate on abstract values which typically arise from environment interactions. For example, can return an abstract value. You can also manually inject abstract values via auxiliary helper functions such as __abstract(). Prepack tracks all operations that are performed over abstract values. When branching over abstract values, Prepack will fork execution and explore all possibilities. Thus, Prepack implements a Symbolic Execution engine for JavaScript.
  • Abstract InterpretationSymbolic execution will fork when it encounters branches over abstract values. At control-flow merge-points, Prepack will join the diverged executions, implementing a form of Abstract Interpretation. Joining variables and heap properties may result in conditional abstract values. Prepack tracks information about value and type domains of abstract values.
  • Heap SerializationAt the end of the initialization phase when the global code returns, Prepack captures the final heap. Prepack walks the heap in order, generating fresh straightforward JavaScript code that creates and links all objects reachable in the initialized heap. Some of the values in the heap might be result of computations over abstract values. For those values, Prepack generates code that performs those computations as the original program would have done.

The Environment matters!

Out of the box, Prepack does not fully model a browser or node.js environment: Prepack has no built-in knowledge of document or window. In fact, when prepacking code which references such properties, they will evaluate to undefined. You would have to insert a model of the relevant functionality at the beginning of the code you want to prepack.

The following helper functions aid in writing models.

// Assume that a certain property has a simple known value.
__assumeDataProperty(global, "obscure", undefined);
// Assume that a certain property has a simple unknown value.
__assumeDataProperty(global, "notSoObscure", __abstract());
// Assume that a richly structured value exists
__assumeDataProperty(global, "rich", __abstract({
  x: __abstract("number"),
  y: __abstract("boolean"),
  z: __abstract("string"),
  nested: __abstract({
    x: __abstract()
// Forbid any accesses to an object except at known positions
// At this point, accessing global.obscure, global.notSoObscure, is okay,
// but accessing global.unknown or would cause an introspection error.

// The following tells Prepack to embed and call some code in the residual program.
// The code must not have any side effects on the reachable JavaScript heap.
__residual("object", function(delay) {
  return global.pushSelfDestructButton(delay);
}, "5 minutes");


Short Term

  • Stabilizing existing feature set for Prepacking of React Native bundles
  • Integration with React Native tool chain
  • Build out optimizations based on assumptions of the module system used by React Native

Medium Term

  • Implement further serialization optimizations, including
    • elimination of objects whose identity isn’t exposed,
    • elimination of unused exported properties,
  • Prepack individual functions, basic blocks, statements, expressions
  • Full ES6 Conformance
  • Generalize support for module systems
  • Assuming ES6 support for certain features, delay / ignore application of Polyfills
  • Implement further compatibility targets, in particular the web and node.js
  • Deeper Integration with a JavaScript VM to improve the heap deserialization process, including
    • expose a lazy object initialization concept — lazily initialize an object the moment it is touched for the first time, in a way that is not observable by JavaScript code
    • efficient encoding of common object creations via specialized bytecodes
    • splitting the code into two phases: 1) a non-environment dependent phase; the VM could safely capture & restore the resulting heap; followed by 2) an environment dependent phase which patches up the concrete heap by performing any residual computations over values obtained from the environment
  • Summarizing loops and recursion

Long Term — leveraging Prepack as a platform

  • JavaScript Playground — experiment with JavaScript features by tweaking a JavaScript engine written in JavaScript, all hosted just in a browser; think of it as a “Babel VM”, realizing new JavaScript features that cannot just be compiled away
  • Bug Finding — finding unconditional crashes, performance issues, …
  • Effect Analyzer, e.g. to detect possible side effects of module factory functions or to enforce pureness annotations
  • Type Analysis
  • Information Flow Analysis
  • Call Graph Inference, allowing inlining and code indexing
  • Automated Test Generation, leveraging the symbolic execution features in combination with a constraint solver to compute inputs that exercise different execution paths
  • Smart Fuzzing
  • JavaScript Sandbox — effectively instrument JavaScript code in a way that is not observable

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: