Browser & Frontend Runtime
The render pipeline: six stages from bytes to pixels
You hit Enter on a URL. Bytes start arriving. Somewhere between the first packet and the moment a button is clickable on screen, the browser ran a six-stage pipeline — and most pages spend the wrong amount of time in the wrong stage. The frame budget is 16.67 ms at 60 fps.
The six stages
The browser turns HTML + CSS + JS into pixels in exactly six steps, always in this order:
| Stage | What it does |
|---|---|
| Parse HTML | Walks the byte stream and builds the DOM tree |
| Build CSSOM | Reads stylesheets and builds the CSS Object Model |
| Style | Matches CSS rules to DOM nodes, resolves the cascade |
| Layout | Measures every box — positions and sizes |
| Paint | Fills pixels into bitmap layers |
| Composite | Assembles layers on the GPU and sends the frame to the screen |
Two threads do the work. The main thread owns Parse HTML, CSSOM construction, style recalc, layout, and paint setup. The compositor thread assembles GPU-friendly layers and ships them to the GPU.
| Stage | Thread | DevTools label |
|---|---|---|
| Parse HTML | Main | Parse HTML |
| Build CSSOM | Main | Parse Stylesheet |
| Style | Main | Recalculate Style |
| Layout | Main | Layout |
| Paint | Main | Paint |
| Composite | Compositor | Composite Layers |
The kitchen metaphor
The browser is a restaurant kitchen. Parsing HTML is reading the order ticket. CSSOM is reading the recipe book. Style is matching ingredients to dishes. Layout is measuring the plate and arranging food on it. Paint is the actual cooking — heat and colour. Composite is the runner who picks up six plates at once and walks them to the table.
If any station is slow, the whole table waits.
The 16.67 ms frame budget
You hit 60 frames per second only if the whole kitchen finishes in 16.67 ms. Drop a frame and the user sees a stutter — a scrolling list judders, a button feels sticky, a chart lags behind the mouse.
The fix is almost never “make JS faster” — it’s “stop the kitchen from re-doing layout when it could have just rearranged plates.”
Why this works
120 Hz monitors (iPhone Pro, Pixel flagship) halve the budget to 8.33 ms per frame. Variable-refresh-rate panels (Android “LTPO”) run between 1 Hz and 120 Hz, so the budget changes dynamically. If you target 60 fps you are already on the safe side for 90 Hz panels, but 120 Hz panels demand tighter budgets.
Read-aloud frame. Bea opens a profile card. Sven narrates the kitchen: “0.5 ms parse the avatar div, 0.4 ms build the styles, 0.2 ms match selectors, 3 ms measure boxes — wait, the image hadn’t loaded so we re-measured, that’s another 2 ms — 1.5 ms paint, 0.5 ms composite. Frame is 8.1 ms. Fine. Now what if the user scrolls and we re-trigger layout fifty times per second? That’s 100 ms per second on layout alone, six dropped frames, the scroll feels heavy.”
The browser runs these six stages in a fixed order. Drag them into the correct sequence.
- 1 Parse HTML → DOM tree
- 2 Build CSSOM from stylesheets
- 3 Style: match selectors, resolve cascade
- 4 Layout: measure box positions and sizes
- 5 Paint: fill pixels into bitmap layers
- 6 Composite: assemble layers on the GPU
Which thread does most of the work in the render pipeline?
A page hits 60 fps. What is the per-frame budget?
The browser-as-kitchen metaphor: parsing HTML is reading the order ticket; building CSSOM is reading the recipe book; style is matching ingredients to dishes; layout is measuring the plate; paint is the cooking. What is the runner who picks up six plates at once and walks them to the table?
A page must hit 60 frames per second. How many milliseconds does the browser have per frame?
- Total frame
- 16.67 ms
- Browser overhead (rAF, input, GC)
- ~6 ms
- JS + layout + paint budget
- ~10 ms
- Composite-only path
- ~0.5 ms / frame
- 01Name the six render pipeline stages in order.
- 02Which thread owns stages 1–5? Which owns stage 6?
- 03Why is 16.67 ms the per-frame budget at 60 fps?
The browser renders a page through six fixed stages: Parse HTML, Build CSSOM, Style, Layout, Paint, and Composite. The main thread owns the first five; the compositor thread runs the sixth. At 60 fps the total frame budget is 16.67 ms; after browser overhead, application code gets roughly 10 ms. The kitchen metaphor captures why composite is cheap — the runner moves finished plates without re-cooking anything. Lessons 2–4 in this unit unpack what each stage actually costs and how to cut those costs.
appears again in143
- Why GraphQL gets N+1junior
- DataLoader mechanics: tick-boundary batchingmiddle
- Batch function contracts: ordering, shapes, errorsmiddle
- Federation and lookahead: batching beyond DataLoadermiddle
- Query complexity defences: depth, cost, persisted queriesmiddle
- Senior GraphQL API: scheduling contract, tenant isolation, observabilitysenior
- Why idempotency: making retries safejunior
- Server-side state machine: four states of an idempotency keymiddle
- Outbox and inbox: effectively-once across the dual-write boundarymiddle
- Concurrency and cache architecture for idempotency at scalesenior
- Observability, production failures, and global-scale designsenior
- What is a cache stampede and why it makes things worsejunior
- Lock and single-flight: bounding concurrent rebuildsmiddle
- XFetch: coordination-free probabilistic early expirationmiddle
- Stale-while-revalidate and CDN request coalescingmiddle
- Detecting stampedes and designing TTL for productionmiddle
- Metastable failure, fencing tokens, and production postmortemssenior
- What a relation is: tables, rows, keys, and constraintsjunior
- Constraints, keys, and Postgres data typesmiddle
- Normal forms, denormalization, and why schemas stickmiddle
- JSONB, arrays, and when a side table winsmiddle
- Heap storage, TOAST, and column alignmentsenior
- Schema integrity: deferral, versioning, and production failure modessenior
- Relational vs document, wide-column, graph, and key-valuesenior
- Index-only scans, the Visibility Map, and INCLUDEsenior
- Production failure modes and the index audit playbooksenior
- pg_statistic, ANALYZE, and production observabilitymiddle
- Production failure modes and plan stabilitysenior
- MVCC: why readers and writers never wait for each otherjunior
- Row versions and snapshots: the on-disk mechanicsmiddle
- HOT updates and isolation levels: what you gain and what you paymiddle
- Vacuum and bloat: keeping the storage tax boundedmiddle
- CLOG, XID wraparound, and MultiXact: deep visibility internalssenior
- SSI internals and production autovacuum tuningsenior
- Real-world MVCC failures, deployment patterns, and distributed snapshotssenior
- Connection pools: amortising the cost of a Postgres backendjunior
- PgBouncer session, transaction, and statement modesmiddle
- Pool sizing: the (cores × 2) + spindles formula and the two-layer stackmiddle
- Pool exhaustion and idle-in-transaction: the 3 AM failure modemiddle
- Migrating to transaction mode: rollout playbook and PgBouncer 1.21 prepared statementsmiddle
- The Postgres process model and why raising max_connections degrades throughputsenior
- Pooler landscape 2026, serverless connection storms, and the full failure-mode taxonomysenior
- What a schema migration is and why it replaces ad-hoc DDLjunior
- ADD COLUMN: instant in PG 11+ vs rewrite in older Postgresjunior
- The lock-queue failure mode: why instant DDL can freeze the databasemiddle
- Safe DDL patterns: NOT VALID, CONCURRENTLY, and unsafe-op fixesmiddle
- Expand-contract: zero-downtime for breaking schema changesmiddle
- Advisory locks, migration tools, and deploy coordinationsenior
- Migration failure taxonomy and production disciplinesenior
- Why sharding exists: the single-Postgres ceilingjunior
- Shard-key selection: hash, range, list, and directory strategiesmiddle
- Partitioning vs sharding: same word, two different thingsmiddle
- Co-location and Citus: the invariant that makes sharding usablemiddle
- The hot-shard failure mode: detection, isolation, and durable policymiddle
- Schema-based sharding and multi-tenancy alternativessenior
- Online resharding, 2PC, and the operational cost of shardingsenior
- The seven acts: from CREATE TABLE to Citusjunior
- Acts 1–3 in depth: schema, indexes, and planner statisticsmiddle
- Acts 4–6 in depth: MVCC bloat, connection pooling, and safe migrationsmiddle
- Act 7 in depth: sharding, co-location, and the seven-tier tradeoff cascademiddle
- Observability, anti-patterns, and production triagesenior
- Raft roles, terms, and why majority quorums prevent split brainjunior
- How Raft replicates a log entry and decides it is safe to commitmiddle
- Raft leader election: timeouts, voting rules, and the four safety propertiesmiddle
- Raft in the real world: partitions, slow disks, and client routingmiddle
- Raft extensions: pre-vote, learners, snapshots, and linearizable readssenior
- Raft in production: membership changes, Multi-Raft, and observabilitysenior
- Where data fetching happens — and why it decides LCPjunior
- Fetch waterfalls — diagnosis and the Promise.all curemiddle
- React Server Components and Suspense streamingmiddle
- Client-side cache: TanStack Query, SWR, and stale-while-revalidatemiddle
- LCP, prefetch, and race conditions in interactive fetchingmiddle
- Senior internals: RSC payload, caching layers, and production failure modessenior
- The three-way handshakejunior
- Sequence numbers and connection statemiddle
- DNS: what it does and why it existsjunior
- The resolver walk: referrals, record types, and gluemiddle
- TTL, caching, and DNS propagationmiddle
- The 1-RTT handshake: key shares and ECDHEmiddle
- Session resumption and 0-RTTmiddle
- WebSocket: the HTTP upgrade handshakejunior
- WebSocket frame format: opcodes, masking, fragmentationmiddle
- WebSocket backpressure: when clients can''''t keep upmiddle
- Reconnection: jittered backoff, thundering herd, message resumptionsenior
- WebSocket at scale: HTTP/2 multiplexing, permessage-deflate, C10Msenior
- WebSocket in production: proxies, security, and distributed architecturesenior
- What reverse proxies dojunior
- Health checks, connection draining, and slow startmiddle
- Session affinity, consistent hashing, and the right fixmiddle
- Retry storms, circuit breakers, and load sheddingsenior
- Resilient LB architecture: anycast, zone-aware routing, and observabilitysenior
- Why QUIC and not TCP+TLSjunior
- Connection IDs and network migrationmiddle
- 0-RTT resumption and packet encryptionsenior
- DDoS: what it is and why it worksjunior
- Amplification attacks and state exhaustionmiddle
- Rate limiting: algorithms and architecturemiddle
- WAFs, firewalls, mTLS, and HSTSmiddle
- DNS cache poisoning and BGP hijackingsenior
- Defense-in-depth architecture and attack economicssenior
- DNS, TCP, TLS in sequence: where the milliseconds gomiddle
- Proxy intercepts and security gates: rate limiters, WAF, mTLSmiddle
- Alternate paths: QUIC 0-RTT, WebSocket upgrade, connection migrationmiddle
- Observability: distributed traces, USE/RED, and samplingsenior
- Resilience: cascading retries, circuit breakers, and error budgetssenior
- What the three signals are: logs, metrics, and tracesjunior
- Why structured logs exist: the diary vs the spreadsheetjunior
- The production log schema: fields every line must carrymiddle
- PII redaction and log injectionsenior
- OTel Logs Data Model and audit logs as a subsystemsenior
- SLI, SLO, and the error budget: reliability by the numbersjunior
- Error budget policy, latency SLOs, and composite journeysmiddle
- Production SLO failures, self-observability, security, and the big picturesenior
- The incident loop: from pager to postmortem to preventionmiddle
- Cache lines, struct layout, and false sharingmiddle
- SIMD, SoA vs AoS, and memory bandwidthmiddle
- Cache-oblivious algorithms, PGO, and production failuressenior
- GC in production: observability, security, edge cases, and fleet governancesenior
- Batching: amortize fixed cost per operationjunior
- The batching window: size and wait timemiddle
- Batching in Kafka and Postgresmiddle
- io_uring and observability of batchingmiddle
- From Nagle to io_uring: evolution of batchingmiddle
- Backpressure, failure isolation, and batch security in productionsenior
- CI enforcement and RUM: making budgets stickmiddle
- V8 JIT pipeline, HTTP priorities, and bundle securitysenior
- The performance loop: discipline, not a projectjunior
- Classify and fix: matching bottleneck families to remediesmiddle
- Observability stack and CI gates: catching regressions before they shipmiddle
- Incident to enforcement: SLO burn to verified fix in 35 minutesmiddle
- Culture, economics, and org-scale performancesenior
- At-most-once, at-least-once, exactly-once: the three delivery contractsjunior
- The three failure legs — where duplicates and losses actually happenmiddle
- Consumer-side dedup: the cheapest path to exactly-once processingmiddle
- Kafka exactly-once semantics: idempotent producer and transactionsmiddle
- SQS visibility timeout, DLQ, and the outbox patternmiddle
- Exactly-once in production: impossibility proof, hybrid patterns, and real incidentssenior
- What OAuth is and why passwords are not the answerjunior
- Authorization code flow with PKCEmiddle
- ID token validation and JWKS cache managementmiddle
- Refresh token rotation and scope-based least privilegemiddle
- Sender-constrained tokens: DPoP and mTLSsenior
- OAuth in production: audience attacks, observability, and real failuressenior