I agree with your point; while functionality portability is important, we really want performance portability too.
A big challenge we seem to have with any of the available options is convincing all the major browser makers to agree on something. And even though asm.js won't have perfect performance portability at first, it looks like it should be a much easier sell to browser vendors than Dart or NaCl were.
With asm.js, browser vendors won't need to add a new VM. They'll just need new optimizations within their existing VM. There's no new security model to understand, no API from someone else's browser to emulate, and no large set of features which will be redundant between VMs.
And, asm.js has a lot lower risk of becoming a legacy nightmare if it doesn't catch on. Or if the specification changes. It's just optimizations, so there's room to maneuver when customers with old code demand that you support them forever.
On security, I'm not sure I agree. Part of achieving optimizations is making enough assumptions to perform them, and that leaves you open to holes in your validator. If validation isn't correct, then you could potentially trigger the optimizer to create bad code that would be exploitable.
We've basically moved to Java bytecode verification to asm.js verification. This is just speculation, but I'm actually concerned about the potential security implications.
A big challenge we seem to have with any of the available options is convincing all the major browser makers to agree on something. And even though asm.js won't have perfect performance portability at first, it looks like it should be a much easier sell to browser vendors than Dart or NaCl were.
With asm.js, browser vendors won't need to add a new VM. They'll just need new optimizations within their existing VM. There's no new security model to understand, no API from someone else's browser to emulate, and no large set of features which will be redundant between VMs.
And, asm.js has a lot lower risk of becoming a legacy nightmare if it doesn't catch on. Or if the specification changes. It's just optimizations, so there's room to maneuver when customers with old code demand that you support them forever.