Upgrade to Pro — share decks privately, control downloads, hide ads and more …

V8 internals for JavaScript developers

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Mathias Bynens Mathias Bynens
September 04, 2017
Technology
1
200

V8 internals for JavaScript developers

Google Experts Summit 2017

Avatar for Mathias Bynens

Mathias Bynens

September 04, 2017
Tweet

More Decks by Mathias Bynens

See All by Mathias Bynens
V8 internals for JavaScript developers @ Fronteers 2018
Avatar for Mathias Bynens mathiasbynens
3
530
V8 internals for JavaScript developers
Avatar for Mathias Bynens mathiasbynens
2
1.1k
What’s new in ES2018?
Avatar for Mathias Bynens mathiasbynens
2
160
Preventing timing attacks on the web @ Fronteers Jam 2016
Avatar for Mathias Bynens mathiasbynens
4
280
Front-End Performance: The Dark Side @ ColdFront Conference 2016
Avatar for Mathias Bynens mathiasbynens
1
520
Hacking with Unicode in 2016
Avatar for Mathias Bynens mathiasbynens
15
15k
Front-End Performance: The Dark Side @ Fronteers Spring Conference 2016
Avatar for Mathias Bynens mathiasbynens
16
57k
3.14 things I didn’t know about CSS @ CSSConf.asia 2015
Avatar for Mathias Bynens mathiasbynens
4
1.2k
3.14 things I didn’t know about CSS @ CSS Day 2014
Avatar for Mathias Bynens mathiasbynens
70
29k

Other Decks in Technology

See All in Technology
身体を持ったパーソナルAIエージェントの 可能性を探る開発
Avatar for yoko / Naoki Yokomachi yokomachi
1
130
It’s “Time” to use Temporal
Avatar for Saji sajikix
3
220
実践 Datadog MCP Server
Avatar for 株式会社ヌーラボ nulabinc
PRO
2
240
Sansanでの認証基盤内製化と移行
Avatar for SansanTech sansantech
PRO
0
580
めちゃくちゃ開発するQAエンジニアになって感じたメリットとこれからの課題感
Avatar for yama-cha-n ryuhei0000yamamoto
0
130
[E2]CCoEはAI指揮官へ。Bedrock×MCPで構築するコスト・セキュリティ自律運用基盤
Avatar for ishii-takuya taku1418
0
190
AWS CDK「読めるけど書けない」を脱却するファーストステップ
Avatar for Makky12 smt7174
3
190
Zero Data Loss Autonomous Recovery Service サービス概要
Avatar for oracle4engineer oracle4engineer
PRO
2
13k
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例 
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
230
(Test) ai-meetup slide creation
Avatar for Oikon oikon48
3
460
AIエージェント、 社内展開の前に知っておきたいこと
Avatar for oracle4engineer oracle4engineer
PRO
2
160
決済サービスを支えるElastic Cloud - Elastic Cloudの導入と推進、決済サービスのObservability
Avatar for suzukij suzukij
2
660

Featured

See All Featured
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
74
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
180
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
1
200
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
130
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
60
43k
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
130
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
290
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.3k
Lessons Learnt from Crawling 1000+ Websites
Avatar for Charles Meaden charlesmeaden
PRO
1
1.1k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
Abbi's Birthday
Avatar for Violet Bock coloredviolet
2
5.4k

Transcript

  1. None

  2. V8 internals for JavaScript developers @mathias

  3. Elements kinds in V8

  4. const array = [1, 2, 3];

  5. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

  6. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56);

  7. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS

  8. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x');

  9. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  10. Smi Doubles Regular elements Elements kinds

  11. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  12. array.length; // 5 index 0 1 2 3 4 value

    1 2 3 4.56 'x'

  13. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  14. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes // elements kind: HOLEY_ELEMENTS index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  15. array[8]; // → ??? index 0 1 2 3 4

    5 6 7 8 9 value 1 2 3 4.56 'x' 1

  16. array[8]; // → ??? ❌ index 0 1 2 3

    4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  17. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  18. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  19. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  20. index 0 1 2 3 4 5 6 7 8

    9 value 1 2 3 4.56 'x' 1 array[8]; // → ??? ❌ 8 >= 0 && 8 < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌

  21. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false

  22. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌

  23. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false

  24. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false ✅

  25. array[8]; // → undefined ✅ 8 >= 0 && 8

    < array.length; // bounds check // → true hasOwnProperty(array, '8'); // → false hasOwnProperty(Array.prototype, '8'); // → false hasOwnProperty(Object.prototype, '8'); // → false ✅

  26. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  27. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  28. array[0]; // → ???

  29. array[0]; // → ??? ❌

  30. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true

  31. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌

  32. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true

  33. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true ✅

  34. array[0]; // → 1 ✅ 0 >= 0 && 0

    < array.length; // bounds check // → true hasOwnProperty(array, '0'); // → true ✅

  35. PACKED > HOLEY

  36. PACKED > HOLEY

  37. Smi Doubles Regular elements Elements kinds

  38. Smi, packed Doubles, packed Regular elements, packed Smi, holey Doubles,

    holey Regular elements, holey

  39. lattice

  40. PACKED_SMI_ELEMENTS HOLEY_SMI_ELEMENTS PACKED_DOUBLE_ELEMENTS HOLEY_DOUBLE_ELEMENTS PACKED_ELEMENTS HOLEY_ELEMENTS

  41. const array = new Array(3);

  42. const array = new Array(3); index 0 1 2 value

  43. const array = new Array(3); // HOLEY_SMI_ELEMENTS index 0 1

    2 value

  44. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    index 0 1 2 value 'a'

  45. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS index 0 1 2 value 'a'

  46. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; index 0 1 2 value 'a' 'b'

  47. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; index 0 1 2 value 'a' 'b' 'c' now packed!

  48. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; // HOLEY_ELEMENTS (still!) now packed! but it’s too late index 0 1 2 value 'a' 'b' 'c'

  49. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

  50. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

    // … array.push(someValue); array.push(someOtherValue);

  51. Avoid holes! #ProTip Avoid holes

  52. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  53. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  54. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); } for (let index = 0; index < items.length; index++) { doSomething(item); }

  55. for (const item of items) { doSomething(item); }

  56. Avoid holes! #ProTip Avoid out-of-bounds reads

  57. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS

  58. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS

  59. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS [3, 2, 1, NaN, Infinity]; // PACKED_DOUBLE_ELEMENTS

  60. Avoid holes! #ProTip Avoid elements kind transitions

  61. const arrayLike = {}; arrayLike[0] = 'a'; arrayLike[1] = 'b';

    arrayLike[2] = 'c'; arrayLike.length = 3;

  62. Array.prototype.forEach.call(arrayLike, (value, index) => { console.log(`${ index }: ${ value

    }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  63. const actualArray = Array.prototype.slice.call(arrayLike, 0); actualArray.forEach((value, index) => { console.log(`${

    index }: ${ value }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  64. const logArgs = function() { Array.prototype.forEach.call(arguments, (value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  65. const logArgs = (...args) => { args.forEach((value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  66. Avoid holes! #ProTip Prefer arrays over array-like objects

  67. $

  68. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8

  69. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax

  70. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8>

  71. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3];

  72. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array);

  73. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …

  74. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …
  75. None

  76. Avoid holes. — J.K. Rowling

  77. Avoid holes. Avoid out-of-bounds reads. — ancient Chinese proverb

  78. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. —

    Justin Bieber

  79. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. — Albert Einstein

  80. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. Eat your vegetables. — this slide, just now

  81. Thank you! @mathias