Upgrade to Pro — share decks privately, control downloads, hide ads and more …

V8 internals for JavaScript developers

Mathias Bynens
September 04, 2017
Technology
1
150

V8 internals for JavaScript developers

Google Experts Summit 2017

Mathias Bynens

September 04, 2017
Tweet

More Decks by Mathias Bynens

See All by Mathias Bynens
V8 internals for JavaScript developers @ Fronteers 2018
mathiasbynens
3
480
V8 internals for JavaScript developers
mathiasbynens
2
850
What’s new in ES2018?
mathiasbynens
2
130
Preventing timing attacks on the web @ Fronteers Jam 2016
mathiasbynens
4
230
Front-End Performance: The Dark Side @ ColdFront Conference 2016
mathiasbynens
1
380
Hacking with Unicode in 2016
mathiasbynens
15
14k
Front-End Performance: The Dark Side @ Fronteers Spring Conference 2016
mathiasbynens
16
57k
3.14 things I didn’t know about CSS @ CSSConf.asia 2015
mathiasbynens
4
990
3.14 things I didn’t know about CSS @ CSS Day 2014
mathiasbynens
70
29k

Other Decks in Technology

See All in Technology
AI・LLM事業部のSREとタスクの自動運転
shinyorke
PRO
0
300
非エンジニアにも伝えるメールセキュリティ / Email security for non-engineers
ykanoh
13
4k
銀行でDevOpsを進める理由と実践例 / 20250317 Masaki Iwama
shift_evolve
1
110
Symfony in 2025: Scaling to 0
fabpot
2
210
SpannerとAurora DSQLの同時実行制御の違いに想いを馳せる
masakikato5
0
570
ペアプログラミングにQAが加わった!職能を超えたモブプログラミングの事例と学び
tonionagauzzi
1
150
ソフトウェア開発現代史: なぜ日本のソフトウェア開発は「滝」なのか?製造業の成功体験とのギャップ #jassttokyo
takabow
2
1.6k
大規模アジャイル開発のリアル!コミュニケーション×進捗管理×高品質
findy_eventslides
0
590
小さく始めるDevOps 内製化支援から見えたDevOpsの始め方 / 20250317 Ken Takayanagi
shift_evolve
1
110
IAMのマニアックな話 2025​ ~40分バージョン ~​
nrinetcom
PRO
8
950
Explainable Software Engineering in the Public Sector
avandeursen
0
370
3/26 クラウド食堂LT #2 GenU案件を通して学んだ教訓 登壇資料
ymae
1
210

Featured

See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.3k
Side Projects
sachag
452
42k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
118
51k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.3k
Designing Experiences People Love
moore
141
23k
Unsuck your backbone
ammeep
670
57k
Documentation Writing (for coders)
carmenintech
69
4.7k
Mobile First: as difficult as doing things right
swwweet
223
9.5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Product Roadmaps are Hard
iamctodd
PRO
52
11k

Transcript

  1. None

  2. V8 internals for JavaScript developers @mathias

  3. Elements kinds in V8

  4. const array = [1, 2, 3];

  5. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

  6. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56);

  7. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS

  8. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x');

  9. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  10. Smi Doubles Regular elements Elements kinds

  11. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  12. array.length; // 5 index 0 1 2 3 4 value

    1 2 3 4.56 'x'

  13. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  14. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes // elements kind: HOLEY_ELEMENTS index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  15. array[8]; // → ??? index 0 1 2 3 4

    5 6 7 8 9 value 1 2 3 4.56 'x' 1

  16. array[8]; // → ??? ❌ index 0 1 2 3

    4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  17. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  18. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  19. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  20. index 0 1 2 3 4 5 6 7 8

    9 value 1 2 3 4.56 'x' 1 array[8]; // → ??? ❌ 8 >= 0 && 8 < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌

  21. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false

  22. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌

  23. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false

  24. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false ✅

  25. array[8]; // → undefined ✅ 8 >= 0 && 8

    < array.length; // bounds check // → true hasOwnProperty(array, '8'); // → false hasOwnProperty(Array.prototype, '8'); // → false hasOwnProperty(Object.prototype, '8'); // → false ✅

  26. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  27. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  28. array[0]; // → ???

  29. array[0]; // → ??? ❌

  30. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true

  31. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌

  32. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true

  33. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true ✅

  34. array[0]; // → 1 ✅ 0 >= 0 && 0

    < array.length; // bounds check // → true hasOwnProperty(array, '0'); // → true ✅

  35. PACKED > HOLEY

  36. PACKED > HOLEY

  37. Smi Doubles Regular elements Elements kinds

  38. Smi, packed Doubles, packed Regular elements, packed Smi, holey Doubles,

    holey Regular elements, holey

  39. lattice

  40. PACKED_SMI_ELEMENTS HOLEY_SMI_ELEMENTS PACKED_DOUBLE_ELEMENTS HOLEY_DOUBLE_ELEMENTS PACKED_ELEMENTS HOLEY_ELEMENTS

  41. const array = new Array(3);

  42. const array = new Array(3); index 0 1 2 value

  43. const array = new Array(3); // HOLEY_SMI_ELEMENTS index 0 1

    2 value

  44. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    index 0 1 2 value 'a'

  45. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS index 0 1 2 value 'a'

  46. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; index 0 1 2 value 'a' 'b'

  47. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; index 0 1 2 value 'a' 'b' 'c' now packed!

  48. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; // HOLEY_ELEMENTS (still!) now packed! but it’s too late index 0 1 2 value 'a' 'b' 'c'

  49. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

  50. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

    // … array.push(someValue); array.push(someOtherValue);

  51. Avoid holes! #ProTip Avoid holes

  52. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  53. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  54. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); } for (let index = 0; index < items.length; index++) { doSomething(item); }

  55. for (const item of items) { doSomething(item); }

  56. Avoid holes! #ProTip Avoid out-of-bounds reads

  57. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS

  58. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS

  59. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS [3, 2, 1, NaN, Infinity]; // PACKED_DOUBLE_ELEMENTS

  60. Avoid holes! #ProTip Avoid elements kind transitions

  61. const arrayLike = {}; arrayLike[0] = 'a'; arrayLike[1] = 'b';

    arrayLike[2] = 'c'; arrayLike.length = 3;

  62. Array.prototype.forEach.call(arrayLike, (value, index) => { console.log(`${ index }: ${ value

    }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  63. const actualArray = Array.prototype.slice.call(arrayLike, 0); actualArray.forEach((value, index) => { console.log(`${

    index }: ${ value }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  64. const logArgs = function() { Array.prototype.forEach.call(arguments, (value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  65. const logArgs = (...args) => { args.forEach((value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  66. Avoid holes! #ProTip Prefer arrays over array-like objects

  67. $

  68. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8

  69. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax

  70. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8>

  71. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3];

  72. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array);

  73. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …

  74. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …
  75. None

  76. Avoid holes. — J.K. Rowling

  77. Avoid holes. Avoid out-of-bounds reads. — ancient Chinese proverb

  78. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. —

    Justin Bieber

  79. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. — Albert Einstein

  80. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. Eat your vegetables. — this slide, just now

  81. Thank you! @mathias