Upgrade to Pro — share decks privately, control downloads, hide ads and more …

V8 internals for JavaScript developers

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Mathias Bynens Mathias Bynens
September 04, 2017
Technology
1
190

V8 internals for JavaScript developers

Google Experts Summit 2017

Avatar for Mathias Bynens

Mathias Bynens

September 04, 2017
Tweet

More Decks by Mathias Bynens

See All by Mathias Bynens
V8 internals for JavaScript developers @ Fronteers 2018
Avatar for Mathias Bynens mathiasbynens
3
520
V8 internals for JavaScript developers
Avatar for Mathias Bynens mathiasbynens
2
1k
What’s new in ES2018?
Avatar for Mathias Bynens mathiasbynens
2
160
Preventing timing attacks on the web @ Fronteers Jam 2016
Avatar for Mathias Bynens mathiasbynens
4
280
Front-End Performance: The Dark Side @ ColdFront Conference 2016
Avatar for Mathias Bynens mathiasbynens
1
510
Hacking with Unicode in 2016
Avatar for Mathias Bynens mathiasbynens
15
15k
Front-End Performance: The Dark Side @ Fronteers Spring Conference 2016
Avatar for Mathias Bynens mathiasbynens
16
57k
3.14 things I didn’t know about CSS @ CSSConf.asia 2015
Avatar for Mathias Bynens mathiasbynens
4
1.2k
3.14 things I didn’t know about CSS @ CSS Day 2014
Avatar for Mathias Bynens mathiasbynens
70
29k

Other Decks in Technology

See All in Technology
プロダクト成長を支える開発基盤とスケールに伴う課題
Avatar for yuu26 yuu26
4
1.3k
GCASアップデート(202510-202601)
Avatar for 高橋広和 techniczna
0
250
Deno・Bunの標準機能やElysiaJSを使ったWebSocketサーバー実装 / ラーメン屋を貸し切ってLT会! IoTLT 2026新年会
Avatar for you(@youtoy) you
PRO
0
290
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
10k
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
Avatar for 高棹大樹 daitak
0
330
生成AI時代にこそ求められるSRE / SRE for Gen AI era
Avatar for ymotongpoo ymotongpoo
5
2.7k
Agile Leadership Summit Keynote 2026
Avatar for seki at druby.org m_seki
1
440
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
Avatar for ktykogm 0gm
0
770
2人で作ったAIダッシュボードが、開発組織の次の一手を照らした話― Cursor × SpecKit × 可視化の実践 ― Qiita AI Summit
Avatar for NOBORU ITOU noalisaai
1
370
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
Avatar for Serverless Operations slsops
2
210
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
Avatar for Miki Matsumoto mikimatsumoto
0
190
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
Avatar for AEON aeonpeople
6
2.1k

Featured

See All Featured
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
800
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.2k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
10
1.1k
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
110
How to Align SEO within the Product Triangle To Get 
Buy-In & Support - #RIMC
Avatar for Aleyda Solis aleyda
1
1.4k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
210
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.2k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
3
97
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.6k

Transcript

  1. None

  2. V8 internals for JavaScript developers @mathias

  3. Elements kinds in V8

  4. const array = [1, 2, 3];

  5. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

  6. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56);

  7. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS

  8. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x');

  9. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  10. Smi Doubles Regular elements Elements kinds

  11. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  12. array.length; // 5 index 0 1 2 3 4 value

    1 2 3 4.56 'x'

  13. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  14. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes // elements kind: HOLEY_ELEMENTS index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  15. array[8]; // → ??? index 0 1 2 3 4

    5 6 7 8 9 value 1 2 3 4.56 'x' 1

  16. array[8]; // → ??? ❌ index 0 1 2 3

    4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  17. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  18. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  19. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  20. index 0 1 2 3 4 5 6 7 8

    9 value 1 2 3 4.56 'x' 1 array[8]; // → ??? ❌ 8 >= 0 && 8 < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌

  21. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false

  22. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌

  23. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false

  24. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false ✅

  25. array[8]; // → undefined ✅ 8 >= 0 && 8

    < array.length; // bounds check // → true hasOwnProperty(array, '8'); // → false hasOwnProperty(Array.prototype, '8'); // → false hasOwnProperty(Object.prototype, '8'); // → false ✅

  26. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  27. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  28. array[0]; // → ???

  29. array[0]; // → ??? ❌

  30. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true

  31. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌

  32. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true

  33. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true ✅

  34. array[0]; // → 1 ✅ 0 >= 0 && 0

    < array.length; // bounds check // → true hasOwnProperty(array, '0'); // → true ✅

  35. PACKED > HOLEY

  36. PACKED > HOLEY

  37. Smi Doubles Regular elements Elements kinds

  38. Smi, packed Doubles, packed Regular elements, packed Smi, holey Doubles,

    holey Regular elements, holey

  39. lattice

  40. PACKED_SMI_ELEMENTS HOLEY_SMI_ELEMENTS PACKED_DOUBLE_ELEMENTS HOLEY_DOUBLE_ELEMENTS PACKED_ELEMENTS HOLEY_ELEMENTS

  41. const array = new Array(3);

  42. const array = new Array(3); index 0 1 2 value

  43. const array = new Array(3); // HOLEY_SMI_ELEMENTS index 0 1

    2 value

  44. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    index 0 1 2 value 'a'

  45. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS index 0 1 2 value 'a'

  46. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; index 0 1 2 value 'a' 'b'

  47. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; index 0 1 2 value 'a' 'b' 'c' now packed!

  48. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; // HOLEY_ELEMENTS (still!) now packed! but it’s too late index 0 1 2 value 'a' 'b' 'c'

  49. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

  50. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

    // … array.push(someValue); array.push(someOtherValue);

  51. Avoid holes! #ProTip Avoid holes

  52. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  53. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  54. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); } for (let index = 0; index < items.length; index++) { doSomething(item); }

  55. for (const item of items) { doSomething(item); }

  56. Avoid holes! #ProTip Avoid out-of-bounds reads

  57. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS

  58. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS

  59. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS [3, 2, 1, NaN, Infinity]; // PACKED_DOUBLE_ELEMENTS

  60. Avoid holes! #ProTip Avoid elements kind transitions

  61. const arrayLike = {}; arrayLike[0] = 'a'; arrayLike[1] = 'b';

    arrayLike[2] = 'c'; arrayLike.length = 3;

  62. Array.prototype.forEach.call(arrayLike, (value, index) => { console.log(`${ index }: ${ value

    }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  63. const actualArray = Array.prototype.slice.call(arrayLike, 0); actualArray.forEach((value, index) => { console.log(`${

    index }: ${ value }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  64. const logArgs = function() { Array.prototype.forEach.call(arguments, (value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  65. const logArgs = (...args) => { args.forEach((value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  66. Avoid holes! #ProTip Prefer arrays over array-like objects

  67. $

  68. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8

  69. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax

  70. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8>

  71. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3];

  72. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array);

  73. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …

  74. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …
  75. None

  76. Avoid holes. — J.K. Rowling

  77. Avoid holes. Avoid out-of-bounds reads. — ancient Chinese proverb

  78. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. —

    Justin Bieber

  79. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. — Albert Einstein

  80. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. Eat your vegetables. — this slide, just now

  81. Thank you! @mathias