Upgrade to Pro — share decks privately, control downloads, hide ads and more …

V8 internals for JavaScript developers

Mathias Bynens
September 04, 2017
Technology
1
150

V8 internals for JavaScript developers

Google Experts Summit 2017

Mathias Bynens

September 04, 2017
Tweet

More Decks by Mathias Bynens

See All by Mathias Bynens
V8 internals for JavaScript developers @ Fronteers 2018
mathiasbynens
3
490
V8 internals for JavaScript developers
mathiasbynens
2
850
What’s new in ES2018?
mathiasbynens
2
130
Preventing timing attacks on the web @ Fronteers Jam 2016
mathiasbynens
4
230
Front-End Performance: The Dark Side @ ColdFront Conference 2016
mathiasbynens
1
380
Hacking with Unicode in 2016
mathiasbynens
15
14k
Front-End Performance: The Dark Side @ Fronteers Spring Conference 2016
mathiasbynens
16
57k
3.14 things I didn’t know about CSS @ CSSConf.asia 2015
mathiasbynens
4
990
3.14 things I didn’t know about CSS @ CSS Day 2014
mathiasbynens
70
29k

Other Decks in Technology

See All in Technology
Amazon CloudWatch を使って NW 監視を行うには
o11yfes2023
0
170
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
260
ガバクラのAWS長期継続割引 ~次の4/1に慌てないために~
hamijay_cloud
1
290
より良い開発者体験を実現するために~開発初心者が感じた生成AIの可能性~
masakiokuda
0
200
勝手に!深堀り!Cloud Run worker pools / Deep dive Cloud Run worker pools
iselegant
2
450
技術者はかっこいいものだ!!~キルラキルから学んだエンジニアの生き方~
masakiokuda
2
270
watsonx.data上のベクトル・データベース Milvusを見てみよう/20250418-milvus-dojo
mayumihirano
0
120
AI Agentを「期待通り」に動かすために:設計アプローチの模索と現在地
kworkdev
PRO
2
460
日経電子版 for Android の技術的課題と取り組み(令和最新版)/android-20250423
nikkei_engineer_recruiting
0
420
生成AIによるCloud Native基盤構築の可能性と実践的ガードレールの敷設について
nwiizo
7
1k
【Oracle Cloud ウェビナー】ご希望のクラウドでOracle Databaseを実行〜マルチクラウド・ソリューション徹底解説〜
oracle4engineer
PRO
1
100
Amazon CloudWatch Application Signals ではじめるバーンレートアラーム / Burn rate alarm with Amazon CloudWatch Application Signals
ymotongpoo
5
540

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Designing for Performance
lara
608
69k
A designer walks into a library…
pauljervisheath
205
24k
Designing for humans not robots
tammielis
252
25k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.1k
Six Lessons from altMBA
skipperchong
27
3.7k
Optimizing for Happiness
mojombo
377
70k
Site-Speed That Sticks
csswizardry
5
500
Done Done
chrislema
183
16k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Into the Great Unknown - MozCon
thekraken
37
1.7k
YesSQL, Process and Tooling at Scale
rocio
172
14k

Transcript

  1. None

  2. V8 internals for JavaScript developers @mathias

  3. Elements kinds in V8

  4. const array = [1, 2, 3];

  5. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

  6. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56);

  7. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS

  8. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x');

  9. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  10. Smi Doubles Regular elements Elements kinds

  11. const array = [1, 2, 3]; // elements kind: PACKED_SMI_ELEMENTS

    array.push(4.56); // elements kind: PACKED_DOUBLE_ELEMENTS array.push('x'); // elements kind: PACKED_ELEMENTS

  12. array.length; // 5 index 0 1 2 3 4 value

    1 2 3 4.56 'x'

  13. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  14. array.length; // 5 array[9] = 1; // array[5] until array[8]

    are now holes // elements kind: HOLEY_ELEMENTS index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  15. array[8]; // → ??? index 0 1 2 3 4

    5 6 7 8 9 value 1 2 3 4.56 'x' 1

  16. array[8]; // → ??? ❌ index 0 1 2 3

    4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  17. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  18. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  19. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false index 0 1 2 3 4 5 6 7 8 9 value 1 2 3 4.56 'x' 1

  20. index 0 1 2 3 4 5 6 7 8

    9 value 1 2 3 4.56 'x' 1 array[8]; // → ??? ❌ 8 >= 0 && 8 < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌

  21. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false

  22. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌

  23. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false

  24. array[8]; // → ??? ❌ 8 >= 0 && 8

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '8'); // → false ❌ hasOwnProperty(Array.prototype, '8'); // → false ❌ hasOwnProperty(Object.prototype, '8'); // → false ✅

  25. array[8]; // → undefined ✅ 8 >= 0 && 8

    < array.length; // bounds check // → true hasOwnProperty(array, '8'); // → false hasOwnProperty(Array.prototype, '8'); // → false hasOwnProperty(Object.prototype, '8'); // → false ✅

  26. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  27. packedArray[8]; // → undefined ✅ 8 >= 0 && 8

    < packedArray.length; // bounds check // → true ✅ hasOwnProperty(packedArray, '8'); // → true ✅ hasOwnProperty(Array.prototype, '8'); // → false ✅ hasOwnProperty(Object.prototype, '8'); // → false ✅

  28. array[0]; // → ???

  29. array[0]; // → ??? ❌

  30. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true

  31. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌

  32. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true

  33. array[0]; // → ??? ❌ 0 >= 0 && 0

    < array.length; // bounds check // → true ❌ hasOwnProperty(array, '0'); // → true ✅

  34. array[0]; // → 1 ✅ 0 >= 0 && 0

    < array.length; // bounds check // → true hasOwnProperty(array, '0'); // → true ✅

  35. PACKED > HOLEY

  36. PACKED > HOLEY

  37. Smi Doubles Regular elements Elements kinds

  38. Smi, packed Doubles, packed Regular elements, packed Smi, holey Doubles,

    holey Regular elements, holey

  39. lattice

  40. PACKED_SMI_ELEMENTS HOLEY_SMI_ELEMENTS PACKED_DOUBLE_ELEMENTS HOLEY_DOUBLE_ELEMENTS PACKED_ELEMENTS HOLEY_ELEMENTS

  41. const array = new Array(3);

  42. const array = new Array(3); index 0 1 2 value

  43. const array = new Array(3); // HOLEY_SMI_ELEMENTS index 0 1

    2 value

  44. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    index 0 1 2 value 'a'

  45. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS index 0 1 2 value 'a'

  46. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; index 0 1 2 value 'a' 'b'

  47. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; index 0 1 2 value 'a' 'b' 'c' now packed!

  48. const array = new Array(3); // HOLEY_SMI_ELEMENTS array[0] = 'a';

    // HOLEY_ELEMENTS array[1] = 'b'; array[2] = 'c'; // HOLEY_ELEMENTS (still!) now packed! but it’s too late index 0 1 2 value 'a' 'b' 'c'

  49. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

  50. const array = ['a', 'b', 'c']; // elements kind: PACKED_ELEMENTS

    // … array.push(someValue); array.push(someOtherValue);

  51. Avoid holes! #ProTip Avoid holes

  52. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  53. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); }

  54. for (let i = 0, item; (item = items[i]) !=

    null; i++) { doSomething(item); } for (let index = 0; index < items.length; index++) { doSomething(item); }

  55. for (const item of items) { doSomething(item); }

  56. Avoid holes! #ProTip Avoid out-of-bounds reads

  57. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS

  58. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS

  59. [3, 2, 1, +0]; // PACKED_SMI_ELEMENTS [3, 2, 1, -0];

    // PACKED_DOUBLE_ELEMENTS [3, 2, 1, NaN, Infinity]; // PACKED_DOUBLE_ELEMENTS

  60. Avoid holes! #ProTip Avoid elements kind transitions

  61. const arrayLike = {}; arrayLike[0] = 'a'; arrayLike[1] = 'b';

    arrayLike[2] = 'c'; arrayLike.length = 3;

  62. Array.prototype.forEach.call(arrayLike, (value, index) => { console.log(`${ index }: ${ value

    }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  63. const actualArray = Array.prototype.slice.call(arrayLike, 0); actualArray.forEach((value, index) => { console.log(`${

    index }: ${ value }`); }); // This logs '0: a', then '1: b', and finally '2: c'.

  64. const logArgs = function() { Array.prototype.forEach.call(arguments, (value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  65. const logArgs = (...args) => { args.forEach((value, index) => {

    console.log(`${ index }: ${ value }`); }); }; logArgs('a', 'b', 'c'); // This logs '0: a', then '1: b', and finally '2: c'.

  66. Avoid holes! #ProTip Prefer arrays over array-like objects

  67. $

  68. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8

  69. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax

  70. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8>

  71. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3];

  72. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array);

  73. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …

  74. $ rlwrap ~/projects/v8/out.gn/x64.debug/d8 --allow-natives-syntax V8 version 6.2.0 (candidate) d8> const

    array = [1, 2, 3]; %DebugPrint(array); DebugPrint: 0x313389e0e551: [JSArray] - map = 0x3133e0582889 [FastProperties] - prototype = 0x313360387f81 - elements = 0x313389e0e4c9 <FixedArray[3]> [PACKED_SMI_ELEMENTS (COW)] - length = 3 - properties = 0x3133dae02241 <FixedArray[0]> { #length: 0x31336c242839 <AccessorInfo> (const accessor descriptor) } …
  75. None

  76. Avoid holes. — J.K. Rowling

  77. Avoid holes. Avoid out-of-bounds reads. — ancient Chinese proverb

  78. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. —

    Justin Bieber

  79. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. — Albert Einstein

  80. Avoid holes. Avoid out-of-bounds reads. Avoid elements kind transitions. Prefer

    arrays over array-like objects. Eat your vegetables. — this slide, just now

  81. Thank you! @mathias