The 3rd lsb bit for pointer tagging in V8
28 views
Skip to first unread message
Zhengyu Liu
Dec 4, 2023, 7:17:02 PM12/4/23
to v8-users
Hi, all!
By reading the document (https://v8.dev/blog/pointer-compression), it is saying that "V8 always allocates objects in the heap at word-aligned addresses, which allows it to use the 2 (or 3, depending on the machine word size) least significant bits for tagging."
let e = function () { return "Hello World!"; }; %DebugPrint(e); DebugPrint: 0x2bba0024aa7d: [Function] - map: 0x2bba0010439d <Map[32](HOLEY_ELEMENTS)> [FastProperties] - prototype: 0x2bba001042c5 <JSFunction (sfi = 0x2bba000c9405)> - elements: 0x2bba000006a5 <FixedArray[0]> [HOLEY_ELEMENTS] - function prototype: - initial_map: - shared_info: 0x2bba00119ced <SharedFunctionInfo e> - name: 0x2bba000029e9 <String[1]: #e> - builtin: CompileLazy - formal_parameter_count: 0 - kind: NormalFunction - context: 0x2bba00119dcd <ScriptContext[3]> - code: 0x2bba0030efdd <Code BUILTIN CompileLazy> - source code: () { return "Hello World!"; }
The address ends with 0xd (1101), indicating the heap chunk's address ends with 0xC. I wonder why the object address is not 8-bytes aligned (should always end with 0x0 or 0x8)?
By reading the document (https://v8.dev/blog/pointer-compression), it is saying that "V8 always allocates objects in the heap at word-aligned addresses, which allows it to use the 2 (or 3, depending on the machine word size) least significant bits for tagging."
Since V8 already uses the last 2 lsbs, for the x64 machine, I think I can use the 3rd lsb to store other pointer information (as on x64 machine, the object address should be 8 bytes aligned).
However, I found that even on an x64 machine, the object allocated on the heap is not necessarily 8-byte aligned as the third lsb bit is not always zero. For example,
However, I found that even on an x64 machine, the object allocated on the heap is not necessarily 8-byte aligned as the third lsb bit is not always zero. For example,
let e = function () { return "Hello World!"; }; %DebugPrint(e); DebugPrint: 0x2bba0024aa7d: [Function] - map: 0x2bba0010439d <Map[32](HOLEY_ELEMENTS)> [FastProperties] - prototype: 0x2bba001042c5 <JSFunction (sfi = 0x2bba000c9405)> - elements: 0x2bba000006a5 <FixedArray[0]> [HOLEY_ELEMENTS] - function prototype: - initial_map: - shared_info: 0x2bba00119ced <SharedFunctionInfo e> - name: 0x2bba000029e9 <String[1]: #e> - builtin: CompileLazy - formal_parameter_count: 0 - kind: NormalFunction - context: 0x2bba00119dcd <ScriptContext[3]> - code: 0x2bba0030efdd <Code BUILTIN CompileLazy> - source code: () { return "Hello World!"; }
Leszek Swirski
Dec 5, 2023, 12:22:51 PM12/5/23
to v8-users
This is because even on x64, V8-internal pointers are 32-bit and objects are 4 byte aligned, due to pointer compression (https://v8.dev/blog/pointer-compression)
Reply all
Reply to author
Forward
0 new messages