1615404900

# WebdriverIO 7 Rewritten in Typescript, Released with Improved Lighthouse Integration

he browser and mobile automation test framework  WebdriverIO recently  released a major update. Webdriver IO 7 is now written with TypeScript. TypeScript users may thus need to update their types, while JavaScript users should be largely unaffected. The new version also drops support for Node v10, upgrades the used Cucumber version to v7, and integrates better with Google Lighthouse.

Christian Bromann explained in the release note the reason behind the TypeScript rewrite:

As more and more contributors have joined the project, we’ve noticed that using pure JavaScript can be helpful to keep the entry barrier for contributions low, but that it ultimately decreases the quality of contributions overall. With the growing size of the code in the project, keeping up with all the different types that were thrown around was becoming more difficult for us as core contributors.

[…]

Our hope is that by moving to TypeScript, fewer bugs will be introduced during [the] continued development of the framework. It will help improve the quality of code contributions and the speed of development of certain features. It also brings more confidence in new versions that we ship to the user.

[…]

We have rewritten the complete code base and almost touched all files to add type safety and to fix a lot of bugs on the way.

WebdriverIO TypeScript users may, as a result, enjoy better type support across the API. The TypeScript configuration file tsconfig.json sees a few changes to reflect the changes in the type library. @wdio/sync (v6) should be replaced with webdriverio/sync, and webdriverio with webdriverio/async. In the latter case, the diff would be as follows:

// tsconfig.json
"types": [
"node",
- "webdriverio",
+ "webdriverio/async",
"@wdio/mocha-framework"
],


#development #typescript

1615404900

## WebdriverIO 7 Rewritten in Typescript, Released with Improved Lighthouse Integration

he browser and mobile automation test framework  WebdriverIO recently  released a major update. Webdriver IO 7 is now written with TypeScript. TypeScript users may thus need to update their types, while JavaScript users should be largely unaffected. The new version also drops support for Node v10, upgrades the used Cucumber version to v7, and integrates better with Google Lighthouse.

Christian Bromann explained in the release note the reason behind the TypeScript rewrite:

As more and more contributors have joined the project, we’ve noticed that using pure JavaScript can be helpful to keep the entry barrier for contributions low, but that it ultimately decreases the quality of contributions overall. With the growing size of the code in the project, keeping up with all the different types that were thrown around was becoming more difficult for us as core contributors.

[…]

Our hope is that by moving to TypeScript, fewer bugs will be introduced during [the] continued development of the framework. It will help improve the quality of code contributions and the speed of development of certain features. It also brings more confidence in new versions that we ship to the user.

[…]

We have rewritten the complete code base and almost touched all files to add type safety and to fix a lot of bugs on the way.

WebdriverIO TypeScript users may, as a result, enjoy better type support across the API. The TypeScript configuration file tsconfig.json sees a few changes to reflect the changes in the type library. @wdio/sync (v6) should be replaced with webdriverio/sync, and webdriverio with webdriverio/async. In the latter case, the diff would be as follows:

// tsconfig.json
"types": [
"node",
- "webdriverio",
+ "webdriverio/async",
"@wdio/mocha-framework"
],


#development #typescript

1654588030

## The Definitive Guide to TypeScript & Possibly The Best TypeScript Book

TypeScript Deep Dive

I've been looking at the issues that turn up commonly when people start using TypeScript. This is based on the lessons from Stack Overflow / DefinitelyTyped and general engagement with the TypeScript community. You can follow for updates and don't forget to ★ on GitHub 🌹

## Reviews

• Thanks for the wonderful book. Learned a lot from it. (link)
• Its probably the Best TypeScript book out there. Good Job (link)
• Love how precise and clear the examples and explanations are! (link)
• For the low, low price of free, you get pages of pure awesomeness. Chock full of source code examples and clear, concise explanations, TypeScript Deep Dive will help you learn TypeScript development. (link)
• Just a big thank you! Best TypeScript 2 detailed explanation! (link)
• This gitbook got my project going pronto. Fluent easy read 5 stars. (link)
• I recommend the online #typescript book by @basarat you'll love it.(link)
• We must highlight TypeScript Deep Dive, an open source book.(link)
• Great online resource for learning. (link)
• Thank you for putting this book together, and for all your hard work within the TypeScript community. (link)
• TypeScript Deep Dive is one of the best technical texts I've read in a while. (link)
• Thanks @basarat for the TypeScript Deep Dive Book. Help me a lot with my first TypeScript project. (link)
• Thanks to @basarat for this great #typescript learning resource. (link)
• Guyz excellent book on Typescript(@typescriptlang) by @basarat (link)
• Leaning on the legendary @basarat's "TypeScript Deep Dive" book heavily at the moment (link)
• A book not only for typescript, a good one for deeper JavaScript knowledge as well. link
• In my new job, we're using @typescriptlang, which I am new to. This is insanely helpful huge thanks, @basarat! link
• Thank you for writing TypeScript Deep Dive. I have learned so much. link
• Loving @basarat's @typescriptlang online book basarat.gitbooks.io/typescript/# loaded with great recipes! link
• Microsoft doc is great already, but if want to "dig deeper" into TypeScript I find this book of great value link
• Thanks, this is a great book 🤓🤓 link
• Deep dive to typescript is awesome in so many levels. i find it very insightful. Thanks link
• @basarat's intro to @typescriptlang is still one of the best going (if not THE best) link
•
• This is sweet! So many #typescript goodies! link

## Get Started

If you are here to read the book online get started.

## Translations

Book is completely free so you can copy paste whatever you want without requiring permission. If you have a translation you want me to link here. Send a PR.

## Other Options

You can also download one of the Epub, Mobi, or PDF formats from the actions tab by clicking on the latest build run. You will find the files in the artifacts section.

## Special Thanks

All the amazing contributors 🌹

## Share

Share URL: https://basarat.gitbook.io/typescript/

Author: Basarat
Source Code: https://github.com/basarat/typescript-book/

1641276000

## Finance Quant Machine Learning

### Introduction

Tabular augmentation is a new experimental space that makes use of novel and traditional data generation and synthesisation techniques to improve model prediction success. It is in essence a process of modular feature engineering and observation engineering while emphasising the order of augmentation to achieve the best predicted outcome from a given information set. DeltaPy was created with finance applications in mind, but it can be broadly applied to any data-rich environment.

To take full advantage of tabular augmentation for time-series you would perform the techniques in the following order: (1) transforming, (2) interacting, (3) mapping, (4) extracting, and (5) synthesising. What follows is a practical example of how the above methodology can be used. The purpose here is to establish a framework for table augmentation and to point and guide the user to existing packages.

For most the Colab Notebook format might be preferred. I have enabled comments if you want to ask question or address any issues you uncover. For anything pressing use the issues tab. Also have a look at the SSRN report for a more succinct insights.

Data augmentation can be defined as any method that could increase the size or improve the quality of a dataset by generating new features or instances without the collection of additional data-points. Data augmentation is of particular importance in image classification tasks where additional data can be created by cropping, padding, or flipping existing images.

Tabular cross-sectional and time-series prediction tasks can also benefit from augmentation. Here we divide tabular augmentation into columnular and row-wise methods. Row-wise methods are further divided into extraction and data synthesisation techniques, whereas columnular methods are divided into transformation, interaction, and mapping methods.

See the Skeleton Example, for a combination of multiple methods that lead to a halfing of the mean squared error.

#### Installation & Citation

pip install deltapy

@software{deltapy,
title = {{DeltaPy}: Tabular Data Augmentation},
author = {Snow, Derek},
url = {https://github.com/firmai/deltapy/},
version = {0.1.0},
date = {2020-04-11},
}

 Snow, Derek, DeltaPy: A Framework for Tabular Data Augmentation in Python (April 22, 2020). Available at SSRN: https://ssrn.com/abstract=3582219


### Function Glossary

Transformation

df_out = transform.robust_scaler(df.copy(), drop=["Close_1"]); df_out.head()
df_out = transform.triple_exponential_smoothing(df.copy(),["Close"], 12, .2,.2,.2,0);
df_out = transform.multiple_lags(df, start=1, end=3, columns=["Close"]); df_out.head()


Interaction

df_out = interact.lowess(df.copy(), ["Open","Volume"], df["Close"], f=0.25, iter=3); df_out.head()


Mapping

df_out = mapper.pca_feature(df.copy(),variance_or_components=0.80,drop_cols=["Close_1"]); df_out.head()
df_out = mapper.encoder_dataset(df.copy(), ["Close_1"], 15); df_out.head()


Extraction

extract.abs_energy(df["Close"])
extract.cid_ce(df["Close"], True)
extract.mean_abs_change(df["Close"])
extract.mean_second_derivative_central(df["Close"])
extract.variance_larger_than_standard_deviation(df["Close"])
extract.var_index(df["Close"].values,var_index_param)
extract.symmetry_looking(df["Close"])
extract.has_duplicate_max(df["Close"])
extract.partial_autocorrelation(df["Close"])
extract.augmented_dickey_fuller(df["Close"])
extract.gskew(df["Close"])
extract.stetson_mean(df["Close"])
extract.length(df["Close"])
extract.count_above_mean(df["Close"])
extract.longest_strike_below_mean(df["Close"])
extract.wozniak(df["Close"])
extract.last_location_of_maximum(df["Close"])
extract.fft_coefficient(df["Close"])
extract.ar_coefficient(df["Close"])
extract.index_mass_quantile(df["Close"])
extract.number_cwt_peaks(df["Close"])
extract.spkt_welch_density(df["Close"])
extract.linear_trend_timewise(df["Close"])
extract.c3(df["Close"])
extract.binned_entropy(df["Close"])
extract.svd_entropy(df["Close"].values)
extract.hjorth_complexity(df["Close"])
extract.max_langevin_fixed_point(df["Close"])
extract.percent_amplitude(df["Close"])
extract.zero_crossing_derivative(df["Close"])
extract.detrended_fluctuation_analysis(df["Close"])
extract.fisher_information(df["Close"])
extract.higuchi_fractal_dimension(df["Close"])
extract.petrosian_fractal_dimension(df["Close"])
extract.hurst_exponent(df["Close"])
extract.largest_lyauponov_exponent(df["Close"])
extract.whelch_method(df["Close"])
extract.find_freq(df["Close"])
extract.flux_perc(df["Close"])
extract.range_cum_s(df["Close"])
extract.structure_func(df["Close"])
extract.kurtosis(df["Close"])
extract.stetson_k(df["Close"])


Test sets should ideally not be preprocessed with the training data, as in such a way one could be peaking ahead in the training data. The preprocessing parameters should be identified on the test set and then applied on the test set, i.e., the test set should not have an impact on the transformation applied. As an example, you would learn the parameters of PCA decomposition on the training set and then apply the parameters to both the train and the test set.

The benefit of pipelines become clear when one wants to apply multiple augmentation methods. It makes it easy to learn the parameters and then apply them widely. For the most part, this notebook does not concern itself with 'peaking ahead' or pipelines, for some functions, one might have to restructure to code and make use of open source packages to create your preferred solution.

## Documentation by Example

Notebook Dependencies

pip install deltapy

pip install pykalman
pip install tsaug
pip install ta
pip install tsaug
pip install pandasvault
pip install gplearn
pip install ta
pip install seasonal
pip install pandasvault


import pandas as pd
import numpy as np
from deltapy import transform, interact, mapper, extract
import warnings
warnings.filterwarnings('ignore')

def data_copy():
df["Close_1"] = df["Close"].shift(-1)
df = df.dropna()
df["Date"] = pd.to_datetime(df["Date"])
df = df.set_index("Date")
return df


Some of these categories are fluid and some techniques could fit into multiple buckets. This is an attempt to find an exhaustive number of techniques, but not an exhaustive list of implementations of the techniques. For example, there are thousands of ways to smooth a time-series, but we have only includes 1-2 techniques of interest under each category.

### (1) Transformation:

1. Scaling/Normalisation
2. Standardisation
3. Differencing
4. Capping
5. Operations
6. Smoothing
7. Decomposing
8. Filtering
9. Spectral Analysis
10. Waveforms
11. Modifications
12. Rolling
13. Lagging
14. Forecast Model

### (2) Interaction:

1. Regressions
2. Operators
3. Discretising
4. Normalising
5. Distance
6. Speciality
7. Genetic

### (3) Mapping:

1. Eigen Decomposition
2. Cross Decomposition
3. Kernel Approximation
4. Autoencoder
5. Manifold Learning
6. Clustering
7. Neighbouring

### (4) Extraction:

1. Energy
2. Distance
3. Differencing
4. Derivative
5. Volatility
6. Shape
7. Occurrence
8. Autocorrelation
9. Stochasticity
10. Averages
11. Size
12. Count
13. Streaks
14. Location
15. Model Coefficients
16. Quantile
17. Peaks
18. Density
19. Linearity
20. Non-linearity
21. Entropy
22. Fixed Points
23. Amplitude
24. Probability
25. Crossings
26. Fluctuation
27. Information
28. Fractals
29. Exponent
30. Spectral Analysis
31. Percentile
32. Range
33. Structural
34. Distribution

## (1) Transformation

Here transformation is any method that includes only one feature as an input to produce a new feature/s. Transformations can be applied to cross-section and time-series data. Some transformations are exclusive to time-series data (smoothing, filtering), but a handful of functions apply to both.

Where the time series methods has a centred mean, or are forward-looking, there is a need to recalculate the outputed time series on a running basis to ensure that information of the future does not leak into the model. The last value of this recalculated series or an extracted feature from this series can then be used as a running value that is only backward looking, satisfying the no 'peaking' ahead rule.

There are some packaged in Python that dynamically create time series and extracts their features, but none that incoropates the dynamic creation of a time series in combination with a wide application of prespecified list of extractions. Because this technique is expensive, we have a preference for models that only take historical data into account.

In this section we will include a list of all types of transformations, those that only use present information (operations), those that incorporate all values (interpolation methods), those that only include past values (smoothing functions), and those that incorporate a subset window of lagging and leading values (select filters). Only those that use historical values or are turned into prediction methods can be used out of the box. The entire time series can be used in the model development process for historical value methods, and only the forecasted values can be used for prediction models.

Curve fitting can involve either interpolation, where an exact fit to the data is required, or smoothing, in which a "smooth" function is constructed that approximately fits the data. When using an interpolation method, you are taking future information into account e.g, cubic spline. You can use interpolation methods to forecast into the future (extrapolation), and then use those forecasts in a training set. Or you could recalculate the interpolation for each time step and then extract features out of that series (extraction method). Interpolation and other forward-looking methods can be used if they are turned into prediction problems, then the forecasted values can be trained and tested on, and the fitted data can be diregarded. In the list presented below the first five methods can be used for cross-section and time series data, after that the time-series only methods follow.

#### (1) Scaling/Normalisation

There are a multitude of scaling methods available. Scaling generally gets applied to the entire dataset and is especially necessary for certain algorithms. K-means make use of euclidean distance hence the need for scaling. For PCA because we are trying to identify the feature with maximus variance we also need scaling. Similarly, we need scaled features for gradient descent. Any algorithm that is not based on a distance measure is not affected by feature scaling. Some of the methods include range scalers like minimum-maximum scaler, maximum absolute scaler or even standardisation methods like the standard scaler can be used for scaling. The example used here is robust scaler. Normalisation is a good technique when you don't know the distribution of the data. Scaling looks into the future, so parameters have to be training on a training set and applied to a test set.

(i) Robust Scaler

Scaling according to the interquartile range, making it robust to outliers.

def robust_scaler(df, drop=None,quantile_range=(25, 75) ):
if drop:
keep = df[drop]
df = df.drop(drop, axis=1)
center = np.median(df, axis=0)
quantiles = np.percentile(df, quantile_range, axis=0)
scale = quantiles[1] - quantiles[0]
df = (df - center) / scale
if drop:
df = pd.concat((keep,df),axis=1)
return df



#### (2) Standardisation

When using a standardisation method, it is often more effective when the attribute itself if Gaussian. It is also useful to apply the technique when the model you want to use makes assumptions of Gaussian distributions like linear regression, logistic regression, and linear discriminant analysis. For most applications, standardisation is recommended.

(i) Standard Scaler

Standardize features by removing the mean and scaling to unit variance

def standard_scaler(df,drop ):
if drop:
keep = df[drop]
df = df.drop(drop, axis=1)
mean = np.mean(df, axis=0)
scale = np.std(df, axis=0)
df = (df - mean) / scale
if drop:
df = pd.concat((keep,df),axis=1)
return df



#### (3) Differencing

Computing the differences between consecutive observation, normally used to obtain a stationary time series.

(i) Fractional Differencing

Fractional differencing, allows us to achieve stationarity while maintaining the maximum amount of memory compared to integer differencing.

import pylab as pl

def fast_fracdiff(x, cols, d):
for col in cols:
T = len(x[col])
np2 = int(2 ** np.ceil(np.log2(2 * T - 1)))
k = np.arange(1, T)
b = (1,) + tuple(np.cumprod((k - d - 1) / k))
z = (0,) * (np2 - T)
z1 = b + z
z2 = tuple(x[col]) + z
dx = pl.ifft(pl.fft(z1) * pl.fft(z2))
x[col+"_frac"] = np.real(dx[0:T])
return x



#### (4) Capping

Any method that provides sets a floor and a cap to a feature's value. Capping can affect the distribution of data, so it should not be exagerated. One can cap values by using the average, by using the max and min values, or by an arbitrary extreme value.

(i) Winzorisation

The transformation of features by limiting extreme values in the statistical data to reduce the effect of possibly spurious outliers by replacing it with a certain percentile value.

def outlier_detect(data,col,threshold=1,method="IQR"):

if method == "IQR":
IQR = data[col].quantile(0.75) - data[col].quantile(0.25)
Lower_fence = data[col].quantile(0.25) - (IQR * threshold)
Upper_fence = data[col].quantile(0.75) + (IQR * threshold)
if method == "STD":
Upper_fence = data[col].mean() + threshold * data[col].std()
Lower_fence = data[col].mean() - threshold * data[col].std()
if method == "OWN":
Upper_fence = data[col].mean() + threshold * data[col].std()
Lower_fence = data[col].mean() - threshold * data[col].std()
median = data[col].median()
median_absolute_deviation = np.median([np.abs(y - median) for y in data[col]])
modified_z_scores = pd.Series([0.6745 * (y - median) / median_absolute_deviation for y in data[col]])
outlier_index = np.abs(modified_z_scores) > threshold
print('Num of outlier detected:',outlier_index.value_counts()[1])
print('Proportion of outlier detected',outlier_index.value_counts()[1]/len(outlier_index))
return outlier_index, (median_absolute_deviation, median_absolute_deviation)

para = (Upper_fence, Lower_fence)
tmp = pd.concat([data[col]>Upper_fence,data[col]<Lower_fence],axis=1)
outlier_index = tmp.any(axis=1)
print('Num of outlier detected:',outlier_index.value_counts()[1])
print('Proportion of outlier detected',outlier_index.value_counts()[1]/len(outlier_index))

return outlier_index, para

def windsorization(data,col,para,strategy='both'):
"""
top-coding & bottom coding (capping the maximum of a distribution at an arbitrarily set value,vice versa)
"""

data_copy = data.copy(deep=True)
if strategy == 'both':
data_copy.loc[data_copy[col]>para[0],col] = para[0]
data_copy.loc[data_copy[col]<para[1],col] = para[1]
elif strategy == 'top':
data_copy.loc[data_copy[col]>para[0],col] = para[0]
elif strategy == 'bottom':
data_copy.loc[data_copy[col]<para[1],col] = para[1]
return data_copy

_, para = transform.outlier_detect(df, "Close")


#### (5) Operations

Operations here are treated like traditional transformations. It is the replacement of a variable by a function of that variable. In a stronger sense, a transformation is a replacement that changes the shape of a distribution or relationship.

(i) Power, Log, Recipricol, Square Root

def operations(df,features):
df_new = df[features]
df_new = df_new - df_new.min()

sqr_name = [str(fa)+"_POWER_2" for fa in df_new.columns]
log_p_name = [str(fa)+"_LOG_p_one_abs" for fa in df_new.columns]
rec_p_name = [str(fa)+"_RECIP_p_one" for fa in df_new.columns]
sqrt_name = [str(fa)+"_SQRT_p_one" for fa in df_new.columns]

df_sqr = pd.DataFrame(np.power(df_new.values, 2),columns=sqr_name, index=df.index)

dfs = [df, df_sqr, df_log, df_rec, df_sqrt]

df=  pd.concat(dfs, axis=1)

return df



#### (6) Smoothing

Here we maintain that any method that has a component of historical averaging is a smoothing method such as a simple moving average and single, double and tripple exponential smoothing methods. These forms of non-causal filters are also popular in signal processing and are called filters, where exponential smoothing is called an IIR filter and a moving average a FIR filter with equal weighting factors.

(i) Tripple Exponential Smoothing (Holt-Winters Exponential Smoothing)

The Holt-Winters seasonal method comprises the forecast equation and three smoothing equations — one for the level $ℓt$, one for the trend &bt&, and one for the seasonal component $st$. This particular version is performed by looking at the last 12 periods. For that reason, the first 12 records should be disregarded because they can't make use of the required window size for a fair calculation. The calculation is such that values are still provided for those periods based on whatever data might be available.

def initial_trend(series, slen):
sum = 0.0
for i in range(slen):
sum += float(series[i+slen] - series[i]) / slen
return sum / slen

def initial_seasonal_components(series, slen):
seasonals = {}
season_averages = []
n_seasons = int(len(series)/slen)
# compute season averages
for j in range(n_seasons):
season_averages.append(sum(series[slen*j:slen*j+slen])/float(slen))
# compute initial values
for i in range(slen):
sum_of_vals_over_avg = 0.0
for j in range(n_seasons):
sum_of_vals_over_avg += series[slen*j+i]-season_averages[j]
seasonals[i] = sum_of_vals_over_avg/n_seasons
return seasonals

def triple_exponential_smoothing(df,cols, slen, alpha, beta, gamma, n_preds):
for col in cols:
result = []
seasonals = initial_seasonal_components(df[col], slen)
for i in range(len(df[col])+n_preds):
if i == 0: # initial values
smooth = df[col][0]
trend = initial_trend(df[col], slen)
result.append(df[col][0])
continue
if i >= len(df[col]): # we are forecasting
m = i - len(df[col]) + 1
result.append((smooth + m*trend) + seasonals[i%slen])
else:
val = df[col][i]
last_smooth, smooth = smooth, alpha*(val-seasonals[i%slen]) + (1-alpha)*(smooth+trend)
trend = beta * (smooth-last_smooth) + (1-beta)*trend
seasonals[i%slen] = gamma*(val-smooth) + (1-gamma)*seasonals[i%slen]
result.append(smooth+trend+seasonals[i%slen])
df[col+"_TES"] = result
#print(seasonals)
return df



#### (7) Decomposing

Decomposition procedures are used in time series to describe the trend and seasonal factors in a time series. More extensive decompositions might also include long-run cycles, holiday effects, day of week effects and so on. Here, we’ll only consider trend and seasonal decompositions. A naive decomposition makes use of moving averages, other decomposition methods are available that make use of LOESS.

(i) Naive Decomposition

The base trend takes historical information into account and established moving averages; it does not have to be linear. To estimate the seasonal component for each season, simply average the detrended values for that season. If the seasonal variation looks constant, we should use the additive model. If the magnitude is increasing as a function of time, we will use multiplicative. Here because it is predictive in nature we are using a one sided moving average, as opposed to a two-sided centred average.

import statsmodels.api as sm

def naive_dec(df, columns, freq=2):
for col in columns:
decomposition = sm.tsa.seasonal_decompose(df[col], model='additive', freq = freq, two_sided=False)
df[col+"_NDDT" ] = decomposition.trend
df[col+"_NDDT"] = decomposition.seasonal
df[col+"_NDDT"] = decomposition.resid
return df



#### (8) Filtering

It is often useful to either low-pass filter (smooth) time series in order to reveal low-frequency features and trends, or to high-pass filter (detrend) time series in order to isolate high frequency transients (e.g. storms). Low pass filters use historical values, high-pass filters detrends with low-pass filters, so also indirectly uses historical values.

There are a few filters available, closely associated with decompositions and smoothing functions. The Hodrick-Prescott filter separates a time-series $yt$ into a trend $τt$ and a cyclical component $ζt$. The Christiano-Fitzgerald filter is a generalization of Baxter-King filter and can be seen as weighted moving average.

(i) Baxter-King Bandpass

The Baxter-King filter is intended to explicitly deal with the periodicity of the business cycle. By applying their band-pass filter to a series, they produce a new series that does not contain fluctuations at higher or lower than those of the business cycle. The parameters are arbitrarily chosen. This method uses a centred moving average that has to be changed to a lagged moving average before it can be used as an input feature. The maximum period of oscillation should be used as the point to truncate the dataset, as that part of the time series does not incorporate all the required datapoints.

import statsmodels.api as sm

def bkb(df, cols):
for col in cols:
df[col+"_BPF"] = sm.tsa.filters.bkfilter(df[[col]].values, 2, 10, len(df)-1)
return df



(ii) Butter Lowpass (IIR Filter Design)

The Butterworth filter is a type of signal processing filter designed to have a frequency response as flat as possible in the passban. Like other filtersm the first few values have to be disregarded for accurate downstream prediction. Instead of disregarding these values on a per case basis, they can be diregarded in one chunk once the database of transformed features have been developed.

from scipy import signal, integrate
def butter_lowpass(cutoff, fs=20, order=5):
nyq = 0.5 * fs
normal_cutoff = cutoff / nyq
b, a = signal.butter(order, normal_cutoff, btype='low', analog=False)
return b, a

def butter_lowpass_filter(df,cols, cutoff, fs=20, order=5):
b, a = butter_lowpass(cutoff, fs, order=order)
for col in cols:
df[col+"_BUTTER"] = signal.lfilter(b, a, df[col])
return df



(iii) Hilbert Transform Angle

The Hilbert transform is a time-domain to time-domain transformation which shifts the phase of a signal by 90 degrees. It is also a centred measure and would be difficult to use in a time series prediction setting, unless it is recalculated on a per step basis or transformed to be based on historical values only.

from scipy import signal
import numpy as np

def instantaneous_phases(df,cols):
for col in cols:
df[col+"_HILLB"] = np.unwrap(np.angle(signal.hilbert(df[col], axis=0)), axis=0)
return df



(iiiv) Unscented Kalman Filter

The Kalman filter is better suited for estimating things that change over time. The most tangible example is tracking moving objects. A Kalman filter will be very close to the actual trajectory because it says the most recent measurement is more important than the older ones. The Unscented Kalman Filter (UKF) is a model based-techniques that recursively estimates the states (and with some modifications also parameters) of a nonlinear, dynamic, discrete-time system. The UKF is based on the typical prediction-correction style methods. The Kalman Smoother incorporates future values, the Filter doesn't and can be used for online prediction. The normal Kalman filter is a forward filter in the sense that it makes forecast of the current state using only current and past observations, whereas the smoother is based on computing a suitable linear combination of two filters, which are ran in forward and backward directions.

from pykalman import UnscentedKalmanFilter

def kalman_feat(df, cols):
for col in cols:
ukf = UnscentedKalmanFilter(lambda x, w: x + np.sin(w), lambda x, v: x + v, observation_covariance=0.1)
(filtered_state_means, filtered_state_covariances) = ukf.filter(df[col])
(smoothed_state_means, smoothed_state_covariances) = ukf.smooth(df[col])
df[col+"_UKFSMOOTH"] = smoothed_state_means.flatten()
df[col+"_UKFFILTER"] = filtered_state_means.flatten()
return df



#### (9) Spectral Analysis

There are a range of functions for spectral analysis. You can use periodograms and the welch method to estimate the power spectral density. You can also use the welch method to estimate the cross power spectral density. Other techniques include spectograms, Lomb-Scargle periodograms and, short time fourier transform.

(i) Periodogram

This returns an array of sample frequencies and the power spectrum of x, or the power spectral density of x.

from scipy import signal
def perd_feat(df, cols):
for col in cols:
sig = signal.periodogram(df[col],fs=1, return_onesided=False)
df[col+"_FREQ"] = sig[0]
df[col+"_POWER"] = sig[1]
return df



(ii) Fast Fourier Transform

The FFT, or fast fourier transform is an algorithm that essentially uses convolution techniques to efficiently find the magnitude and location of the tones that make up the signal of interest. We can often play with the FFT spectrum, by adding and removing successive tones (which is akin to selectively filtering particular tones that make up the signal), in order to obtain a smoothed version of the underlying signal. This takes the entire signal into account, and as a result has to be recalculated on a running basis to avoid peaking into the future.

def fft_feat(df, cols):
for col in cols:
fft_df = np.fft.fft(np.asarray(df[col].tolist()))
fft_df = pd.DataFrame({'fft':fft_df})
df[col+'_FFTABS'] = fft_df['fft'].apply(lambda x: np.abs(x)).values
df[col+'_FFTANGLE'] = fft_df['fft'].apply(lambda x: np.angle(x)).values
return df



#### (10) Waveforms

The waveform of a signal is the shape of its graph as a function of time.

from scipy import signal
for col in cols:
ttxt = f'CW: {fc} Hz'
#%% input
t = df[col]
tx = np.sin(2*np.pi*fc*t)
_,Pxx = signal.welch(tx,fs)
#%% diode
d = (signal.square(2*np.pi*fc*t))
d[d<0] = 0.
#%% output of diode
rx = tx * d
return df



(ii) Saw Tooth

Return a periodic sawtooth or triangle waveform.

def saw(df, cols):
for col in cols:
df[col+" SAW"] = signal.sawtooth(df[col])
return df



(9) Modifications

A range of modification usually applied ot images, these values would have to be recalculate for each time-series.

(i) Various Techniques

from tsaug import *
def modify(df, cols):
for col in cols:
series = df[col].values
df[col+"_magnify"], _ = magnify(series, series)
df[col+"_affine"], _ = affine(series, series)
df[col+"_crop"], _ = crop(series, series)
df[col+"_cross_sum"], _ = cross_sum(series, series)
df[col+"_resample"], _ = resample(series, series)
df[col+"_trend"], _ = trend(series, series)

df[col+"_random_affine"], _ = random_time_warp(series, series)
df[col+"_random_crop"], _ = random_crop(series, series)
df[col+"_random_cross_sum"], _ = random_cross_sum(series, series)
df[col+"_random_sidetrack"], _ = random_sidetrack(series, series)
df[col+"_random_time_warp"], _ = random_time_warp(series, series)
df[col+"_random_magnify"], _ = random_magnify(series, series)
df[col+"_random_jitter"], _ = random_jitter(series, series)
df[col+"_random_trend"], _ = random_trend(series, series)
return df



#### (11) Rolling

Features that are calculated on a rolling basis over fixed window size.

(i) Mean, Standard Deviation

def multiple_rolling(df, windows = [1,2], functions=["mean","std"], columns=None):
windows = [1+a for a in windows]
if not columns:
columns = df.columns.to_list()
rolling_dfs = (df[columns].rolling(i)                                    # 1. Create window
.agg(functions)                                # 1. Aggregate
.rename({col: '{0}_{1:d}'.format(col, i)
for col in columns}, axis=1)  # 2. Rename columns
for i in windows)                                # For each window
df_out = pd.concat((df, *rolling_dfs), axis=1)
da = df_out.iloc[:,len(df.columns):]
da = [col[0] + "_" + col[1] for col in  da.columns.to_list()]
df_out.columns = df.columns.to_list() + da

return  df_out                      # 3. Concatenate dataframes



#### (12) Lagging

Lagged values from existing features.

(i) Single Steps

def multiple_lags(df, start=1, end=3,columns=None):
if not columns:
columns = df.columns.to_list()
lags = range(start, end+1)  # Just two lags for demonstration.

df = df.assign(**{
'{}_t_{}'.format(col, t): df[col].shift(t)
for t in lags
for col in columns
})
return df

df_out = transform.multiple_lags(df, start=1, end=3, columns=["Close"]); df_out.head()


#### (13) Forecast Model

There are a range of time series model that can be implemented like AR, MA, ARMA, ARIMA, SARIMA, SARIMAX, VAR, VARMA, VARMAX, SES, and HWES. The models can be divided into autoregressive models and smoothing models. In an autoregression model, we forecast the variable of interest using a linear combination of past values of the variable. Each method might requre specific tuning and parameters to suit your prediction task. You need to drop a certain amount of historical data that you use during the fitting stage. Models that take seasonality into account need more training data.

(i) Prophet

Prophet is a procedure for forecasting time series data based on an additive model where non-linear trends are fit with yearly, weekly, and daily seasonality. You can apply additive models to your training data but also interactive models like deep learning models. The problem is that because these models have learned from future observations, there would this be a need to recalculate the time series on a running basis, or to only include the predicted as opposed to fitted values in future training and test sets. In this example, I train on 150 data points to illustrate how the remaining or so 100 datapoints can be used in a new prediction problem. You can plot with df["PROPHET"].plot() to see the effect.

You can apply additive models to your training data but also interactive models like deep learning models. The problem is that these models have learned from future observations, there would this be a need to recalculate the time series on a running basis, or to only include the predicted as opposed to fitted values in future training and test sets.

from fbprophet import Prophet

def prophet_feat(df, cols,date, freq,train_size=150):
def prophet_dataframe(df):
df.columns = ['ds','y']
return df

def original_dataframe(df, freq, name):
prophet_pred = pd.DataFrame({"Date" : df['ds'], name : df["yhat"]})
prophet_pred = prophet_pred.set_index("Date")
#prophet_pred.index.freq = pd.tseries.frequencies.to_offset(freq)
return prophet_pred[name].values

for col in cols:
model = Prophet(daily_seasonality=True)
forecast_len = len(df) - train_size
future = model.make_future_dataframe(periods=forecast_len,freq=freq)
future_pred = model.predict(future)
df[col+"_PROPHET"] = list(original_dataframe(future_pred,freq,col))
return df



## (2) Interaction

Interactions are defined as methods that require more than one feature to create an additional feature. Here we include normalising and discretising techniques that are non-feature specific. Almost all of these method can be applied to cross-section method. The only methods that are time specific is the technical features in the speciality section and the autoregression model.

#### (1) Regression

Regression analysis is a set of statistical processes for estimating the relationships between a dependent variable (often called the 'outcome variable') and one or more independent variables.

(i) Lowess Smoother

The lowess smoother is a robust locally weighted regression. The function fits a nonparametric regression curve to a scatterplot.

from math import ceil
import numpy as np
from scipy import linalg
import math

def lowess(df, cols, y, f=2. / 3., iter=3):
for col in cols:
n = len(df[col])
r = int(ceil(f * n))
h = [np.sort(np.abs(df[col] - df[col][i]))[r] for i in range(n)]
w = np.clip(np.abs((df[col][:, None] - df[col][None, :]) / h), 0.0, 1.0)
w = (1 - w ** 3) ** 3
yest = np.zeros(n)
delta = np.ones(n)
for iteration in range(iter):
for i in range(n):
weights = delta * w[:, i]
b = np.array([np.sum(weights * y), np.sum(weights * y * df[col])])
A = np.array([[np.sum(weights), np.sum(weights * df[col])],
[np.sum(weights * df[col]), np.sum(weights * df[col] * df[col])]])
beta = linalg.solve(A, b)
yest[i] = beta[0] + beta[1] * df[col][i]

residuals = y - yest
s = np.median(np.abs(residuals))
delta = np.clip(residuals / (6.0 * s), -1, 1)
delta = (1 - delta ** 2) ** 2
df[col+"_LOWESS"] = yest

return df

df_out = interact.lowess(df.copy(), ["Open","Volume"], df["Close"], f=0.25, iter=3); df_out.head()


Autoregression

Autoregression is a time series model that uses observations from previous time steps as input to a regression equation to predict the value at the next time step

from statsmodels.tsa.ar_model import AR
from timeit import default_timer as timer
def autoregression(df, drop=None, settings={"autoreg_lag":4}):

autoreg_lag = settings["autoreg_lag"]
if drop:
keep = df[drop]
df = df.drop([drop],axis=1).values

n_channels = df.shape[0]
t = timer()
channels_regg = np.zeros((n_channels, autoreg_lag + 1))
for i in range(0, n_channels):
fitted_model = AR(df.values[i, :]).fit(autoreg_lag)
# TODO: This is not the same as Matlab's for some reasons!
# kk = ARMAResults(fitted_model)
# autore_vals, dummy1, dummy2 = arburg(x[i, :], autoreg_lag) # This looks like Matlab's but slow
channels_regg[i, 0: len(fitted_model.params)] = np.real(fitted_model.params)

for i in range(channels_regg.shape[1]):
df["LAG_"+str(i+1)] = channels_regg[:,i]

if drop:
df = pd.concat((keep,df),axis=1)

t = timer() - t
return df



#### (2) Operator

Looking at interaction between different features. Here the methods employed are multiplication and division.

(i) Multiplication and Division

def muldiv(df, feature_list):
for feat in feature_list:
for feat_two in feature_list:
if feat==feat_two:
continue
else:
df[feat+"/"+feat_two] = df[feat]/(df[feat_two]-df[feat_two].min()) #zero division guard
df[feat+"_X_"+feat_two] = df[feat]*(df[feat_two])

return df



#### (3) Discretising

In statistics and machine learning, discretization refers to the process of converting or partitioning continuous attributes, features or variables to discretized or nominal attributes

(i) Decision Tree Discretiser

The first method that will be applies here is a supersived discretiser. Discretisation with Decision Trees consists of using a decision tree to identify the optimal splitting points that would determine the bins or contiguous intervals.

from sklearn.tree import DecisionTreeRegressor

def decision_tree_disc(df, cols, depth=4 ):
for col in cols:
df[col +"_m1"] = df[col].shift(1)
df = df.iloc[1:,:]
tree_model = DecisionTreeRegressor(max_depth=depth,random_state=0)
tree_model.fit(df[col +"_m1"].to_frame(), df[col])
df[col+"_Disc"] = tree_model.predict(df[col +"_m1"].to_frame())
return df



#### (4) Normalising

Normalising normally pertains to the scaling of data. There are many method available, interacting normalising methods makes use of all the feature's attributes to do the scaling.

(i) Quantile Normalisation

In statistics, quantile normalization is a technique for making two distributions identical in statistical properties.

import numpy as np
import pandas as pd

def quantile_normalize(df, drop):

if drop:
keep = df[drop]
df = df.drop(drop,axis=1)

#compute rank
dic = {}
for col in df:
dic.update({col : sorted(df[col])})
sorted_df = pd.DataFrame(dic)
rank = sorted_df.mean(axis = 1).tolist()
#sort
for col in df:
t = np.searchsorted(np.sort(df[col]), df[col])
df[col] = [rank[i] for i in t]

if drop:
df = pd.concat((keep,df),axis=1)
return df



#### (5) Distance

There are multiple types of distance functions like Euclidean, Mahalanobis, and Minkowski distance. Here we are using a contrived example in a location based haversine distance.

(i) Haversine Distance

The Haversine (or great circle) distance is the angular distance between two points on the surface of a sphere.

from math import sin, cos, sqrt, atan2, radians
def haversine_distance(row, lon="Open", lat="Close"):
R = 6373.0

dlon = long - c_long
dlat = lat - c_lat
a = sin(dlat / 2)**2 + cos(lat) * cos(c_lat) * sin(dlon / 2)**2
c = 2 * atan2(sqrt(a), sqrt(1 - a))

return R * c



#### (6) Speciality

(i) Technical Features

Technical indicators are heuristic or mathematical calculations based on the price, volume, or open interest of a security or contract used by traders who follow technical analysis. By analyzing historical data, technical analysts use indicators to predict future price movements.

import ta

def tech(df):
return ta.add_all_ta_features(df, open="Open", high="High", low="Low", close="Close", volume="Volume")



#### (7) Genetic

Genetic programming has shown promise in constructing feature by osing original features to form high-level ones that can help algorithms achieve better performance.

(i) Symbolic Transformer

A symbolic transformer is a supervised transformer that begins by building a population of naive random formulas to represent a relationship.

df.head()

from gplearn.genetic import SymbolicTransformer

def genetic_feat(df, num_gen=20, num_comp=10):
function_set = ['add', 'sub', 'mul', 'div',
'sqrt', 'log', 'abs', 'neg', 'inv','tan']

gp = SymbolicTransformer(generations=num_gen, population_size=200,
hall_of_fame=100, n_components=num_comp,
function_set=function_set,
parsimony_coefficient=0.0005,
max_samples=0.9, verbose=1,
random_state=0, n_jobs=6)

gen_feats = gp.fit_transform(df.drop("Close_1", axis=1), df["Close_1"]); df.iloc[:,:8]
gen_feats = pd.DataFrame(gen_feats, columns=["gen_"+str(a) for a in range(gen_feats.shape[1])])
gen_feats.index = df.index
return pd.concat((df,gen_feats),axis=1)



## (3) Mapping

Methods that help with the summarisation of features by remapping them to achieve some aim like the maximisation of variability or class separability. These methods tend to be unsupervised, but can also take an supervised form.

#### (1) Eigen Decomposition

Eigendecomposition or sometimes spectral decomposition is the factorization of a matrix into a canonical form, whereby the matrix is represented in terms of its eigenvalues and eigenvectors. Some examples are LDA and PCA.

(i) Principal Component Analysis

Principal component analysis (PCA) is a statistical procedure that uses an orthogonal transformation to convert a set of observations of possibly correlated variables into a set of values of linearly uncorrelated variables called principal components.

def pca_feature(df, memory_issues=False,mem_iss_component=False,variance_or_components=0.80,n_components=5 ,drop_cols=None, non_linear=True):

if non_linear:
pca = KernelPCA(n_components = n_components, kernel='rbf', fit_inverse_transform=True, random_state = 33, remove_zero_eig= True)
else:
if memory_issues:
if not mem_iss_component:
raise ValueError("If you have memory issues, you have to preselect mem_iss_component")
pca = IncrementalPCA(mem_iss_component)
else:
if variance_or_components>1:
pca = PCA(n_components=variance_or_components)
else: # automated selection based on variance
pca = PCA(n_components=variance_or_components,svd_solver="full")
if drop_cols:
X_pca = pca.fit_transform(df.drop(drop_cols,axis=1))
return pd.concat((df[drop_cols],pd.DataFrame(X_pca, columns=["PCA_"+str(i+1) for i in range(X_pca.shape[1])],index=df.index)),axis=1)

else:
X_pca = pca.fit_transform(df)
return pd.DataFrame(X_pca, columns=["PCA_"+str(i+1) for i in range(X_pca.shape[1])],index=df.index)

return df

df_out = mapper.pca_feature(df.copy(), variance_or_components=0.9, n_components=8,non_linear=False)


#### (2) Cross Decomposition

These families of algorithms are useful to find linear relations between two multivariate datasets.

(1) Canonical Correlation Analysis

Canonical-correlation analysis (CCA) is a way of inferring information from cross-covariance matrices.

from sklearn.cross_decomposition import CCA

def cross_lag(df, drop=None, lags=1, components=4 ):

if drop:
keep = df[drop]
df = df.drop([drop],axis=1)

df_2 = df.shift(lags)
df = df.iloc[lags:,:]
df_2 = df_2.dropna().reset_index(drop=True)

cca = CCA(n_components=components)
cca.fit(df_2, df)

X_c, df_2 = cca.transform(df_2, df)
df_2 = pd.DataFrame(df_2, index=df.index)

if drop:
df = pd.concat([keep,df,df_2],axis=1)
else:
df = pd.concat([df,df_2],axis=1)
return df



#### (3) Kernel Approximation

Functions that approximate the feature mappings that correspond to certain kernels, as they are used for example in support vector machines.

Computes the additive chi-squared kernel between observations in X and Y The chi-squared kernel is computed between each pair of rows in X and Y. X and Y have to be non-negative.

from sklearn.kernel_approximation import AdditiveChi2Sampler

def a_chi(df, drop=None, lags=1, sample_steps=2 ):

if drop:
keep = df[drop]
df = df.drop([drop],axis=1)

df_2 = df.shift(lags)
df = df.iloc[lags:,:]
df_2 = df_2.dropna().reset_index(drop=True)

df_2 = chi2sampler.fit_transform(df_2, df["Close"])

df_2 = pd.DataFrame(df_2, index=df.index)

if drop:
df = pd.concat([keep,df,df_2],axis=1)
else:
df = pd.concat([df,df_2],axis=1)
return df



#### (4) Autoencoder

An autoencoder is a type of artificial neural network used to learn efficient data codings in an unsupervised manner. The aim of an autoencoder is to learn a representation (encoding) for a set of data, typically for dimensionality reduction, by training the network to ignore noise.

(i) Feed Forward

The simplest form of an autoencoder is a feedforward, non-recurrent neural network similar to single layer perceptrons that participate in multilayer perceptrons

from sklearn.preprocessing import minmax_scale
import tensorflow as tf
import numpy as np

def encoder_dataset(df, drop=None, dimesions=20):

if drop:
train_scaled = minmax_scale(df.drop(drop,axis=1).values, axis = 0)
else:
train_scaled = minmax_scale(df.values, axis = 0)

# define the number of encoding dimensions
encoding_dim = dimesions
# define the number of features
ncol = train_scaled.shape[1]
input_dim = tf.keras.Input(shape = (ncol, ))

# Encoder Layers
encoded1 = tf.keras.layers.Dense(3000, activation = 'relu')(input_dim)
encoded2 = tf.keras.layers.Dense(2750, activation = 'relu')(encoded1)
encoded3 = tf.keras.layers.Dense(2500, activation = 'relu')(encoded2)
encoded4 = tf.keras.layers.Dense(750, activation = 'relu')(encoded3)
encoded5 = tf.keras.layers.Dense(500, activation = 'relu')(encoded4)
encoded6 = tf.keras.layers.Dense(250, activation = 'relu')(encoded5)
encoded7 = tf.keras.layers.Dense(encoding_dim, activation = 'relu')(encoded6)

encoder = tf.keras.Model(inputs = input_dim, outputs = encoded7)
encoded_input = tf.keras.Input(shape = (encoding_dim, ))

encoded_train = pd.DataFrame(encoder.predict(train_scaled),index=df.index)
if drop:
encoded_train = pd.concat((df[drop],encoded_train),axis=1)

return encoded_train

df_out = mapper.encoder_dataset(df.copy(), ["Close_1"], 15); df_out.head()

df_out.head()


#### (5) Manifold Learning

Manifold Learning can be thought of as an attempt to generalize linear frameworks like PCA to be sensitive to non-linear structure in data.

(i) Local Linear Embedding

Locally Linear Embedding is a method of non-linear dimensionality reduction. It tries to reduce these n-Dimensions while trying to preserve the geometric features of the original non-linear feature structure.

from sklearn.manifold import LocallyLinearEmbedding

def lle_feat(df, drop=None, components=4):

if drop:
keep = df[drop]
df = df.drop(drop, axis=1)

embedding = LocallyLinearEmbedding(n_components=components)
em = embedding.fit_transform(df)
df = pd.DataFrame(em,index=df.index)
if drop:
df = pd.concat((keep,df),axis=1)
return df



#### (6) Clustering

Most clustering techniques start with a bottom up approach: each observation starts in its own cluster, and clusters are successively merged together with some measure. Although these clustering techniques are typically used for observations, it can also be used for feature dimensionality reduction; especially hierarchical clustering techniques.

(i) Feature Agglomeration

Feature agglomerative uses clustering to group together features that look very similar, thus decreasing the number of features.

import numpy as np
from sklearn import datasets, cluster

def feature_agg(df, drop=None, components=4):

if drop:
keep = df[drop]
df = df.drop(drop, axis=1)

components = min(df.shape[1]-1,components)
agglo = cluster.FeatureAgglomeration(n_clusters=components)
agglo.fit(df)
df = pd.DataFrame(agglo.transform(df),index=df.index)

if drop:
return pd.concat((keep,df),axis=1)
else:
return df



#### (7) Neigbouring

Neighbouring points can be calculated using distance metrics like Hamming, Manhattan, Minkowski distance. The principle behind nearest neighbor methods is to find a predefined number of training samples closest in distance to the new point, and predict the label from these.

(i) Nearest Neighbours

Unsupervised learner for implementing neighbor searches.

from sklearn.neighbors import NearestNeighbors

def neigh_feat(df, drop, neighbors=6):

if drop:
keep = df[drop]
df = df.drop(drop, axis=1)

components = min(df.shape[0]-1,neighbors)
neigh = NearestNeighbors(n_neighbors=neighbors)
neigh.fit(df)
neigh = neigh.kneighbors()[0]
df = pd.DataFrame(neigh, index=df.index)

if drop:
return pd.concat((keep,df),axis=1)
else:
return df

return df



## (4) Extraction

When working with extraction, you have decide the size of the time series history to take into account when calculating a collection of walk-forward feature values. To facilitate our extraction, we use an excellent package called TSfresh, and also some of their default features. For completeness, we also include 12 or so custom features to be added to the extraction pipeline.

The time series methods in the transformation section and the interaction section are similar to the methods we will uncover in the extraction section, however, for transformation and interaction methods the output is an entire new time series, whereas extraction methods takes as input multiple constructed time series and extracts a singular value from each time series to reconstruct an entirely new time series.

Some methods naturally fit better in one format over another, e.g., lags are too expensive for extraction; time series decomposition only has to be performed once, because it has a low level of 'leakage' so is better suited to transformation; and forecast methods attempt to predict multiple future training samples, so won't work with extraction that only delivers one value per time series. Furthermore all non time-series (cross-sectional) transformation and extraction techniques can not make use of extraction as it is solely a time-series method.

Lastly, when we want to double apply specific functions we can apply it as a transformation/interaction then all the extraction methods can be applied to this feature as well. For example, if we calculate a smoothing function (transformation) then all other extraction functions (median, entropy, linearity etc.) can now be applied to that smoothing function, including the application of the smoothing function itself, e.g., a double smooth, double lag, double filter etc. So separating these methods out give us great flexibility.

Decorator

def set_property(key, value):
"""
This method returns a decorator that sets the property key of the function to value
"""
def decorate_func(func):
setattr(func, key, value)
if func.__doc__ and key == "fctype":
func.__doc__ = func.__doc__ + "\n\n    *This function is of type: " + value + "*\n"
return func
return decorate_func


#### (1) Energy

You can calculate the linear, non-linear and absolute energy of a time series. In signal processing, the energy $E_S$ of a continuous-time signal $x(t)$ is defined as the area under the squared magnitude of the considered signal. Mathematically, $E_{s}=\langle x(t), x(t)\rangle=\int_{-\infty}^{\infty}|x(t)|^{2} d t$

(i) Absolute Energy

Returns the absolute energy of the time series which is the sum over the squared values

#-> In Package
def abs_energy(x):

if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
return np.dot(x, x)

extract.abs_energy(df["Close"])


#### (2) Distance

Here we widely define distance measures as those that take a difference between attributes or series of datapoints.

(i) Complexity-Invariant Distance

This function calculator is an estimate for a time series complexity.

#-> In Package
def cid_ce(x, normalize):

if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
if normalize:
s = np.std(x)
if s!=0:
x = (x - np.mean(x))/s
else:
return 0.0

x = np.diff(x)
return np.sqrt(np.dot(x, x))

extract.cid_ce(df["Close"], True)


#### (3) Differencing

Many alternatives to differencing exists, one can for example take the difference of every other value, take the squared difference, take the fractional difference, or like our example, take the mean absolute difference.

(i) Mean Absolute Change

Returns the mean over the absolute differences between subsequent time series values.

#-> In Package
def mean_abs_change(x):
return np.mean(np.abs(np.diff(x)))

extract.mean_abs_change(df["Close"])


#### (4) Derivative

Features where the emphasis is on the rate of change.

(i) Mean Central Second Derivative

Returns the mean value of a central approximation of the second derivative

#-> In Package
def _roll(a, shift):
if not isinstance(a, np.ndarray):
a = np.asarray(a)
idx = shift % len(a)
return np.concatenate([a[-idx:], a[:-idx]])

def mean_second_derivative_central(x):

diff = (_roll(x, 1) - 2 * np.array(x) + _roll(x, -1)) / 2.0
return np.mean(diff[1:-1])

extract.mean_second_derivative_central(df["Close"])


#### (5) Volatility

Volatility is a statistical measure of the dispersion of a time-series.

(i) Variance Larger than Standard Deviation

#-> In Package
def variance_larger_than_standard_deviation(x):

y = np.var(x)
return y > np.sqrt(y)

extract.variance_larger_than_standard_deviation(df["Close"])


(ii) Variability Index

Variability Index is a way to measure how smooth or 'variable' a time series is.

var_index_param = {"Volume":df["Volume"].values, "Open": df["Open"].values}

@set_property("fctype", "combiner")
@set_property("custom", True)
def var_index(time,param=var_index_param):
final = []
keys = []
for key, magnitude in param.items():
w = 1.0 / np.power(np.subtract(time[1:], time[:-1]), 2)
w_mean = np.mean(w)

N = len(time)
sigma2 = np.var(magnitude)

S1 = sum(w * (magnitude[1:] - magnitude[:-1]) ** 2)
S2 = sum(w)

eta_e = (w_mean * np.power(time[N - 1] -
time[0], 2) * S1 / (sigma2 * S2 * N ** 2))
final.append(eta_e)
keys.append(key)
return {"Interact__{}".format(k): eta_e for eta_e, k in zip(final,keys) }

extract.var_index(df["Close"].values,var_index_param)


#### (6) Shape

Features that emphasises a particular shape not ordinarily considered as a distribution statistic. Extends to derivations of the original time series too For example a feature looking at the sinusoidal shape of an autocorrelation plot.

(i) Symmetrical

Boolean variable denoting if the distribution of x looks symmetric.

#-> In Package
def symmetry_looking(x, param=[{"r": 0.2}]):

if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
mean_median_difference = np.abs(np.mean(x) - np.median(x))
max_min_difference = np.max(x) - np.min(x)
return [("r_{}".format(r["r"]), mean_median_difference < (r["r"] * max_min_difference))
for r in param]

extract.symmetry_looking(df["Close"])


#### (7) Occurrence

Looking at the occurrence, and reoccurence of defined values.

(i) Has Duplicate Max

#-> In Package
def has_duplicate_max(x):
"""
Checks if the maximum value of x is observed more than once

:param x: the time series to calculate the feature of
:type x: numpy.ndarray
:return: the value of this feature
:return type: bool
"""
if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
return np.sum(x == np.max(x)) >= 2

extract.has_duplicate_max(df["Close"])


#### (8) Autocorrelation

Autocorrelation, also known as serial correlation, is the correlation of a signal with a delayed copy of itself as a function of delay.

(i) Partial Autocorrelation

Partial autocorrelation is a summary of the relationship between an observation in a time series with observations at prior time steps with the relationships of intervening observations removed.

#-> In Package
from statsmodels.tsa.stattools import acf, adfuller, pacf

def partial_autocorrelation(x, param=[{"lag": 1}]):

# Check the difference between demanded lags by param and possible lags to calculate (depends on len(x))
max_demanded_lag = max([lag["lag"] for lag in param])
n = len(x)

# Check if list is too short to make calculations
if n <= 1:
pacf_coeffs = [np.nan] * (max_demanded_lag + 1)
else:
if (n <= max_demanded_lag):
max_lag = n - 1
else:
max_lag = max_demanded_lag
pacf_coeffs = list(pacf(x, method="ld", nlags=max_lag))
pacf_coeffs = pacf_coeffs + [np.nan] * max(0, (max_demanded_lag - max_lag))

return [("lag_{}".format(lag["lag"]), pacf_coeffs[lag["lag"]]) for lag in param]

extract.partial_autocorrelation(df["Close"])


#### (9) Stochasticity

Stochastic refers to a randomly determined process. Any features trying to capture stochasticity by degree or type are included under this branch.

(i) Augmented Dickey Fuller

The Augmented Dickey-Fuller test is a hypothesis test which checks whether a unit root is present in a time series sample.

#-> In Package
def augmented_dickey_fuller(x, param=[{"attr": "teststat"}]):

res = None
try:
except LinAlgError:
res = np.NaN, np.NaN, np.NaN
except ValueError: # occurs if sample size is too small
res = np.NaN, np.NaN, np.NaN
except MissingDataError: # is thrown for e.g. inf or nan in the data
res = np.NaN, np.NaN, np.NaN

return [('attr_"{}"'.format(config["attr"]),
res[0] if config["attr"] == "teststat"
else res[1] if config["attr"] == "pvalue"
else res[2] if config["attr"] == "usedlag" else np.NaN)
for config in param]

extract.augmented_dickey_fuller(df["Close"])


#### (10) Averages

(i) Median of Magnitudes Skew

@set_property("fctype", "simple")
@set_property("custom", True)
def gskew(x):
interpolation="nearest"
median_mag = np.median(x)
F_3_value = np.percentile(x, 3, interpolation=interpolation)
F_97_value = np.percentile(x, 97, interpolation=interpolation)

skew = (np.median(x[x <= F_3_value]) +
np.median(x[x >= F_97_value]) - 2 * median_mag)

return skew

extract.gskew(df["Close"])


(ii) Stetson Mean

An iteratively weighted mean used in the Stetson variability index

stestson_param = {"weight":100., "alpha":2., "beta":2., "tol":1.e-6, "nmax":20}

@set_property("fctype", "combiner")
@set_property("custom", True)
def stetson_mean(x, param=stestson_param):

weight= stestson_param["weight"]
alpha= stestson_param["alpha"]
beta = stestson_param["beta"]
tol= stestson_param["tol"]
nmax= stestson_param["nmax"]

mu = np.median(x)
for i in range(nmax):
resid = x - mu
resid_err = np.abs(resid) * np.sqrt(weight)
weight1 = weight / (1. + (resid_err / alpha)**beta)
weight1 /= weight1.mean()
diff = np.mean(x * weight1) - mu
mu += diff
if (np.abs(diff) < tol*np.abs(mu) or np.abs(diff) < tol):
break

return mu

extract.stetson_mean(df["Close"])


#### (11) Size

(i) Lenght

#-> In Package
def length(x):
return len(x)

extract.length(df["Close"])


#### (12) Count

(i) Count Above Mean

Returns the number of values in x that are higher than the mean of x

#-> In Package
def count_above_mean(x):
m = np.mean(x)
return np.where(x > m)[0].size

extract.count_above_mean(df["Close"])


#### (13) Streaks

(i) Longest Strike Below Mean

Returns the length of the longest consecutive subsequence in x that is smaller than the mean of x

#-> In Package
import itertools
def get_length_sequences_where(x):

if len(x) == 0:
return [0]
else:
res = [len(list(group)) for value, group in itertools.groupby(x) if value == 1]
return res if len(res) > 0 else [0]

def longest_strike_below_mean(x):

if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
return np.max(get_length_sequences_where(x <= np.mean(x))) if x.size > 0 else 0

extract.longest_strike_below_mean(df["Close"])


(ii) Wozniak

This is an astronomical feature, we count the number of three consecutive data points that are brighter or fainter than $2σ$ and normalize the number by $N−2$

woz_param = [{"consecutiveStar": n} for n in [2, 4]]

@set_property("fctype", "combiner")
@set_property("custom", True)
def wozniak(magnitude, param=woz_param):

iters = []
for consecutiveStar in [stars["consecutiveStar"] for stars in param]:
N = len(magnitude)
if N < consecutiveStar:
return 0
sigma = np.std(magnitude)
m = np.mean(magnitude)
count = 0

for i in range(N - consecutiveStar + 1):
flag = 0
for j in range(consecutiveStar):
if(magnitude[i + j] > m + 2 * sigma or
magnitude[i + j] < m - 2 * sigma):
flag = 1
else:
flag = 0
break
if flag:
count = count + 1
iters.append(count * 1.0 / (N - consecutiveStar + 1))

return [("consecutiveStar_{}".format(config["consecutiveStar"]), iters[en] )  for en, config in enumerate(param)]

extract.wozniak(df["Close"])


#### (14) Location

(i) Last location of Maximum

Returns the relative last location of the maximum value of x. last_location_of_minimum(x),

#-> In Package
def last_location_of_maximum(x):

x = np.asarray(x)
return 1.0 - np.argmax(x[::-1]) / len(x) if len(x) > 0 else np.NaN

extract.last_location_of_maximum(df["Close"])


#### (15) Model Coefficients

Any coefficient that are obtained from a model that might help in the prediction problem. For example here we might include coefficients of polynomial $h(x)$, which has been fitted to the deterministic dynamics of Langevin model.

(i) FFT Coefficient

Calculates the fourier coefficients of the one-dimensional discrete Fourier Transform for real input.

#-> In Package
def fft_coefficient(x, param = [{"coeff": 10, "attr": "real"}]):

assert min([config["coeff"] for config in param]) >= 0, "Coefficients must be positive or zero."
assert set([config["attr"] for config in param]) <= set(["imag", "real", "abs", "angle"]), \
'Attribute must be "real", "imag", "angle" or "abs"'

fft = np.fft.rfft(x)

def complex_agg(x, agg):
if agg == "real":
return x.real
elif agg == "imag":
return x.imag
elif agg == "abs":
return np.abs(x)
elif agg == "angle":
return np.angle(x, deg=True)

res = [complex_agg(fft[config["coeff"]], config["attr"]) if config["coeff"] < len(fft)
else np.NaN for config in param]
index = [('coeff_{}__attr_"{}"'.format(config["coeff"], config["attr"]),res[0]) for config in param]
return index

extract.fft_coefficient(df["Close"])


(ii) AR Coefficient

This feature calculator fits the unconditional maximum likelihood of an autoregressive AR(k) process.

#-> In Package
from statsmodels.tsa.ar_model import AR

def ar_coefficient(x, param=[{"coeff": 5, "k": 5}]):

calculated_ar_params = {}

x_as_list = list(x)
calculated_AR = AR(x_as_list)

res = {}

for parameter_combination in param:
k = parameter_combination["k"]
p = parameter_combination["coeff"]

column_name = "k_{}__coeff_{}".format(k, p)

if k not in calculated_ar_params:
try:
calculated_ar_params[k] = calculated_AR.fit(maxlag=k, solver="mle").params
except (LinAlgError, ValueError):
calculated_ar_params[k] = [np.NaN]*k

mod = calculated_ar_params[k]

if p <= k:
try:
res[column_name] = mod[p]
except IndexError:
res[column_name] = 0
else:
res[column_name] = np.NaN

return [(key, value) for key, value in res.items()]

extract.ar_coefficient(df["Close"])


#### (16) Quantiles

This includes finding normal quantile values in the series, but also quantile derived measures like change quantiles and index max quantiles.

(i) Index Mass Quantile

The relative index $i$ where $q%$ of the mass of the time series $x$ lie left of $i$ .

#-> In Package
def index_mass_quantile(x, param=[{"q": 0.3}]):

x = np.asarray(x)
abs_x = np.abs(x)
s = sum(abs_x)

if s == 0:
# all values in x are zero or it has length 0
return [("q_{}".format(config["q"]), np.NaN) for config in param]
else:
# at least one value is not zero
mass_centralized = np.cumsum(abs_x) / s
return [("q_{}".format(config["q"]), (np.argmax(mass_centralized >= config["q"])+1)/len(x)) for config in param]

extract.index_mass_quantile(df["Close"])


#### (17) Peaks

(i) Number of CWT Peaks

This feature calculator searches for different peaks in x.

from scipy.signal import cwt, find_peaks_cwt, ricker, welch

cwt_param = [ka for ka in [2,6,9]]

@set_property("fctype", "combiner")
@set_property("custom", True)
def number_cwt_peaks(x, param=cwt_param):

return [("CWTPeak_{}".format(n), len(find_peaks_cwt(vector=x, widths=np.array(list(range(1, n + 1))), wavelet=ricker))) for n in param]

extract.number_cwt_peaks(df["Close"])


#### (18) Density

The density, and more specifically the power spectral density of the signal describes the power present in the signal as a function of frequency, per unit frequency.

(i) Cross Power Spectral Density

This feature calculator estimates the cross power spectral density of the time series $x$ at different frequencies.

#-> In Package
def spkt_welch_density(x, param=[{"coeff": 5}]):
freq, pxx = welch(x, nperseg=min(len(x), 256))
coeff = [config["coeff"] for config in param]
indices = ["coeff_{}".format(i) for i in coeff]

if len(pxx) <= np.max(coeff):  # There are fewer data points in the time series than requested coefficients

# filter coefficients that are not contained in pxx
reduced_coeff = [coefficient for coefficient in coeff if len(pxx) > coefficient]
not_calculated_coefficients = [coefficient for coefficient in coeff
if coefficient not in reduced_coeff]

# Fill up the rest of the requested coefficients with np.NaNs
return zip(indices, list(pxx[reduced_coeff]) + [np.NaN] * len(not_calculated_coefficients))
else:
return pxx[coeff].ravel()[0]

extract.spkt_welch_density(df["Close"])


#### (19) Linearity

Any measure of linearity that might make use of something like the linear least-squares regression for the values of the time series. This can be against the time series minus one and many other alternatives.

(i) Linear Trend Time Wise

Calculate a linear least-squares regression for the values of the time series versus the sequence from 0 to length of the time series minus one.

from scipy.stats import linregress

#-> In Package
def linear_trend_timewise(x, param= [{"attr": "pvalue"}]):

ix = x.index

# Get differences between each timestamp and the first timestamp in seconds.
# Then convert to hours and reshape for linear regression
times_seconds = (ix - ix[0]).total_seconds()
times_hours = np.asarray(times_seconds / float(3600))

linReg = linregress(times_hours, x.values)

return [("attr_\"{}\"".format(config["attr"]), getattr(linReg, config["attr"]))
for config in param]

extract.linear_trend_timewise(df["Close"])


#### (20) Non-Linearity

(i) Schreiber Non-Linearity

#-> In Package
def c3(x, lag=3):
if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
n = x.size
if 2 * lag >= n:
return 0
else:
return np.mean((_roll(x, 2 * -lag) * _roll(x, -lag) * x)[0:(n - 2 * lag)])

extract.c3(df["Close"])


#### (21) Entropy

Any feature looking at the complexity of a time series. This is typically used in medical signal disciplines (EEG, EMG). There are multiple types of measures like spectral entropy, permutation entropy, sample entropy, approximate entropy, Lempel-Ziv complexity and other. This includes entropy measures and there derivations.

(i) Binned Entropy

Bins the values of x into max_bins equidistant bins.

#-> In Package
def binned_entropy(x, max_bins=10):
if not isinstance(x, (np.ndarray, pd.Series)):
x = np.asarray(x)
hist, bin_edges = np.histogram(x, bins=max_bins)
probs = hist / x.size
return - np.sum(p * np.math.log(p) for p in probs if p != 0)

extract.binned_entropy(df["Close"])


(ii) SVD Entropy

SVD entropy is an indicator of the number of eigenvectors that are needed for an adequate explanation of the data set.

svd_param = [{"Tau": ta, "DE": de}
for ta in [4]
for de in [3,6]]

def _embed_seq(X,Tau,D):
N =len(X)
if D * Tau > N:
print("Cannot build such a matrix, because D * Tau > N")
exit()
if Tau<1:
print("Tau has to be at least 1")
exit()
Y= np.zeros((N - (D - 1) * Tau, D))

for i in range(0, N - (D - 1) * Tau):
for j in range(0, D):
Y[i][j] = X[i + j * Tau]
return Y

@set_property("fctype", "combiner")
@set_property("custom", True)
def svd_entropy(epochs, param=svd_param):
axis=0

final = []
for par in param:

def svd_entropy_1d(X, Tau, DE):
Y = _embed_seq(X, Tau, DE)
W = np.linalg.svd(Y, compute_uv=0)
W /= sum(W)  # normalize singular values
return -1 * np.sum(W * np.log(W))

Tau = par["Tau"]
DE = par["DE"]

final.append(np.apply_along_axis(svd_entropy_1d, axis, epochs, Tau, DE).ravel()[0])

return [("Tau_\"{}\"__De_{}\"".format(par["Tau"], par["DE"]), final[en]) for en, par in enumerate(param)]

extract.svd_entropy(df["Close"].values)


(iii) Hjort

The Complexity parameter represents the change in frequency. The parameter compares the signal's similarity to a pure sine wave, where the value converges to 1 if the signal is more similar.

def _hjorth_mobility(epochs):
diff = np.diff(epochs, axis=0)
sigma0 = np.std(epochs, axis=0)
sigma1 = np.std(diff, axis=0)
return np.divide(sigma1, sigma0)

@set_property("fctype", "simple")
@set_property("custom", True)
def hjorth_complexity(epochs):
diff1 = np.diff(epochs, axis=0)
diff2 = np.diff(diff1, axis=0)
sigma1 = np.std(diff1, axis=0)
sigma2 = np.std(diff2, axis=0)
return np.divide(np.divide(sigma2, sigma1), _hjorth_mobility(epochs))

extract.hjorth_complexity(df["Close"])


#### (22) Fixed Points

Fixed points and equilibria as identified from fitted models.

(i) Langevin Fixed Points

Largest fixed point of dynamics $max\ {h(x)=0}$ estimated from polynomial $h(x)$ which has been fitted to the deterministic dynamics of Langevin model

#-> In Package
def _estimate_friedrich_coefficients(x, m, r):
assert m > 0, "Order of polynomial need to be positive integer, found {}".format(m)
df = pd.DataFrame({'signal': x[:-1], 'delta': np.diff(x)})
try:
df['quantiles'] = pd.qcut(df.signal, r)
except ValueError:
return [np.NaN] * (m + 1)

quantiles = df.groupby('quantiles')

result = pd.DataFrame({'x_mean': quantiles.signal.mean(), 'y_mean': quantiles.delta.mean()})
result.dropna(inplace=True)

try:
return np.polyfit(result.x_mean, result.y_mean, deg=m)
except (np.linalg.LinAlgError, ValueError):
return [np.NaN] * (m + 1)

def max_langevin_fixed_point(x, r=3, m=30):
coeff = _estimate_friedrich_coefficients(x, m, r)

try:
max_fixed_point = np.max(np.real(np.roots(coeff)))
except (np.linalg.LinAlgError, ValueError):
return np.nan

return max_fixed_point

extract.max_langevin_fixed_point(df["Close"])


#### (23) Amplitude

Features derived from peaked values in either the positive or negative direction.

(i) Willison Amplitude

This feature is defined as the amount of times that the change in the signal amplitude exceeds a threshold.

will_param = [ka for ka in [0.2,3]]

@set_property("fctype", "combiner")
@set_property("custom", True)
def willison_amplitude(X, param=will_param):
return [("Thresh_{}".format(n),np.sum(np.abs(np.diff(X)) >= n)) for n in param]

extract.willison_amplitude(df["Close"])


(ii) Percent Amplitude

Returns the largest distance from the median value, measured as a percentage of the median

perc_param = [{"base":ba, "exponent":exp} for ba in [3,5] for exp in [-0.1,-0.2]]

@set_property("fctype", "combiner")
@set_property("custom", True)
def percent_amplitude(x, param =perc_param):
final = []
for par in param:
linear_scale_data = par["base"] ** (par["exponent"] * x)
y_max = np.max(linear_scale_data)
y_min = np.min(linear_scale_data)
y_med = np.median(linear_scale_data)
final.append(max(abs((y_max - y_med) / y_med), abs((y_med - y_min) / y_med)))

return [("Base_{}__Exp{}".format(pa["base"],pa["exponent"]),fin) for fin, pa in zip(final,param)]

extract.percent_amplitude(df["Close"])


#### (24) Probability

Given the observed distribution of time lags cads, compute the probability that the next observation occurs within time minutes of an arbitrary epoch.

#-> fixes required
import scipy.stats as stats

@set_property("fctype", "combiner")
@set_property("custom", True)
return [("time_{}".format(time), stats.percentileofscore(cads, float(time) / (24.0 * 60.0)) / 100.0) for time in param]



#### (25) Crossings

Calculates the crossing of the series with other defined values or series.

(i) Zero Crossing Derivative

The positioning of the edge point is located at the zero crossing of the first derivative of the filter.

zero_param = [0.01, 8]

@set_property("fctype", "combiner")
@set_property("custom", True)
def zero_crossing_derivative(epochs, param=zero_param):
diff = np.diff(epochs)
norm = diff-diff.mean()
return [("e_{}".format(e), np.apply_along_axis(lambda epoch: np.sum(((epoch[:-5] <= e) & (epoch[5:] > e))), 0, norm).ravel()[0]) for e in param]

extract.zero_crossing_derivative(df["Close"])


#### (26) Fluctuations

These features are again from medical signal sciences, but under this category we would include values such as fluctuation based entropy measures, fluctuation of correlation dynamics, and co-fluctuations.

(i) Detrended Fluctuation Analysis (DFA)

DFA Calculate the Hurst exponent using DFA analysis.

from scipy.stats import kurtosis as _kurt
from scipy.stats import skew as _skew
import numpy as np

@set_property("fctype", "simple")
@set_property("custom", True)
def detrended_fluctuation_analysis(epochs):
def dfa_1d(X, Ave=None, L=None):
X = np.array(X)

if Ave is None:
Ave = np.mean(X)

Y = np.cumsum(X)
Y -= Ave

if L is None:
L = np.floor(len(X) * 1 / (
2 ** np.array(list(range(1, int(np.log2(len(X))) - 4))))
)

F = np.zeros(len(L))  # F(n) of different given box length n

for i in range(0, len(L)):
n = int(L[i])  # for each box length L[i]
if n == 0:
print("time series is too short while the box length is too big")
print("abort")
exit()
for j in range(0, len(X), n):  # for each box
if j + n < len(X):
c = list(range(j, j + n))
# coordinates of time in the box
c = np.vstack([c, np.ones(n)]).T
# the value of data in the box
y = Y[j:j + n]
# add residue in this box
F[i] += np.linalg.lstsq(c, y, rcond=None)[1]
F[i] /= ((len(X) / n) * n)
F = np.sqrt(F)

stacked = np.vstack([np.log(L), np.ones(len(L))])
stacked_t = stacked.T
Alpha = np.linalg.lstsq(stacked_t, np.log(F), rcond=None)

return Alpha[0][0]

return np.apply_along_axis(dfa_1d, 0, epochs).ravel()[0]

extract.detrended_fluctuation_analysis(df["Close"])


#### (27) Information

Closely related to entropy and complexity measures. Any measure that attempts to measure the amount of information from an observable variable is included here.

(i) Fisher Information

Fisher information is a statistical information concept distinct from, and earlier than, Shannon information in communication theory.

def _embed_seq(X, Tau, D):

shape = (X.size - Tau * (D - 1), D)
strides = (X.itemsize, Tau * X.itemsize)
return np.lib.stride_tricks.as_strided(X, shape=shape, strides=strides)

fisher_param = [{"Tau":ta, "DE":de} for ta in [3,15] for de in [10,5]]

@set_property("fctype", "combiner")
@set_property("custom", True)
def fisher_information(epochs, param=fisher_param):
def fisher_info_1d(a, tau, de):
# taken from pyeeg improvements

mat = _embed_seq(a, tau, de)
W = np.linalg.svd(mat, compute_uv=False)
W /= sum(W)  # normalize singular values
FI_v = (W[1:] - W[:-1]) ** 2 / W[:-1]
return np.sum(FI_v)

return [("Tau_{}__DE_{}".format(par["Tau"], par["DE"]),np.apply_along_axis(fisher_info_1d, 0, epochs, par["Tau"], par["DE"]).ravel()[0]) for par in param]

extract.fisher_information(df["Close"])


#### (28) Fractals

In mathematics, more specifically in fractal geometry, a fractal dimension is a ratio providing a statistical index of complexity comparing how detail in a pattern (strictly speaking, a fractal pattern) changes with the scale at which it is measured.

(i) Highuchi Fractal

Compute a Higuchi Fractal Dimension of a time series

hig_para = [{"Kmax": 3},{"Kmax": 5}]

@set_property("fctype", "combiner")
@set_property("custom", True)
def higuchi_fractal_dimension(epochs, param=hig_para):
def hfd_1d(X, Kmax):

L = []
x = []
N = len(X)
for k in range(1, Kmax):
Lk = []
for m in range(0, k):
Lmk = 0
for i in range(1, int(np.floor((N - m) / k))):
Lmk += abs(X[m + i * k] - X[m + i * k - k])
Lmk = Lmk * (N - 1) / np.floor((N - m) / float(k)) / k
Lk.append(Lmk)
L.append(np.log(np.mean(Lk)))
x.append([np.log(float(1) / k), 1])

(p, r1, r2, s) = np.linalg.lstsq(x, L, rcond=None)
return p[0]

return [("Kmax_{}".format(config["Kmax"]), np.apply_along_axis(hfd_1d, 0, epochs, config["Kmax"]).ravel()[0] ) for  config in param]

extract.higuchi_fractal_dimension(df["Close"])


(ii) Petrosian Fractal

Compute a Petrosian Fractal Dimension of a time series.

@set_property("fctype", "simple")
@set_property("custom", True)
def petrosian_fractal_dimension(epochs):
def pfd_1d(X, D=None):
# taken from pyeeg
"""Compute Petrosian Fractal Dimension of a time series from either two
cases below:
1. X, the time series of type list (default)
2. D, the first order differential sequence of X (if D is provided,
recommended to speed up)
In case 1, D is computed using Numpy's difference function.
To speed up, it is recommended to compute D before calling this function
because D may also be used by other functions whereas computing it here
again will slow down.
"""
if D is None:
D = np.diff(X)
D = D.tolist()
N_delta = 0  # number of sign changes in derivative of the signal
for i in range(1, len(D)):
if D[i] * D[i - 1] < 0:
N_delta += 1
n = len(X)
return np.log10(n) / (np.log10(n) + np.log10(n / n + 0.4 * N_delta))
return np.apply_along_axis(pfd_1d, 0, epochs).ravel()[0]

extract.petrosian_fractal_dimension(df["Close"])


#### (29) Exponent

(i) Hurst Exponent

The Hurst exponent is used as a measure of long-term memory of time series. It relates to the autocorrelations of the time series, and the rate at which these decrease as the lag between pairs of values increases.

@set_property("fctype", "simple")
@set_property("custom", True)
def hurst_exponent(epochs):
def hurst_1d(X):

X = np.array(X)
N = X.size
T = np.arange(1, N + 1)
Y = np.cumsum(X)
Ave_T = Y / T

S_T = np.zeros(N)
R_T = np.zeros(N)
for i in range(N):
S_T[i] = np.std(X[:i + 1])
X_T = Y - T * Ave_T[i]
R_T[i] = np.ptp(X_T[:i + 1])

for i in range(1, len(S_T)):
if np.diff(S_T)[i - 1] != 0:
break
for j in range(1, len(R_T)):
if np.diff(R_T)[j - 1] != 0:
break
k = max(i, j)
assert k < 10, "rethink it!"

R_S = R_T[k:] / S_T[k:]
R_S = np.log(R_S)

n = np.log(T)[k:]
A = np.column_stack((n, np.ones(n.size)))
[m, c] = np.linalg.lstsq(A, R_S, rcond=None)[0]
H = m
return H
return np.apply_along_axis(hurst_1d, 0, epochs).ravel()[0]

extract.hurst_exponent(df["Close"])


(ii) Largest Lyauponov Exponent

In mathematics the Lyapunov exponent or Lyapunov characteristic exponent of a dynamical system is a quantity that characterizes the rate of separation of infinitesimally close trajectories.

def _embed_seq(X, Tau, D):
shape = (X.size - Tau * (D - 1), D)
strides = (X.itemsize, Tau * X.itemsize)
return np.lib.stride_tricks.as_strided(X, shape=shape, strides=strides)

lyaup_param = [{"Tau":4, "n":3, "T":10, "fs":9},{"Tau":8, "n":7, "T":15, "fs":6}]

@set_property("fctype", "combiner")
@set_property("custom", True)
def largest_lyauponov_exponent(epochs, param=lyaup_param):
def LLE_1d(x, tau, n, T, fs):

Em = _embed_seq(x, tau, n)
M = len(Em)
A = np.tile(Em, (len(Em), 1, 1))
B = np.transpose(A, [1, 0, 2])
square_dists = (A - B) ** 2  # square_dists[i,j,k] = (Em[i][k]-Em[j][k])^2
D = np.sqrt(square_dists[:, :, :].sum(axis=2))  # D[i,j] = ||Em[i]-Em[j]||_2

# Exclude elements within T of the diagonal
band = np.tri(D.shape[0], k=T) - np.tri(D.shape[0], k=-T - 1)
band[band == 1] = np.inf
neighbors = (D + band).argmin(axis=0)  # nearest neighbors more than T steps away

# in_bounds[i,j] = (i+j <= M-1 and i+neighbors[j] <= M-1)
inc = np.tile(np.arange(M), (M, 1))
row_inds = (np.tile(np.arange(M), (M, 1)).T + inc)
col_inds = (np.tile(neighbors, (M, 1)) + inc.T)
in_bounds = np.logical_and(row_inds <= M - 1, col_inds <= M - 1)
# Uncomment for old (miscounted) version
# in_bounds = numpy.logical_and(row_inds < M - 1, col_inds < M - 1)
row_inds[~in_bounds] = 0
col_inds[~in_bounds] = 0

# neighbor_dists[i,j] = ||Em[i+j]-Em[i+neighbors[j]]||_2
J = (~neighbor_dists.mask).sum(axis=1)  # number of in-bounds indices by row
# Set invalid (zero) values to 1; log(1) = 0 so sum is unchanged

neighbor_dists[neighbor_dists == 0] = 1

# !!! this fixes the divide by zero in log error !!!
neighbor_dists.data[neighbor_dists.data == 0] = 1

d_ij = np.sum(np.log(neighbor_dists.data), axis=1)
mean_d = d_ij[J > 0] / J[J > 0]

x = np.arange(len(mean_d))
X = np.vstack((x, np.ones(len(mean_d)))).T
[m, c] = np.linalg.lstsq(X, mean_d, rcond=None)[0]
Lexp = fs * m
return Lexp

return [("Tau_{}__n_{}__T_{}__fs_{}".format(par["Tau"], par["n"], par["T"], par["fs"]), np.apply_along_axis(LLE_1d, 0, epochs, par["Tau"], par["n"], par["T"], par["fs"]).ravel()[0]) for par in param]

extract.largest_lyauponov_exponent(df["Close"])


#### (30) Spectral Analysis

Spectral analysis is analysis in terms of a spectrum of frequencies or related quantities such as energies, eigenvalues, etc.

(i) Whelch Method

The Whelch Method is an approach for spectral density estimation. It is used in physics, engineering, and applied mathematics for estimating the power of a signal at different frequencies.

from scipy import signal, integrate

whelch_param = [100,200]

@set_property("fctype", "combiner")
@set_property("custom", True)
def whelch_method(data, param=whelch_param):

final = []
for Fs in param:
f, pxx = signal.welch(data, fs=Fs, nperseg=1024)
d = {'psd': pxx, 'freqs': f}
df = pd.DataFrame(data=d)
dfs = df.sort_values(['psd'], ascending=False)
rows = dfs.iloc[:10]
final.append(rows['freqs'].mean())

return [("Fs_{}".format(pa),fin) for pa, fin in zip(param,final)]

extract.whelch_method(df["Close"])

#-> Basically same as above
freq_param = [{"fs":50, "sel":15},{"fs":200, "sel":20}]

@set_property("fctype", "combiner")
@set_property("custom", True)
def find_freq(serie, param=freq_param):

final = []
for par in param:
fft0 = np.fft.rfft(serie*np.hanning(len(serie)))
freqs = np.fft.rfftfreq(len(serie), d=1.0/par["fs"])
fftmod = np.array([np.sqrt(fft0[i].real**2 + fft0[i].imag**2) for i in range(0, len(fft0))])
d = {'fft': fftmod, 'freq': freqs}
df = pd.DataFrame(d)
hop = df.sort_values(['fft'], ascending=False)
rows = hop.iloc[:par["sel"]]
final.append(rows['freq'].mean())

return [("Fs_{}__sel{}".format(pa["fs"],pa["sel"]),fin) for pa, fin in zip(param,final)]

extract.find_freq(df["Close"])


#### (31) Percentile

(i) Flux Percentile

Flux (or radiant flux) is the total amount of energy that crosses a unit area per unit time. Flux is an astronomical value, measured in joules per square metre per second (joules/m2/s), or watts per square metre. Here we provide the ratio of flux percentiles.

#-> In Package

import math
def flux_perc(magnitude):
sorted_data = np.sort(magnitude)
lc_length = len(sorted_data)

F_60_index = int(math.ceil(0.60 * lc_length))
F_40_index = int(math.ceil(0.40 * lc_length))
F_5_index = int(math.ceil(0.05 * lc_length))
F_95_index = int(math.ceil(0.95 * lc_length))

F_40_60 = sorted_data[F_60_index] - sorted_data[F_40_index]
F_5_95 = sorted_data[F_95_index] - sorted_data[F_5_index]
F_mid20 = F_40_60 / F_5_95

return {"FluxPercentileRatioMid20": F_mid20}

extract.flux_perc(df["Close"])


#### (32) Range

(i) Range of Cummulative Sum

@set_property("fctype", "simple")
@set_property("custom", True)
def range_cum_s(magnitude):
sigma = np.std(magnitude)
N = len(magnitude)
m = np.mean(magnitude)
s = np.cumsum(magnitude - m) * 1.0 / (N * sigma)
R = np.max(s) - np.min(s)
return {"Rcs": R}

extract.range_cum_s(df["Close"])


#### (33) Structural

Structural features, potential placeholders for future research.

(i) Structure Function

The structure function of rotation measures (RMs) contains information on electron density and magnetic field fluctuations when used i astronomy. It becomes a custom feature when used with your own unique time series data.

from scipy.interpolate import interp1d

struct_param = {"Volume":df["Volume"].values, "Open": df["Open"].values}

@set_property("fctype", "combiner")
@set_property("custom", True)
def structure_func(time, param=struct_param):

dict_final = {}
for key, magnitude in param.items():
dict_final[key] = []
Nsf, Np = 100, 100
sf1, sf2, sf3 = np.zeros(Nsf), np.zeros(Nsf), np.zeros(Nsf)
f = interp1d(time, magnitude)

time_int = np.linspace(np.min(time), np.max(time), Np)
mag_int = f(time_int)

for tau in np.arange(1, Nsf):
sf1[tau - 1] = np.mean(
np.power(np.abs(mag_int[0:Np - tau] - mag_int[tau:Np]), 1.0))
sf2[tau - 1] = np.mean(
np.abs(np.power(
np.abs(mag_int[0:Np - tau] - mag_int[tau:Np]), 2.0)))
sf3[tau - 1] = np.mean(
np.abs(np.power(
np.abs(mag_int[0:Np - tau] - mag_int[tau:Np]), 3.0)))
sf1_log = np.log10(np.trim_zeros(sf1))
sf2_log = np.log10(np.trim_zeros(sf2))
sf3_log = np.log10(np.trim_zeros(sf3))

if len(sf1_log) and len(sf2_log):
m_21, b_21 = np.polyfit(sf1_log, sf2_log, 1)
else:

m_21 = np.nan

if len(sf1_log) and len(sf3_log):
m_31, b_31 = np.polyfit(sf1_log, sf3_log, 1)
else:

m_31 = np.nan

if len(sf2_log) and len(sf3_log):
m_32, b_32 = np.polyfit(sf2_log, sf3_log, 1)
else:

m_32 = np.nan
dict_final[key].append(m_21)
dict_final[key].append(m_31)
dict_final[key].append(m_32)

return [("StructureFunction_{}__m_{}".format(key, name), li)  for key, lis in dict_final.items() for name, li in zip([21,31,32], lis)]

struct_param = {"Volume":df["Volume"].values, "Open": df["Open"].values}

extract.structure_func(df["Close"],struct_param)


#### (34) Distribution

(i) Kurtosis

#-> In Package
def kurtosis(x):

if not isinstance(x, pd.Series):
x = pd.Series(x)
return pd.Series.kurtosis(x)

extract.kurtosis(df["Close"])


(ii) Stetson Kurtosis

@set_property("fctype", "simple")
@set_property("custom", True)
def stetson_k(x):
"""A robust kurtosis statistic."""
n = len(x)
x0 = stetson_mean(x, 1./20**2)
delta_x = np.sqrt(n / (n - 1.)) * (x - x0) / 20
ta = 1. / 0.798 * np.mean(np.abs(delta_x)) / np.sqrt(np.mean(delta_x**2))
return ta

extract.stetson_k(df["Close"])


## (5) Synthesise

Time-Series synthesisation (TSS) happens before the feature extraction step and Cross Sectional Synthesisation (CSS) happens after the feature extraction step. Currently I will only include a CSS package, in the future, I would further work on developing out this section. This area still has a lot of performance and stability issues. In the future it might be a more viable candidate to improve prediction.

from lightgbm import LGBMRegressor
from sklearn.metrics import mean_squared_error

def model(df_final):
model = LGBMRegressor()
train = df_final[~df_final.isin(test)].dropna()
model = model.fit(train.drop(["Close_1"],axis=1),train["Close_1"])
preds = model.predict(test.drop(["Close_1"],axis=1))
train = df_final[~df_final.isin(test)].dropna()
model = model.fit(train.drop(["Close_1"],axis=1),train["Close_1"])
val = mean_squared_error(test["Close_1"],preds);
return val

pip install ctgan

from ctgan import CTGANSynthesizer

#discrete_columns = [""]
ctgan = CTGANSynthesizer()
ctgan.fit(df,epochs=10) #15


Random Benchmark

np.random.seed(1)
df_in = df.copy()
df_in["Close_1"] = np.random.permutation(df_in["Close_1"].values)
model(df_in)


Generated Performance

df_gen = ctgan.sample(len(df_in)*100)
model(df_gen)


As expected a cross-sectional technique, does not work well on time-series data, in the future, other methods will be investigated.

## (6) Skeleton Example

Here I will perform tabular agumenting methods on a small dataset single digit features and around 250 instances. This is not necessarily the best sized dataset to highlight the performance of tabular augmentation as some method like extraction would be overkill as it would lead to dimensionality problems. It is also good to know that there are close to infinite number of ways to perform these augmentation methods. In the future, automated augmentation methods can guide the experiment process.

The approach taken in this skeleton is to develop running models that are tested after each augmentation to highlight what methods might work well on this particular dataset. The metric we will use is mean squared error. In this implementation we do not have special hold-out sets.

The above framework of implementation will be consulted, but one still have to be strategic as to when you apply what function, and you have to make sure that you are processing your data with appropriate techniques (drop null values, fill null values) at the appropriate time.

#### Validation

Develop Model and Define Metric

from lightgbm import LGBMRegressor
from sklearn.metrics import mean_squared_error

def model(df_final):
model = LGBMRegressor()
train = df_final[~df_final.isin(test)].dropna()
model = model.fit(train.drop(["Close_1"],axis=1),train["Close_1"])
preds = model.predict(test.drop(["Close_1"],axis=1))
train = df_final[~df_final.isin(test)].dropna()
model = model.fit(train.drop(["Close_1"],axis=1),train["Close_1"])
val = mean_squared_error(test["Close_1"],preds);
return val


df = data_copy()

model(df)

302.61676570345287


(1) (7) (i) Transformation - Decomposition - Naive

## If Inferred Seasonality is Too Large Default to Five
seasons = transform.infer_seasonality(df["Close"],index=0)
df_out = transform.naive_dec(df.copy(), ["Close","Open"], freq=5)
model(df_out) #improvement

274.34477082783525


(1) (8) (i) Transformation - Filter - Baxter-King-Bandpass

df_out = transform.bkb(df_out, ["Close","Low"])
df_best = df_out.copy()
model(df_out) #improvement

267.1826850968307


(1) (3) (i) Transformation - Differentiation - Fractional

df_out = transform.fast_fracdiff(df_out, ["Close_BPF"],0.5)
model(df_out) #null

267.7083192402742


(1) (1) (i) Transformation - Scaling - Robust Scaler

df_out = df_out.dropna()
df_out = transform.robust_scaler(df_out, drop=["Close_1"])
model(df_out) #noisy

270.96980399571214


(2) (2) (i) Interactions - Operator - Multiplication/Division

df_out.head()

df_out = interact.muldiv(df_out, ["Close","Open_NDDS","Low_BPF"])
model(df_out) #noisy

285.6420643864313

df_r = df_out.copy()


(2) (6) (i) Interactions - Speciality - Technical

import ta
df = interact.tech(df)
df_out = pd.merge(df_out,  df.iloc[:,7:], left_index=True, right_index=True, how="left")


Clean Dataframe and Metric

"""Droping column where missing values are above a threshold"""
df_out = df_out.dropna(thresh = len(df_out)*0.95, axis = "columns")
df_out = df_out.dropna()
df_out = df_out.replace([np.inf, -np.inf], np.nan).ffill().fillna(0)
close = df_out["Close"].copy()
df_d = df_out.copy()
model(df_out) #improve

592.52971755184


(3) (1) (i) Mapping - Eigen Decomposition - PCA

from sklearn.decomposition import PCA, IncrementalPCA, KernelPCA

df_out = transform.robust_scaler(df_out, drop=["Close_1"])

df_out = df_out.replace([np.inf, -np.inf], np.nan).ffill().fillna(0)
df_out = mapper.pca_feature(df_out, drop_cols=["Close_1"], variance_or_components=0.9, n_components=8,non_linear=False)

model(df_out) #noisy but not too bad given the 10 fold dimensionality reduction

687.158330455884


(4) Extracting

Here at first, I show the functions that have been added to the DeltaPy fork of tsfresh. You have to add your own personal adjustments based on the features you would like to construct. I am using self-developed features, but you can also use TSFresh's community functions.

The following files have been appropriately ammended (Get in contact for advice)

(4) (10) (i) Extracting - Averages - GSkew

extract.gskew(df_out["PCA_1"])

-0.7903067336449059


(4) (21) (ii) Extracting - Entropy - SVD Entropy

svd_param = [{"Tau": ta, "DE": de}
for ta in [4]
for de in [3,6]]

extract.svd_entropy(df_out["PCA_1"],svd_param)

[('Tau_"4"__De_3"', 0.7234823323374294),
('Tau_"4"__De_6"', 1.3014347840145244)]


(4) (13) (ii) Extracting - Streaks - Wozniak

woz_param = [{"consecutiveStar": n} for n in [2, 4]]

extract.wozniak(df_out["PCA_1"],woz_param)

[('consecutiveStar_2', 0.012658227848101266), ('consecutiveStar_4', 0.0)]


(4) (28) (i) Extracting - Fractal - Higuchi

hig_param = [{"Kmax": 3},{"Kmax": 5}]

extract.higuchi_fractal_dimension(df_out["PCA_1"],hig_param)

[('Kmax_3', 0.577913816027104), ('Kmax_5', 0.8176960510304725)]


(4) (5) (ii) Extracting - Volatility - Variability Index

var_index_param = {"Volume":df["Volume"].values, "Open": df["Open"].values}

extract.var_index(df["Close"].values,var_index_param)

{'Interact__Open': 0.00396022538846289,
'Interact__Volume': 0.20550155114176533}


Time Series Extraction

pip install git+git://github.com/firmai/tsfresh.git

#Construct the preferred input dataframe.
from tsfresh.utilities.dataframe_functions import roll_time_series
df_out["ID"] = 0
periods = 30
df_out = df_out.reset_index()
df_ts = roll_time_series(df_out,"ID","Date",None,1,periods)
counts = df_ts['ID'].value_counts()
df_ts = df_ts[df_ts['ID'].isin(counts[counts > periods].index)]

#Perform extraction
from tsfresh.feature_extraction import extract_features, CustomFCParameters
settings_dict = CustomFCParameters()
settings_dict["var_index"] = {"PCA_1":None, "PCA_2": None}
df_feat = extract_features(df_ts.drop(["Close_1"],axis=1),default_fc_parameters=settings_dict,column_id="ID",column_sort="Date")

Feature Extraction: 100%|██████████| 5/5 [00:10<00:00,  2.14s/it]

# Cleaning operations
import pandasvault as pv
df_feat2 = df_feat.copy()
df_feat = df_feat.dropna(thresh = len(df_feat)*0.50, axis = "columns")
df_feat_cons = pv.constant_feature_detect(data=df_feat,threshold=0.9)
df_feat = df_feat.drop(df_feat_cons, axis=1)
df_feat = df_feat.ffill()
df_feat = pd.merge(df_feat,df[["Close_1"]],left_index=True,right_index=True,how="left")
print(df_feat.shape)
model(df_feat) #noisy

7  variables are found to be almost constant
(208, 48)
2064.7813982935995

from tsfresh import select_features
from tsfresh.utilities.dataframe_functions import impute

impute(df_feat)
df_feat_2 = select_features(df_feat.drop(["Close_1"],axis=1),df_feat["Close_1"],fdr_level=0.05)
df_feat_2["Close_1"] = df_feat["Close_1"]
model(df_feat_2) #improvement (b/ not an augmentation method)

1577.5273071299482


(3) (6) (i) Feature Agglomoration;   (1)(2)(i) Standard Scaler.

Like in this step, after (1), (2), (3), (4) and (5), you can often circle back to the initial steps to normalise the data and dimensionally reduce the data for the final model.

import numpy as np
from sklearn import datasets, cluster

def feature_agg(df, drop, components):
components = min(df.shape[1]-1,components)
agglo = cluster.FeatureAgglomeration(n_clusters=components,)
df = df.drop(drop,axis=1)
agglo.fit(df)
df = pd.DataFrame(agglo.transform(df))

return df

df_final = transform.standard_scaler(df_feat_2, drop=["Close_1"])
df_final = mapper.feature_agg(df_final,["Close_1"],4)
df_final.index = df_feat.index
df_final["Close_1"] = df_feat["Close_1"]
model(df_final) #noisy

1949.89085894338


Final Model After Applying 13 Arbitrary Augmentation Techniques

model(df_final) #improvement

1949.89085894338


Original Model Before Augmentation

df_org = df.iloc[:,:7][df.index.isin(df_final.index)]
model(df_org)

389.783990984133


Best Model After Developing 8 Augmenting Features

df_best = df_best.replace([np.inf, -np.inf], np.nan).ffill().fillna(0)
model(df_best)

267.1826850968307


Commentary

There are countless ways in which the current model can be improved, this can take on an automated process where all techniques are tested against a hold out set, for example, we can perform the operation below, and even though it improves the score here, there is a need for more robust tests. The skeleton example above is not meant to highlight the performance of the package. It simply serves as an example of how one can go about applying augmentation methods.

Quite naturally this example suffers from dimensionality issues with array shapes reaching (208, 48), furthermore you would need a sample that is at least 50-100 times larger before machine learning methods start to make sense.

Nonetheless, in this example, Transformation, Interactions and Mappings (applied to extraction output) performed fairly well. Extraction augmentation was overkill, but created a reasonable model when dimensionally reduced. A better selection of one of the 50+ augmentation methods and the order of augmentation could further help improve the outcome if robustly tested against development sets.

[1] DeltaPy Development

Author: firmai
Source Code: https://github.com/firmai/deltapy

#engineering

1647540000

## Substrate Knowledge Map for Hackathon Participants

The Substrate Knowledge Map provides information that you—as a Substrate hackathon participant—need to know to develop a non-trivial application for your hackathon submission.

The map covers 6 main sections:

Each section contains basic information on each topic, with links to additional documentation for you to dig deeper. Within each section, you'll find a mix of quizzes and labs to test your knowledge as your progress through the map. The goal of the labs and quizzes is to help you consolidate what you've learned and put it to practice with some hands-on activities.

## Introduction

One question we often get is why learn the Substrate framework when we can write smart contracts to build decentralized applications?

The short answer is that using the Substrate framework and writing smart contracts are two different approaches.

### Smart contract development

Traditional smart contract platforms allow users to publish additional logic on top of some core blockchain logic. Since smart contract logic can be published by anyone, including malicious actors and inexperienced developers, there are a number of intentional safeguards and restrictions built around these public smart contract platforms. For example:

Fees: Smart contract developers must ensure that contract users are charged for the computation and storage they impose on the computers running their contract. With fees, block creators are protected from abuse of the network.

Sandboxed: A contract is not able to modify core blockchain storage or storage items of other contracts directly. Its power is limited to only modifying its own state, and the ability to make outside calls to other contracts or runtime functions.

Reversion: Contracts can be prone to undesirable situations that lead to logical errors when wanting to revert or upgrade them. Developers need to learn additional patterns such as splitting their contract's logic and data to ensure seamless upgrades.

These safeguards and restrictions make running smart contracts slower and more costly. However, it's important to consider the different developer audiences for contract development versus Substrate runtime development.

Building decentralized applications with smart contracts allows your community to extend and develop on top of your runtime logic without worrying about proposals, runtime upgrades, and so on. You can also use smart contracts as a testing ground for future runtime changes, but done in an isolated way that protects your network from any errors the changes might introduce.

In summary, smart contract development:

• Is inherently safer to the network.
• Provides economic incentives and transaction fee mechanisms that can't be directly controlled by the smart contract author.
• Provides computational overhead to support graceful logical failures.
• Has a low barrier to entry for developers and enables a faster pace of community interaction.

### Substrate runtime development

Unlike traditional smart contract development, Substrate runtime development offers none of the network protections or safeguards. Instead, as a runtime developer, you have total control over how the blockchain behaves. However, this level of control also means that there is a higher barrier to entry.

Substrate is a framework for building blockchains, which almost makes comparing it to smart contract development like comparing apples and oranges. With the Substrate framework, developers can build smart contracts but that is only a fraction of using Substrate to its full potential.

With Substrate, you have full control over the underlying logic that your network's nodes will run. You also have full access for modifying and controlling each and every storage item across your runtime modules. As you progress through this map, you'll discover concepts and techniques that will help you to unlock the potential of the Substrate framework, giving you the freedom to build the blockchain that best suits the needs of your application.

You'll also discover how you can upgrade the Substrate runtime with a single transaction instead of having to organize a community hard-fork. Upgradeability is one of the primary design features of the Substrate framework.

In summary, runtime development:

• Removes the overhead of built-in safety for performance.
• Has a higher barrier of entry for developers.
• Provides flexibility to customize full-stack application logic.

To learn more about using smart contracts within Substrate, refer to the Smart Contract - Overview page as well as the Polkadot Builders Guide.

## Navigating the documentation

If you need any community support, please join the following channels based on the area where you need help:

Alternatively, also look for support on Stackoverflow where questions are tagged with "substrate" or on the Parity Subport repo.

Use the following links to explore the sites and resources available on each:

Substrate Developer Hub has the most comprehensive all-round coverage about Substrate, from a "big picture" explanation of architecture to specific technical concepts. The site also provides tutorials to guide you as your learn the Substrate framework and the API reference documentation. You should check this site first if you want to look up information about Substrate runtime development. The site consists of:

Knowledge Base: Explaining the foundational concepts of building blockchain runtimes using Substrate.

Tutorials: Hand-on tutorials for developers to follow. The first SIX tutorials show the fundamentals in Substrate and are recommended for every Substrate learner to go through.

How-to Guides: These resources are like the O'Reilly cookbook series written in a task-oriented way for readers to get the job done. Some examples of the topics overed include:

• Setting up proper weight functions for extrinsic calls.
• Using off-chain workers to fetch HTTP requests.
• Writing tests for your pallets It can also be read from

API docs: Substrate API reference documentation.

Substrate Node Template provides a light weight, minimal Substrate blockchain node that you can set up as a local development environment.

Substrate Front-end template provides a front-end interface built with React using Polkadot-JS API to connect to any Substrate node. Developers are encouraged to start new Substrate projects based on these templates.

If you face any technical difficulties and need support, feel free to join the Substrate Technical matrix channel and ask your questions there.

Polkadot Wiki documents the specific behavior and mechanisms of the Polkadot network. The Polkadot network allows multiple blockchains to connect and pass messages to each other. On the wiki, you can learn about how Polkadot—built using Substrate—is customized to support inter-blockchain message passing.

Polkadot JS API doc: documents how to use the Polkadot-JS API. This JavaScript-based API allows developers to build custom front-ends for their blockchains and applications. Polkadot JS API provides a way to connect to Substrate-based blockchains to query runtime metadata and send transactions.

## Basics

### Set up your local development environment

Here you will set up your local machine to install the Rust compiler—ensuring that you have both stable and nightly versions installed. Both stable and nightly versions are required because currently a Substrate runtime is compiled to a native binary using the stable Rust compiler, then compiled to a WebAssembly (WASM) binary, which only the nightly Rust compiler can do.

Also refer to:

### Lab #1

👉 Complete Lab #1: Run a Substrate node

### Interact with a Substrate network using Polkadot-JS apps

Polkadot JS Apps is the canonical front-end to interact with any Substrate-based chain.

You can configure whichever endpoint you want it to connected to, even to your localhost running node. Refer to the following two diagrams.

1. Click on the top left side showing your currently connected network:

1. Scroll to the bottom of the menu, open DEVELOPMENT, and choose either Local Node or Custom to specify your own endpoint.

### Quiz #2

👉 Complete Quiz #2

### Lab #2

👉 Complete Lab #2: Using Polkadot-JS Apps

Notes: If you are connecting Apps to a custom chain (or your locally-running node), you may need to specify your chain's custom data types in JSON under Settings > Developer.

Polkadot-JS Apps only receives a series of bytes from the blockchain. It is up to the developer to tell it how to decode and interpret these custom data type. To learn more on this, refer to:

You will also need to create an account. To do so, follow these steps on account generation. You'll learn that you can also use the Polkadot-JS Browser Plugin (a Metamask-like browser extension to manage your Substrate accounts) and it will automatically be imported into Polkadot-JS Apps.

Notes: When you run a Substrate chain in development mode (with the --dev flag), well-known accounts (Alice, Bob, Charlie, etc.) are always created for you.

### Lab #3

👉 Complete Lab #3: Create an Account

## Preliminaries

You need to know some Rust programming concepts and have a good understanding on how blockchain technology works in order to make the most of developing with Substrate. The following resources will help you brush up in these areas.

### Rust

You will need familiarize yourself with Rust to understand how Substrate is built and how to make the most of its capabilities.

If you are new to Rust, or need a brush up on your Rust knowledge, please refer to The Rust Book. You could still continue learning about Substrate without knowing Rust, but we recommend you come back to this section whenever in doubt about what any of the Rust syntax you're looking at means. Here are the parts of the Rust book we recommend you familiarize yourself with:

• ch 1 - 10: These chapters cover the foundational knowledge of programming in Rust
• ch 13: On iterators and closures
• ch 18 - 19: On advanced traits and advanced types. Learn a bit about macros as well. You will not necessarily be writing your own macros, but you'll be using a lot of Substrate and FRAME's built-in macros to write your blockchain runtime.

### How blockchains work

Given that you'll be writing a blockchain runtime, you need to know what a blockchain is, and how it works. The **Web3 Blockchain Fundamental MOOC Youtube video series provides a good basis for understanding key blockchain concepts and how blockchains work.

The lectures we recommend you watch are: lectures 1 - 7 and lecture 10. That's 8 lectures, or about 4 hours of video.

### Quiz #3

👉 Complete Quiz #3

## Substrate runtime development

### High level architecture

To know more about the high level architecture of Substrate, please go through the Knowledge Base articles on Getting Started: Overview and Getting Started: Architecture.

In this document, we assume you will develop a Substrate runtime with FRAME (v2). This is what a Substrate node consists of.

Each node has many components that manage things like the transaction queue, communicating over a P2P network, reaching consensus on the state of the blockchain, and the chain's actual runtime logic (aka the blockchain runtime). Each aspect of the node is interesting in its own right, and the runtime is particularly interesting because it contains the business logic (aka "state transition function") that codifies the chain's functionality. The runtime contains a collection of pallets that are configured to work together.

On the node level, Substrate leverages libp2p for the p2p networking layer and puts the transaction pool, consensus mechanism, and underlying data storage (a key-value database) on the node level. These components all work "under the hood", and in this knowledge map we won't cover them in detail except for mentioning their existence.

### Quiz #4

👉 Complete Quiz #4

### Runtime development topics

In our Developer Hub, we have a thorough coverage on various subjects you need to know to develop with Substrate. So here we just list out the key topics and reference back to Developer Hub. Please go through the following key concepts and the directed resources to know the fundamentals of runtime development.

Key Concept: Runtime, this is where the blockchain state transition function (the blockchain application-specific logic) is defined. It is about composing multiple pallets (can be understood as Rust modules) together in the runtime and hooking them up together.

Runtime Development: Execution, this article describes how a block is produced, and how transactions are selected and executed to reach the next "stage" in the blockchain.

Runtime Develpment: Pallets, this article describes what the basic structure of a Substrate pallet is consists of.

Runtime Development: FRAME, this article gives a high level overview of the system pallets Substrate already implements to help you quickly develop as a runtime engineer. Have a quick skim so you have a basic idea of the different pallets Substrate is made of.

### Lab #4

Runtime Development: Storage, this article describes how data is stored on-chain and how you could access them.

Runtime Development: Events & Errors, this page describe how external parties know what has happened in the blockchain, via the emitted events and errors when executing transactions.

Notes: All of the above concepts we leverage on the #[pallet::*] macro to define them in the code. If you are interested to learn more about what other types of pallet macros exist go to the FRAME macro API documentation and this doc on some frequently used Substrate macros.

### Quiz #5

👉 Complete Quiz #5

Polkadot JS API is the javascript API for Substrate. By using it you can build a javascript front end or utility and interact with any Substrate-based blockchain.

The Substrate Front-end Template is an example of using Polkadot JS API in a React front-end.

• Runtime Development: Metadata, this article describes the API allowing external parties to query what API is open for the chain. Polkadot JS API makes use of a chain's metadata to know what queries and functions are available from a chain to call.

### Lab #7

👉 Complete Lab #7: Using Polkadot-JS API

### Quiz #6

👉 Complete Quiz #6: Using Polkadot-JS API

## Smart contracts

Learn about the difference between smart contract development vs Substrate runtime development, and when to use each here.

In Substrate, you can program smart contracts using ink!.

### Quiz #7

👉 Complete Quiz #7: Using ink!

## What we do not cover

A lot 😄

On-chain runtime upgrades. We have a tutorial on On-chain (forkless) Runtime Upgrade. This tutorial introduces how to perform and schedule a runtime upgrade as an on-chain transaction.

Off-chain Features

There are certain limits to on-chain logic. For instance, computation cannot be too intensive that it affects the block output time, and computation must be deterministic. This means that computation that relies on external data fetching cannot be done on-chain. In Substrate, developers can run these types of computation off-chain and have the result sent back on-chain via extrinsics.

Tightly- and Loosely-coupled pallets, calling one pallet's functions from another pallet via trait specification.

Blockchain Consensus Mechansim, and a guide on customizing it to proof-of-work here.

Parachains: one key feature of Substrate is the capability of becoming a parachain for relay chains like Polkadot. You can develop your own application-specific logic in your chain and rely on the validator community of the relay chain to secure your network, instead of building another validator community yourself. Learn more with the following resources:

## Terms clarification

• Substrate: the blockchain development framework built for writing highly customized, domain-specific blockchains.
• Kusama: Kusama is Polkadot's canary network, used to launch features before these features are launched on Polkadot. You could view it as a beta-network with real economic value where the state of the blockchain is never reset.
• Web 3.0: is the decentralized internet ecosystem that, instead of apps being centrally stored in a few servers and managed by a sovereign party, it is an open, trustless, and permissionless network when apps are not controlled by a centralized entity.
• Web3 Foundation: A foundation setup to support the development of decentralized web software protocols. Learn more about what they do on thier website.

## Others

Author: substrate-developer-hub
Source Code: https://github.com/substrate-developer-hub/hackathon-knowledge-map

1655019480

## Learning-v8: Project for Learning V8 internals

The sole purpose of this project is to aid me in leaning Google's V8 JavaScript engine

### Isolate

An Isolate is an independant copy of the V8 runtime which includes its own heap. Two different Isolates can run in parallel and can be seen as entirely different sandboxed instances of a V8 runtime.

### Context

To allow separate JavaScript applications to run in the same isolate a context must be specified for each one. This is to avoid them interfering with each other, for example by changing the builtin objects provided.

### Template

This is the super class of both ObjecTemplate and FunctionTemplate. Remember that in JavaScript a function can have fields just like objects.

class V8_EXPORT Template : public Data {
public:
void Set(Local<Name> name, Local<Data> value,
PropertyAttribute attributes = None);
void SetPrivate(Local<Private> name, Local<Data> value,
PropertyAttribute attributes = None);
V8_INLINE void Set(Isolate* isolate, const char* name, Local<Data> value);

void SetAccessorProperty(
Local<Name> name,
Local<FunctionTemplate> getter = Local<FunctionTemplate>(),
Local<FunctionTemplate> setter = Local<FunctionTemplate>(),
PropertyAttribute attribute = None,
AccessControl settings = DEFAULT);


The Set function can be used to have an name and a value set on an instance created from this template. The SetAccessorProperty is for properties that are get/set using functions.

enum PropertyAttribute {
/** None. **/
None = 0,
/** ReadOnly, i.e., not writable. **/
/** DontEnum, i.e., not enumerable. **/
DontEnum = 1 << 1,
/** DontDelete, i.e., not configurable. **/
DontDelete = 1 << 2
};

enum AccessControl {
DEFAULT               = 0,
ALL_CAN_WRITE         = 1 << 1,
PROHIBITS_OVERWRITING = 1 << 2
};


### ObjectTemplate

These allow you to create JavaScript objects without a dedicated constructor. When an instance is created using an ObjectTemplate the new instance will have the properties and functions configured on the ObjectTemplate.

This would be something like:

const obj = {};


This class is declared in include/v8.h and extends Template:

class V8_EXPORT ObjectTemplate : public Template {
...
}
class V8_EXPORT Template : public Data {
...
}
class V8_EXPORT Data {
private:
Data();
};


We create an instance of ObjectTemplate and we can add properties to it that all instance created using this ObjectTemplate instance will have. This is done by calling Set which is member of the Template class. You specify a Local for the property. Name is a superclass for Symbol and String which can be both be used as names for a property.

The implementation for Set can be found in src/api/api.cc:

void Template::Set(v8::Local<Name> name, v8::Local<Data> value, v8::PropertyAttribute attribute) {
...

value_obj,
static_cast<i::PropertyAttributes>(attribute));
}


There is an example in objecttemplate_test.cc

### FunctionTemplate

Is a template that is used to create functions and like ObjectTemplate it inherits from Template:

class V8_EXPORT FunctionTemplate : public Template {
}


Rememeber that a function in javascript can have properties just like object.

There is an example in functiontemplate_test.cc

An instance of a function template can be created using:

  Local<FunctionTemplate> ft = FunctionTemplate::New(isolate_, function_callback, data);
Local<Function> function = ft->GetFunction(context).ToLocalChecked();


And the function can be called using:

  MaybeLocal<Value> ret = function->Call(context, recv, 0, nullptr);


Function::Call can be found in src/api/api.cc:

  bool has_pending_exception = false;
auto self = Utils::OpenHandle(this);
i::Handle<i::Object> recv_obj = Utils::OpenHandle(*recv);
i::Handle<i::Object>* args = reinterpret_cast<i::Handle<i::Object>*>(argv);
Local<Value> result;
has_pending_exception = !ToLocal<Value>(
i::Execution::Call(isolate, self, recv_obj, argc, args), &result);


Notice that the return value of Call which is a MaybeHandle<Object> will be passed to ToLocal which is defined in api.h:

template <class T>
inline bool ToLocal(v8::internal::MaybeHandle<v8::internal::Object> maybe,
Local<T>* local) {
v8::internal::Handle<v8::internal::Object> handle;
if (maybe.ToHandle(&handle)) {
*local = Utils::Convert<v8::internal::Object, T>(handle);
return true;
}
return false;


So lets take a look at Execution::Call which can be found in execution/execution.cc and it calls:

return Invoke(isolate, InvokeParams::SetUpForCall(isolate, callable, receiver, argc, argv));


SetUpForCall will return an InvokeParams. TODO: Take a closer look at InvokeParams.

V8_WARN_UNUSED_RESULT MaybeHandle<Object> Invoke(Isolate* isolate,
const InvokeParams& params) {

Handle<Object> receiver = params.is_construct
? isolate->factory()->the_hole_value()


In our case is_construct is false as we are not using new and the receiver, the this in the function should be set to the receiver that we passed in. After that we have Builtins::InvokeApiFunction

auto value = Builtins::InvokeApiFunction(
params.argv, Handle<HeapObject>::cast(params.new_target));

result = HandleApiCallHelper<false>(isolate, function, new_target,


api-arguments-inl.h has:

FunctionCallbackArguments::Call(CallHandlerInfo handler) {
...
FunctionCallbackInfo<v8::Value> info(values_, argv_, argc_);
f(info);
return GetReturnValue<Object>(isolate);
}


The call to f(info) is what invokes the callback, which is just a normal function call.

Back in HandleApiCallHelper we have:

Handle<Object> result = custom.Call(call_data);

RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);


RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION expands to:

Handle<Object> result = custom.Call(call_data);
do {
Isolate* __isolate__ = (isolate);
((void) 0);
if (__isolate__->has_scheduled_exception()) {
__isolate__->PromoteScheduledException();
return MaybeHandle<Object>();
}
} while (false);


Notice that if there was an exception an empty object is returned. Later in Invoke in execution.cca:

  auto value = Builtins::InvokeApiFunction(
params.argv, Handle<HeapObject>::cast(params.new_target));
bool has_exception = value.is_null();
if (has_exception) {
if (params.message_handling == Execution::MessageHandling::kReport) {
isolate->ReportPendingMessages();
}
return MaybeHandle<Object>();
} else {
isolate->clear_pending_message();
}
return value;


Looking at this is looks like passing back an empty object will cause an exception to be triggered?

Address can be found in include/v8-internal.h:

typedef uintptr_t Address;


uintptr_t is an optional type specified in cstdint and is capable of storing a data pointer. It is an unsigned integer type that any valid pointer to void can be converted to this type (and back).

### TaggedImpl

This class is declared in src/objects/tagged-impl.h and has a single private member which is declared as:

 public
constexpr StorageType ptr() const { return ptr_; }
private:
StorageType ptr_;


An instance can be created using:

  i::TaggedImpl<i::HeapObjectReferenceType::STRONG, i::Address>  tagged{};


Storage type can also be Tagged_t which is defined in globals.h:

 using Tagged_t = uint32_t;


It looks like it can be a different value when using pointer compression.

See tagged_test.cc for an example.

### Object

This class extends TaggedImpl:

class Object : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {


An Object can be created using the default constructor, or by passing in an Address which will delegate to TaggedImpl constructors. Object itself does not have any members (apart from ptr_ which is inherited from TaggedImpl that is). So if we create an Object on the stack this is like a pointer/reference to an object:

+------+
|Object|
|------|
|ptr_  |---->
+------+


Now, ptr_ is a StorageType so it could be a Smi in which case it would just contains the value directly, for example a small integer:

+------+
|Object|
|------|
|  18  |
+------+


See object_test.cc for an example.

### ObjectSlot

  i::Object obj{18};
i::FullObjectSlot slot{&obj};

+----------+      +---------+
|ObjectSlot|      | Object  |
|----------|      |---------|
| address  | ---> |   18    |
+----------+      +---------+


See objectslot_test.cc for an example.

### Maybe

A Maybe is like an optional which can either hold a value or nothing.

template <class T>
class Maybe {
public:
V8_INLINE bool IsNothing() const { return !has_value_; }
V8_INLINE bool IsJust() const { return has_value_; }
...

private:
bool has_value_;
T value_;
}


I first thought that name Just was a little confusing but if you read this like:

  bool cond = true;
Maybe<int> maybe = cond ? Just<int>(10) : Nothing<int>();


I think it makes more sense. There are functions that check if the Maybe is nothing and crash the process if so. You can also check and return the value by using FromJust.

The usage of Maybe is where api calls can fail and returning Nothing is a way of signaling this.

See maybe_test.cc for an example.

### MaybeLocal

template <class T>
class MaybeLocal {
public:
V8_INLINE MaybeLocal() : val_(nullptr) {}
V8_INLINE Local<T> ToLocalChecked();
V8_INLINE bool IsEmpty() const { return val_ == nullptr; }
template <class S>
V8_WARN_UNUSED_RESULT V8_INLINE bool ToLocal(Local<S>* out) const {
out->val_ = IsEmpty() ? nullptr : this->val_;
return !IsEmpty();
}

private:
T* val_;


ToLocalChecked will crash the process if val_ is a nullptr. If you want to avoid a crash one can use ToLocal.

See maybelocal_test.cc for an example.

### Data

Is the super class of all objects that can exist the V8 heap:

class V8_EXPORT Data {
private:
Data();
};


### Value

Value extends Data and adds a number of methods that check if a Value is of a certain type, like IsUndefined(), IsNull, IsNumber etc. It also has useful methods to convert to a Local, for example:

V8_WARN_UNUSED_RESULT MaybeLocal<Number> ToNumber(Local<Context> context) const;
V8_WARN_UNUSED_RESULT MaybeLocal<String> ToNumber(Local<String> context) const;
...


### Handle

A Handle is similar to a Object and ObjectSlot in that it also contains an Address member (called location_ and declared in HandleBase), but with the difference is that Handles acts as a layer of abstraction and can be relocated by the garbage collector. Can be found in src/handles/handles.h.

class HandleBase {
...
protected:
}
template <typename T>
class Handle final : public HandleBase {
...
}

+----------+                  +--------+         +---------+
|  Handle  |                  | Object |         |   int   |
|----------|      +-----+     |--------|         |---------|
|*location_| ---> |&ptr_| --> | ptr_   | ----->  |     5   |
+----------+      +-----+     +--------+         +---------+

(gdb) p handle
$8 = {<v8::internal::HandleBase> = {location_ = 0x7ffdf81d60c0}, <No data fields>}  Notice that location_ contains a pointer: (gdb) p /x *(int*)0x7ffdf81d60c0$9 = 0xa9d330


And this is the same as the value in obj:

(gdb) p /x obj.ptr_
$14 = 0xa9d330  And we can access the int using any of the pointers: (gdb) p /x *value$16 = 0x5
(gdb) p /x *obj.ptr_
$17 = 0x5 (gdb) p /x *(int*)0x7ffdf81d60c0$18 = 0xa9d330
(gdb) p /x *(*(int*)0x7ffdf81d60c0)
$19 = 0x5  See handle_test.cc for an example. ### HandleScope Contains a number of Local/Handle's (think pointers to objects but is managed by V8) and will take care of deleting the Local/Handles for us. HandleScopes are stack allocated When ~HandleScope is called all handles created within that scope are removed from the stack maintained by the HandleScope which makes objects to which the handles point being eligible for deletion from the heap by the GC. A HandleScope only has three members:  internal::Isolate* isolate_; internal::Address* prev_next_; internal::Address* prev_limit_;  Lets take a closer look at what happens when we construct a HandleScope:  v8::HandleScope handle_scope{isolate_};  The constructor call will end up in src/api/api.cc and the constructor simply delegates to Initialize: HandleScope::HandleScope(Isolate* isolate) { Initialize(isolate); } void HandleScope::Initialize(Isolate* isolate) { i::Isolate* internal_isolate = reinterpret_cast<i::Isolate*>(isolate); ... i::HandleScopeData* current = internal_isolate->handle_scope_data(); isolate_ = internal_isolate; prev_next_ = current->next; prev_limit_ = current->limit; current->level++; }  Every v8::internal::Isolate has member of type HandleScopeData: HandleScopeData* handle_scope_data() { return &handle_scope_data_; } HandleScopeData handle_scope_data_;  HandleScopeData is a struct defined in src/handles/handles.h: struct HandleScopeData final { Address* next; Address* limit; int level; int sealed_level; CanonicalHandleScope* canonical_scope; void Initialize() { next = limit = nullptr; sealed_level = level = 0; canonical_scope = nullptr; } };  Notice that there are two pointers (Address*) to next and a limit. When a HandleScope is Initialized the current handle_scope_data will be retrieved from the internal isolate. The HandleScope instance that is getting created stores the next/limit pointers of the current isolate so that they can be restored when this HandleScope is closed (see CloseScope). So with a HandleScope created, how does a Local interact with this instance? When a Local is created this will/might go through FactoryBase::NewStruct which will allocate a new Map and then create a Handle for the InstanceType being created: Handle<Struct> str = handle(Struct::cast(result), isolate());  This will land in the constructor Handlesrc/handles/handles-inl.h template <typename T> Handle<T>::Handle(T object, Isolate* isolate): HandleBase(object.ptr(), isolate) {} HandleBase::HandleBase(Address object, Isolate* isolate) : location_(HandleScope::GetHandle(isolate, object)) {}  Notice that object.ptr() is used to pass the Address to HandleBase. And also notice that HandleBase sets its location_ to the result of HandleScope::GetHandle. Address* HandleScope::GetHandle(Isolate* isolate, Address value) { DCHECK(AllowHandleAllocation::IsAllowed()); HandleScopeData* data = isolate->handle_scope_data(); CanonicalHandleScope* canonical = data->canonical_scope; return canonical ? canonical->Lookup(value) : CreateHandle(isolate, value); }  Which will call CreateHandle in this case and this function will retrieve the current isolate's handle_scope_data:  HandleScopeData* data = isolate->handle_scope_data(); Address* result = data->next; if (result == data->limit) { result = Extend(isolate); }  In this case both next and limit will be 0x0 so Extend will be called. Extend will also get the isolates handle_scope_data and check the current level and after that get the isolates HandleScopeImplementer:  HandleScopeImplementer* impl = isolate->handle_scope_implementer();  HandleScopeImplementer is declared in src/api/api.h HandleScope:CreateHandle will get the handle_scope_data from the isolate: Address* HandleScope::CreateHandle(Isolate* isolate, Address value) { HandleScopeData* data = isolate->handle_scope_data(); if (result == data->limit) { result = Extend(isolate); } // Update the current next field, set the value in the created handle, // and return the result. data->next = reinterpret_cast<Address*>(reinterpret_cast<Address>(result) + sizeof(Address)); *result = value; return result; }  Notice that data->next is set to the address passed in + the size of an Address. The destructor for HandleScope will call CloseScope. See handlescope_test.cc for an example. ### EscapableHandleScope Local handles are located on the stack and are deleted when the appropriate destructor is called. If there is a local HandleScope then it will take care of this when the scope returns. When there are no references left to a handle it can be garbage collected. This means if a function has a HandleScope and wants to return a handle/local it will not be available after the function returns. This is what EscapableHandleScope is for, it enable the value to be placed in the enclosing handle scope to allow it to survive. When the enclosing HandleScope goes out of scope it will be cleaned up. class V8_EXPORT EscapableHandleScope : public HandleScope { public: explicit EscapableHandleScope(Isolate* isolate); V8_INLINE ~EscapableHandleScope() = default; template <class T> V8_INLINE Local<T> Escape(Local<T> value) { internal::Address* slot = Escape(reinterpret_cast<internal::Address*>(*value)); return Local<T>(reinterpret_cast<T*>(slot)); } template <class T> V8_INLINE MaybeLocal<T> EscapeMaybe(MaybeLocal<T> value) { return Escape(value.FromMaybe(Local<T>())); } private: ... internal::Address* escape_slot_; };  From api.cc EscapableHandleScope::EscapableHandleScope(Isolate* v8_isolate) { i::Isolate* isolate = reinterpret_cast<i::Isolate*>(v8_isolate); escape_slot_ = CreateHandle(isolate, i::ReadOnlyRoots(isolate).the_hole_value().ptr()); Initialize(v8_isolate); }  So when an EscapableHandleScope is created it will create a handle with the hole value and store it in the escape_slot_ which is of type Address. This Handle will be created in the current HandleScope, and EscapableHandleScope can later set a value for that pointer/address which it want to be escaped. Later when that HandleScope goes out of scope it will be cleaned up. It then calls Initialize just like a normal HandleScope would. i::Address* HandleScope::CreateHandle(i::Isolate* isolate, i::Address value) { return i::HandleScope::CreateHandle(isolate, value); }  From handles-inl.h: Address* HandleScope::CreateHandle(Isolate* isolate, Address value) { DCHECK(AllowHandleAllocation::IsAllowed()); HandleScopeData* data = isolate->handle_scope_data(); Address* result = data->next; if (result == data->limit) { result = Extend(isolate); } // Update the current next field, set the value in the created handle, // and return the result. DCHECK_LT(reinterpret_cast<Address>(result), reinterpret_cast<Address>(data->limit)); data->next = reinterpret_cast<Address*>(reinterpret_cast<Address>(result) + sizeof(Address)); *result = value; return result; }  When Escape is called the following happens (v8.h): template <class T> V8_INLINE Local<T> Escape(Local<T> value) { internal::Address* slot = Escape(reinterpret_cast<internal::Address*>(*value)); return Local<T>(reinterpret_cast<T*>(slot)); }  An the EscapeableHandleScope::Escape (api.cc): i::Address* EscapableHandleScope::Escape(i::Address* escape_value) { i::Heap* heap = reinterpret_cast<i::Isolate*>(GetIsolate())->heap(); Utils::ApiCheck(i::Object(*escape_slot_).IsTheHole(heap->isolate()), "EscapableHandleScope::Escape", "Escape value set twice"); if (escape_value == nullptr) { *escape_slot_ = i::ReadOnlyRoots(heap).undefined_value().ptr(); return nullptr; } *escape_slot_ = *escape_value; return escape_slot_; }  If the escape_value is null, the escape_slot that is a pointer into the parent HandleScope is set to the undefined_value() instead of the hole value which is was previously, and nullptr will be returned. This returned address/pointer will then be returned after being casted to T*. Next, we take a look at what happens when the EscapableHandleScope goes out of scope. This will call HandleScope::~HandleScope which makes sense as any other Local handles should be cleaned up. Escape copies the value of its argument into the enclosing scope, deletes alli its local handles, and then gives back the new handle copy which can safely be returned. ### HeapObject TODO: ### Local Has a single member val_ which is of type pointer to T: template <class T> class Local { ... private: T* val_ }  Notice that this is a pointer to T. We could create a local using:  v8::Local<v8::Value> empty_value;  So a Local contains a pointer to type T. We can access this pointer using operator-> and operator*. We can cast from a subtype to a supertype using Local::Cast: v8::Local<v8::Number> nr = v8::Local<v8::Number>(v8::Number::New(isolate_, 12)); v8::Local<v8::Value> val = v8::Local<v8::Value>::Cast(nr);  And there is also the v8::Local<v8::Value> val2 = nr.As<v8::Value>();  See local_test.cc for an example. ### PrintObject Using _v8_internal_Print_Object from c++: $ nm -C libv8_monolith.a | grep Print_Object
0000000000000000 T _v8_internal_Print_Object(void*)


Notice that this function does not have a namespace. We can use this as:

extern void _v8_internal_Print_Object(void* object);

_v8_internal_Print_Object(*((v8::internal::Object**)(*global)));


Lets take a closer look at the above:

  v8::internal::Object** gl = ((v8::internal::Object**)(*global));


We use the dereference operator to get the value of a Local (*global), which is just of type T*, a pointer to the type the Local:

template <class T>
class Local {
...
private:
T* val_;
}


We are then casting that to be of type pointer-to-pointer to Object.

  gl**        Object*         Object
+-----+      +------+      +-------+
|     |----->|      |----->|       |
+-----+      +------+      +-------+


An instance of v8::internal::Object only has a single data member which is a field named ptr_ of type Address:

src/objects/objects.h:

class Object : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
public:
explicit constexpr Object(Address ptr) : TaggedImpl(ptr) {}

#define IS_TYPE_FUNCTION_DECL(Type) \
V8_INLINE bool Is##Type() const;  \
V8_INLINE bool Is##Type(const Isolate* isolate) const;
OBJECT_TYPE_LIST(IS_TYPE_FUNCTION_DECL)
HEAP_OBJECT_TYPE_LIST(IS_TYPE_FUNCTION_DECL)
IS_TYPE_FUNCTION_DECL(HashTableBase)
IS_TYPE_FUNCTION_DECL(SmallOrderedHashTable)
#undef IS_TYPE_FUNCTION_DECL
}


Lets take a look at one of these functions and see how it is implemented. For example in the OBJECT_TYPE_LIST we have:

#define OBJECT_TYPE_LIST(V) \
V(LayoutDescriptor)       \
V(Primitive)              \
V(Number)                 \
V(Numeric)


So the object class will have a function that looks like:

inline bool IsNumber() const;
inline bool IsNumber(const Isolate* isolate) const;


And in src/objects/objects-inl.h we will have the implementations:

bool Object::IsNumber() const {
return IsHeapObject() && HeapObject::cast(*this).IsNumber();
}


IsHeapObject is defined in TaggedImpl:

  constexpr inline bool IsHeapObject() const { return IsStrong(); }

constexpr inline bool IsStrong() const {
#if V8_HAS_CXX14_CONSTEXPR
DCHECK_IMPLIES(!kCanBeWeak, !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_));
#endif
return kCanBeWeak ? HAS_STRONG_HEAP_OBJECT_TAG(ptr_) : !IsSmi();
}


The macro can be found in src/common/globals.h:

#define HAS_STRONG_HEAP_OBJECT_TAG(value)                          \
::i::kHeapObjectTag))


So we are casting ptr_ which is of type Address into type Tagged_t which is defined in src/common/global.h and can be different depending on if compressed pointers are used or not. If they are not supported it is the same as Address:

using Tagged_t = Address;


src/objects/tagged-impl.h:

template <HeapObjectReferenceType kRefType, typename StorageType>
class TaggedImpl {

StorageType ptr_;
}


The HeapObjectReferenceType can be either WEAK or STRONG. And the storage type is Address in this case. So Object itself only has one member that is inherited from its only super class and this is ptr_.

So the following is telling the compiler to treat the value of our Local, *global, as a pointer (which it already is) to a pointer that points to a memory location that adhers to the layout of an v8::internal::Object type, which we know now has a prt_ member. And we want to dereference it and pass it into the function.

_v8_internal_Print_Object(*((v8::internal::Object**)(*global)));


### ObjectTemplate

But I'm still missing the connection between ObjectTemplate and object. When we create it we use:

Local<ObjectTemplate> global = ObjectTemplate::New(isolate);


In src/api/api.cc we have:

static Local<ObjectTemplate> ObjectTemplateNew(
i::Isolate* isolate, v8::Local<FunctionTemplate> constructor,
bool do_not_cache) {
i::Handle<i::Struct> struct_obj = isolate->factory()->NewStruct(
i::OBJECT_TEMPLATE_INFO_TYPE, i::AllocationType::kOld);
i::Handle<i::ObjectTemplateInfo> obj = i::Handle<i::ObjectTemplateInfo>::cast(struct_obj);
InitializeTemplate(obj, Consts::OBJECT_TEMPLATE);
int next_serial_number = 0;
if (!constructor.IsEmpty())
obj->set_constructor(*Utils::OpenHandle(*constructor));
obj->set_data(i::Smi::zero());
return Utils::ToLocal(obj);
}


What is a Struct in this context?
src/objects/struct.h

#include "torque-generated/class-definitions-tq.h"

class Struct : public TorqueGeneratedStruct<Struct, HeapObject> {
public:
inline void InitializeBody(int object_size);
void BriefPrintDetails(std::ostream& os);
TQ_OBJECT_CONSTRUCTORS(Struct)


Notice that the include is specifying torque-generated include which can be found out/x64.release_gcc/gen/torque-generated/class-definitions-tq. So, somewhere there must be an call to the torque executable which generates the Code Stub Assembler C++ headers and sources before compiling the main source files. There is and there is a section about this in Building V8. The macro TQ_OBJECT_CONSTRUCTORS can be found in src/objects/object-macros.h and expands to:

  constexpr Struct() = default;

protected:
template <typename TFieldType, int kFieldOffset>
friend class TaggedField;



So what does the TorqueGeneratedStruct look like?

template <class D, class P>
class TorqueGeneratedStruct : public P {
public:


Where D is Struct and P is HeapObject in this case. But the above is the declartion of the type but what we have in the .h file is what was generated.

This type is defined in src/objects/struct.tq:

@abstract
@generatePrint
@generateCppClass
extern class Struct extends HeapObject {
}


NewStruct can be found in src/heap/factory-base.cc

template <typename Impl>
HandleFor<Impl, Struct> FactoryBase<Impl>::NewStruct(
InstanceType type, AllocationType allocation) {
int size = map.instance_size();
HeapObject result = AllocateRawWithImmortalMap(size, allocation, map);
HandleFor<Impl, Struct> str = handle(Struct::cast(result), isolate());
str->InitializeBody(size);
return str;
}


Every object that is stored on the v8 heap has a Map (src/objects/map.h) that describes the structure of the object being stored.

class Map : public HeapObject {

1725      return Utils::ToLocal(obj);
(gdb) p obj
$6 = {<v8::internal::HandleBase> = {location_ = 0x30b5160}, <No data fields>}  So this is the connection, what we see as a Local is a HandleBase. TODO: dig into this some more when I have time. (lldb) expr gl (v8::internal::Object **)$0 = 0x00000000020ee160
(lldb) memory read -f x -s 8 -c 1 gl
0x020ee160: 0x00000aee081c0121

(lldb) memory read -f x -s 8 -c 1 *gl
0xaee081c0121: 0x0200000002080433


You can reload .lldbinit using the following command:

(lldb) command source ~/.lldbinit


This can be useful when debugging a lldb command. You can set a breakpoint and break at that location and make updates to the command and reload without having to restart lldb.

Currently, the lldb-commands.py that ships with v8 contains an extra operation of the parameter pased to ptr_arg_cmd:

def ptr_arg_cmd(debugger, name, param, cmd):
if not param:
print("'{}' requires an argument".format(name))
return
param = '(void*)({})'.format(param)
no_arg_cmd(debugger, cmd.format(param))


Notice that param is the object that we want to print, for example lets say it is a local named obj:

param = "(void*)(obj)"


This will then be "passed"/formatted into the command string:

"_v8_internal_Print_Object(*(v8::internal::Object**)(*(void*)(obj))")


V8 is single threaded (the execution of the functions of the stack) but there are supporting threads used for garbage collection, profiling (IC, and perhaps other things) (I think). Lets see what threads there are:

$LD_LIBRARY_PATH=../v8_src/v8/out/x64.release_gcc/ lldb ./hello-world (lldb) br s -n main (lldb) r (lldb) thread list thread #1: tid = 0x2efca6, 0x0000000100001e16 hello-worldmain(argc=1, argv=0x00007fff5fbfee98) + 38 at hello-world.cc:40, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1  So at startup there is only one thread which is what we expected. Lets skip ahead to where we create the platform: Platform* platform = platform::CreateDefaultPlatform(); ... DefaultPlatform* platform = new DefaultPlatform(idle_task_support, tracing_controller); platform->SetThreadPoolSize(thread_pool_size); (lldb) fr v thread_pool_size (int) thread_pool_size = 0  Next there is a check for 0 and the number of processors -1 is used as the size of the thread pool: (lldb) fr v thread_pool_size (int) thread_pool_size = 7  This is all that SetThreadPoolSize does. After this we have: platform->EnsureInitialized(); for (int i = 0; i < thread_pool_size_; ++i) thread_pool_.push_back(new WorkerThread(&queue_));  new WorkerThread will create a new pthread (on my system which is MacOSX): result = pthread_create(&data_->thread_, &attr, ThreadEntry, this);  ThreadEntry can be found in src/base/platform/platform-posix. ### International Component for Unicode (ICU) International Components for Unicode (ICU) deals with internationalization (i18n). ICU provides support locale-sensitve string comparisons, date/time/number/currency formatting etc. There is an optional API called ECMAScript 402 which V8 suppports and which is enabled by default. i18n-support says that even if your application does not use ICU you still need to call InitializeICU : V8::InitializeICU();  ### Local Local<String> script_name = ...;  So what is script_name. Well it is an object reference that is managed by the v8 GC. The GC needs to be able to move things (pointers around) and also track if things should be GC'd. Local handles as opposed to persistent handles are light weight and mostly used local operations. These handles are managed by HandleScopes so you must have a handlescope on the stack and the local is only valid as long as the handlescope is valid. This uses Resource Acquisition Is Initialization (RAII) so when the HandleScope instance goes out of scope it will remove all the Local instances. The Local class (in include/v8.h) only has one member which is of type pointer to the type T. So for the above example it would be:  String* val_;  You can find the available operations for a Local in include/v8.h. (lldb) p script_name.IsEmpty() (bool)$12 = false


A Local has overloaded a number of operators, for example ->:

(lldb) p script_name->Length()
./test/persistent-object_test --gtest_filter=PersistentTest.value  Now, to create an instance of Persistent we need a Local instance or the Persistent instance will just be empty. Local<Object> o = Local<Object>::New(isolate_, Object::New(isolate_));  Local<Object>::New can be found in src/api/api.cc: Local<v8::Object> v8::Object::New(Isolate* isolate) { i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); LOG_API(i_isolate, Object, New); ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate); i::Handle<i::JSObject> obj = i_isolate->factory()->NewJSObject(i_isolate->object_function()); return Utils::ToLocal(obj); }  The first thing that happens is that the public Isolate pointer is cast to an pointer to the internal Isolate type. LOG_API is a macro in the same source file (src/api/api.cc): #define LOG_API(isolate, class_name, function_name) \ i::RuntimeCallTimerScope _runtime_timer( \ isolate, i::RuntimeCallCounterId::kAPI_##class_name##_##function_name); \ LOG(isolate, ApiEntryCall("v8::" #class_name "::" #function_name))  If our case the preprocessor would expand that to:  i::RuntimeCallTimerScope _runtime_timer( isolate, i::RuntimeCallCounterId::kAPI_Object_New); LOG(isolate, ApiEntryCall("v8::Object::New))  LOG is a macro that can be found in src/log.h: #define LOG(isolate, Call) \ do { \ v8::internal::Logger* logger = (isolate)->logger(); \ if (logger->is_logging()) logger->Call; \ } while (false)  And this would expand to:  v8::internal::Logger* logger = isolate->logger(); if (logger->is_logging()) logger->ApiEntryCall("v8::Object::New");  So with the LOG_API macro expanded we have: Local<v8::Object> v8::Object::New(Isolate* isolate) { i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); i::RuntimeCallTimerScope _runtime_timer( isolate, i::RuntimeCallCounterId::kAPI_Object_New); v8::internal::Logger* logger = isolate->logger(); if (logger->is_logging()) logger->ApiEntryCall("v8::Object::New"); ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate); i::Handle<i::JSObject> obj = i_isolate->factory()->NewJSObject(i_isolate->object_function()); return Utils::ToLocal(obj); }  Next we have ENTER_V8_NO_SCRIPT_NO_EXCEPTION: #define ENTER_V8_NO_SCRIPT_NO_EXCEPTION(isolate) \ i::VMState<v8::OTHER> __state__((isolate)); \ i::DisallowJavascriptExecutionDebugOnly __no_script__((isolate)); \ i::DisallowExceptions __no_exceptions__((isolate))  So with the macros expanded we have: Local<v8::Object> v8::Object::New(Isolate* isolate) { i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); i::RuntimeCallTimerScope _runtime_timer( isolate, i::RuntimeCallCounterId::kAPI_Object_New); v8::internal::Logger* logger = isolate->logger(); if (logger->is_logging()) logger->ApiEntryCall("v8::Object::New"); i::VMState<v8::OTHER> __state__(i_isolate)); i::DisallowJavascriptExecutionDebugOnly __no_script__(i_isolate); i::DisallowExceptions __no_exceptions__(i_isolate)); i::Handle<i::JSObject> obj = i_isolate->factory()->NewJSObject(i_isolate->object_function()); return Utils::ToLocal(obj); }  TODO: Look closer at VMState. First, i_isolate->object_function() is called and the result passed to NewJSObject. object_function is generated by a macro named NATIVE_CONTEXT_FIELDS: #define NATIVE_CONTEXT_FIELD_ACCESSOR(index, type, name) \ Handle<type> Isolate::name() { \ return Handle<type>(raw_native_context()->name(), this); \ } \ bool Isolate::is_##name(type* value) { \ return raw_native_context()->is_##name(value); \ } NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)  NATIVE_CONTEXT_FIELDS is a macro in src/contexts and it c #define NATIVE_CONTEXT_FIELDS(V) \ ... \ V(OBJECT_FUNCTION_INDEX, JSFunction, object_function) \   Handle<type> Isolate::object_function() { return Handle<JSFunction>(raw_native_context()->object_function(), this); } bool Isolate::is_object_function(JSFunction* value) { return raw_native_context()->is_object_function(value); }  I'm not clear on the different types of context, there is a native context, a "normal/public" context. In src/contexts-inl.h we have the native_context function: Context* Context::native_context() const { Object* result = get(NATIVE_CONTEXT_INDEX); DCHECK(IsBootstrappingOrNativeContext(this->GetIsolate(), result)); return reinterpret_cast<Context*>(result); }  Context extends FixedArray so the get function is the get function of FixedArray and NATIVE_CONTEXT_INDEX is the index into the array where the native context is stored. Now, lets take a closer look at NewJSObject. If you search for NewJSObject in src/heap/factory.cc: Handle<JSObject> Factory::NewJSObject(Handle<JSFunction> constructor, PretenureFlag pretenure) { JSFunction::EnsureHasInitialMap(constructor); Handle<Map> map(constructor->initial_map(), isolate()); return NewJSObjectFromMap(map, pretenure); }  NewJSObjectFromMap ... HeapObject* obj = AllocateRawWithAllocationSite(map, pretenure, allocation_site);  So we have created a new map ### Map So an HeapObject contains a pointer to a Map, or rather has a function that returns a pointer to Map. I can't see any member map in the HeapObject class. Lets take a look at when a map is created. (lldb) br s -f map_test.cc -l 63  Handle<Map> Factory::NewMap(InstanceType type, int instance_size, ElementsKind elements_kind, int inobject_properties) { HeapObject* result = isolate()->heap()->AllocateRawWithRetryOrFail(Map::kSize, MAP_SPACE); result->set_map_after_allocation(*meta_map(), SKIP_WRITE_BARRIER); return handle(InitializeMap(Map::cast(result), type, instance_size, elements_kind, inobject_properties), isolate()); }  We can see that the above is calling AllocateRawWithRetryOrFail on the heap instance passing a size of 88 and specifying the MAP_SPACE: HeapObject* Heap::AllocateRawWithRetryOrFail(int size, AllocationSpace space, AllocationAlignment alignment) { AllocationResult alloc; HeapObject* result = AllocateRawWithLigthRetry(size, space, alignment); if (result) return result; isolate()->counters()->gc_last_resort_from_handles()->Increment(); CollectAllAvailableGarbage(GarbageCollectionReason::kLastResort); { AlwaysAllocateScope scope(isolate()); alloc = AllocateRaw(size, space, alignment); } if (alloc.To(&result)) { DCHECK(result != exception()); return result; } // TODO(1181417): Fix this. FatalProcessOutOfMemory("CALL_AND_RETRY_LAST"); return nullptr; }  The default value for alignment is kWordAligned. Reading the docs in the header it says that this function will try to perform an allocation of size 88 in the MAP_SPACE and if it fails a full GC will be performed and the allocation retried. Lets take a look at AllocateRawWithLigthRetry:  AllocationResult alloc = AllocateRaw(size, space, alignment);  AllocateRaw can be found in src/heap/heap-inl.h. There are different paths that will be taken depending on the space parameteter. Since it is MAP_SPACE in our case we will focus on that path: AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationSpace space, AllocationAlignment alignment) { ... HeapObject* object = nullptr; AllocationResult allocation; if (OLD_SPACE == space) { ... } else if (MAP_SPACE == space) { allocation = map_space_->AllocateRawUnaligned(size_in_bytes); } ... }  map_space_ is a private member of Heap (src/heap/heap.h): MapSpace* map_space_;  AllocateRawUnaligned can be found in src/heap/spaces-inl.h: AllocationResult PagedSpace::AllocateRawUnaligned( int size_in_bytes, UpdateSkipList update_skip_list) { if (!EnsureLinearAllocationArea(size_in_bytes)) { return AllocationResult::Retry(identity()); } HeapObject* object = AllocateLinearly(size_in_bytes); MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), size_in_bytes); return object; }  The default value for update_skip_list is UPDATE_SKIP_LIST. So lets take a look at AllocateLinearly: HeapObject* PagedSpace::AllocateLinearly(int size_in_bytes) { Address current_top = allocation_info_.top(); Address new_top = current_top + size_in_bytes; allocation_info_.set_top(new_top); return HeapObject::FromAddress(current_top); }  Recall that size_in_bytes in our case is 88. (lldb) expr current_top (v8::internal::Address)5 = 24847457492680
(lldb) expr new_top
(v8::internal::Address) $6 = 24847457492768 (lldb) expr new_top - current_top (unsigned long)$7 = 88


Notice that first the top is set to the new_top and then the current_top is returned and that will be a pointer to the start of the object in memory (which in this case is of v8::internal::Map which is also of type HeapObject). I've been wondering why Map (and other HeapObject) don't have any member fields and only/mostly getters/setters for the various fields that make up an object. Well the answer is that pointers to instances of for example Map point to the first memory location of the instance. And the getters/setter functions use indexed to read/write to memory locations. The indexes are mostly in the form of enum fields that define the memory layout of the type.

Next, in AllocateRawUnaligned we have the MSAN_ALLOCATED_UNINITIALIZED_MEMORY macro:

  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), size_in_bytes);


MSAN_ALLOCATED_UNINITIALIZED_MEMORY can be found in src/msan.h and ms stands for Memory Sanitizer and would only be used if V8_US_MEMORY_SANITIZER is defined. The returned object will be used to construct an AllocationResult when returned. Back in AllocateRaw we have:

if (allocation.To(&object)) {
...
OnAllocationEvent(object, size_in_bytes);
}

return allocation;


This will return us in AllocateRawWithLightRetry:

AllocationResult alloc = AllocateRaw(size, space, alignment);
if (alloc.To(&result)) {
DCHECK(result != exception());
return result;
}


This will return us back in AllocateRawWithRetryOrFail:

  HeapObject* result = AllocateRawWithLigthRetry(size, space, alignment);
if (result) return result;


And that return will return to NewMap in src/heap/factory.cc:

  result->set_map_after_allocation(*meta_map(), SKIP_WRITE_BARRIER);
return handle(InitializeMap(Map::cast(result), type, instance_size,
elements_kind, inobject_properties),
isolate());


InitializeMap:

  map->set_instance_type(type);
map->set_prototype(*null_value(), SKIP_WRITE_BARRIER);
map->set_constructor_or_backpointer(*null_value(), SKIP_WRITE_BARRIER);
map->set_instance_size(instance_size);
if (map->IsJSObjectMap()) {
map->SetInObjectPropertiesStartInWords(instance_size / kPointerSize - inobject_properties);
DCHECK_EQ(map->GetInObjectProperties(), inobject_properties);
map->set_prototype_validity_cell(*invalid_prototype_validity_cell());
} else {
DCHECK_EQ(inobject_properties, 0);
map->set_inobject_properties_start_or_constructor_function_index(0);
map->set_prototype_validity_cell(Smi::FromInt(Map::kPrototypeChainValid));
}
map->set_dependent_code(DependentCode::cast(*empty_fixed_array()), SKIP_WRITE_BARRIER);
map->set_weak_cell_cache(Smi::kZero);
map->set_raw_transitions(MaybeObject::FromSmi(Smi::kZero));
map->SetInObjectUnusedPropertyFields(inobject_properties);
map->set_instance_descriptors(*empty_descriptor_array());

map->set_visitor_id(Map::GetVisitorId(map));
map->set_bit_field(0);
int bit_field3 = Map::EnumLengthBits::encode(kInvalidEnumCacheSentinel) |
Map::OwnsDescriptorsBit::encode(true) |
Map::ConstructionCounterBits::encode(Map::kNoSlackTracking);
map->set_bit_field3(bit_field3);
map->set_elements_kind(elements_kind); //HOLEY_ELEMENTS
map->set_new_target_is_base(true);
isolate()->counters()->maps_created()->Increment();
if (FLAG_trace_maps) LOG(isolate(), MapCreate(map));
return map;


Creating a new map (map_test.cc:

  i::Handle<i::Map> map = i::Map::Create(asInternal(isolate_), 10);
std::cout << map->instance_type() << '\n';


Map::Create can be found in objects.cc:

Handle<Map> Map::Create(Isolate* isolate, int inobject_properties) {
Handle<Map> copy = Copy(handle(isolate->object_function()->initial_map()), "MapCreate");


So, the first thing that will happen is isolate->object_function() will be called. This is function that is generated by the preprocessor.

// from src/context.h
#define NATIVE_CONTEXT_FIELDS(V)                                               \
...                                                                          \
V(OBJECT_FUNCTION_INDEX, JSFunction, object_function)                        \

// from src/isolate.h
#define NATIVE_CONTEXT_FIELD_ACCESSOR(index, type, name)     \
Handle<type> Isolate::name() {                             \
return Handle<type>(raw_native_context()->name(), this); \
}                                                          \
bool Isolate::is_##name(type* value) {                     \
return raw_native_context()->is_##name(value);           \
}
NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)


object_function() will become:

  Handle<JSFunction> Isolate::object_function() {
return Handle<JSFunction>(raw_native_context()->object_function(), this);
}


Lets look closer at JSFunction::initial_map() in in object-inl.h:

Map* JSFunction::initial_map() {
return Map::cast(prototype_or_initial_map());
}


prototype_or_initial_map is generated by a macro:

ACCESSORS_CHECKED(JSFunction, prototype_or_initial_map, Object,
kPrototypeOrInitialMapOffset, map()->has_prototype_slot())


ACCESSORS_CHECKED can be found in src/objects/object-macros.h:

#define ACCESSORS_CHECKED(holder, name, type, offset, condition) \
ACCESSORS_CHECKED2(holder, name, type, offset, condition, condition)

#define ACCESSORS_CHECKED2(holder, name, type, offset, get_condition, \
set_condition)                             \
type* holder::name() const {                                        \
type* value = type::cast(READ_FIELD(this, offset));               \
DCHECK(get_condition);                                            \
return value;                                                     \
}                                                                   \
void holder::set_##name(type* value, WriteBarrierMode mode) {       \
DCHECK(set_condition);                                            \
WRITE_FIELD(this, offset, value);                                 \
CONDITIONAL_WRITE_BARRIER(GetHeap(), this, offset, value, mode);  \
}



The preprocessor will expand prototype_or_initial_map to:

  JSFunction* JSFunction::prototype_or_initial_map() const {
JSFunction* value = JSFunction::cast(
(*reinterpret_cast<Object* const*>(
DCHECK(map()->has_prototype_slot());
return value;
}


Notice that map()->has_prototype_slot()) will be called first which looks like this:

Map* HeapObject::map() const {
return map_word().ToMap();
}


MapWord HeapObject::map_word() const {
return MapWord(
}


First thing that will happen is RELAXED_READ_FIELD(this, kMapOffset)

#define RELAXED_READ_FIELD(p, offset)           \



This will get expanded by the preprocessor to:

  reinterpret_cast<Object*>(base::Relaxed_Load(
reinterpret_cast<const base::AtomicWord*>(


src/base/atomicops_internals_portable.h:

inline Atomic8 Relaxed_Load(volatile const Atomic8* ptr) {
}


So this will do an atomoic load of the ptr with the memory order of __ATOMIC_RELELAXED.

ACCESSORS_CHECKED also generates a set_prototyp_or_initial_map:

  void JSFunction::set_prototype_or_initial_map(JSFunction* value, WriteBarrierMode mode) {
DCHECK(map()->has_prototype_slot());
WRITE_FIELD(this, kPrototypeOrInitialMapOffset, value);
CONDITIONAL_WRITE_BARRIER(GetHeap(), this, kPrototypeOrInitialMapOffset, value, mode);
}


What does WRITE_FIELD do?

#define WRITE_FIELD(p, offset, value)                             \
base::Relaxed_Store(                                            \
reinterpret_cast<base::AtomicWord>(value));


Which would expand into:

  base::Relaxed_Store(                                            \
reinterpret_cast<base::AtomicWord*>(
reinterpret_cast<base::AtomicWord>(value));


Lets take a look at what instance_type does:

InstanceType Map::instance_type() const {
}


To see what the above is doing we can do the same thing in the debugger: Note that I got 11 below from map->kInstanceTypeOffset - i::kHeapObjectTag

(lldb) memory read -f u -c 1 -s 8 *map + 11
0x6d4e6609ed4: 585472345729139745
(lldb) expr static_cast<InstanceType>(585472345729139745)
(v8::internal::InstanceType) $34 = JS_OBJECT_TYPE  Take map->has_non_instance_prototype(): (lldb) br s -n has_non_instance_prototype (lldb) expr -i 0 -- map->has_non_instance_prototype()  The above command will break in src/objects/map-inl.h: BIT_FIELD_ACCESSORS(Map, bit_field, has_non_instance_prototype, Map::HasNonInstancePrototypeBit) // src/objects/object-macros.h #define BIT_FIELD_ACCESSORS(holder, field, name, BitField) \ typename BitField::FieldType holder::name() const { \ return BitField::decode(field()); \ } \ void holder::set_##name(typename BitField::FieldType value) { \ set_##field(BitField::update(field(), value)); \ }  The preprocessor will expand that to:  typename Map::HasNonInstancePrototypeBit::FieldType Map::has_non_instance_prototype() const { return Map::HasNonInstancePrototypeBit::decode(bit_field()); } \ void holder::set_has_non_instance_prototype(typename BitField::FieldType value) { \ set_bit_field(Map::HasNonInstancePrototypeBit::update(bit_field(), value)); \ }  So where can we find Map::HasNonInstancePrototypeBit? It is generated by a macro in src/objects/map.h: // Bit positions for |bit_field|. #define MAP_BIT_FIELD_FIELDS(V, _) \ V(HasNonInstancePrototypeBit, bool, 1, _) \ ... DEFINE_BIT_FIELDS(MAP_BIT_FIELD_FIELDS) #undef MAP_BIT_FIELD_FIELDS #define DEFINE_BIT_FIELDS(LIST_MACRO) \ DEFINE_BIT_RANGES(LIST_MACRO) \ LIST_MACRO(DEFINE_BIT_FIELD_TYPE, LIST_MACRO##_Ranges) #define DEFINE_BIT_RANGES(LIST_MACRO) \ struct LIST_MACRO##_Ranges { \ enum { LIST_MACRO(DEFINE_BIT_FIELD_RANGE_TYPE, _) kBitsCount }; \ }; #define DEFINE_BIT_FIELD_RANGE_TYPE(Name, Type, Size, _) \ k##Name##Start, k##Name##End = k##Name##Start + Size - 1,  Alright, lets see what preprocessor expands that to:  struct MAP_BIT_FIELD_FIELDS_Ranges { enum { kHasNonInstancePrototypeBitStart, kHasNonInstancePrototypeBitEnd = kHasNonInstancePrototypeBitStart + 1 - 1, ... // not showing the rest of the entries. kBitsCount }; };  So this would create a struct with an enum and it could be accessed using: i::Map::MAP_BIT_FIELD_FIELDS_Ranges::kHasNonInstancePrototypeBitStart The next part of the macro is  LIST_MACRO(DEFINE_BIT_FIELD_TYPE, LIST_MACRO##_Ranges) #define DEFINE_BIT_FIELD_TYPE(Name, Type, Size, RangesName) \ typedef BitField<Type, RangesName::k##Name##Start, Size> Name;  Which will get expanded to:  typedef BitField<HasNonInstancePrototypeBit, MAP_BIT_FIELD_FIELDS_Ranges::kHasNonInstancePrototypeBitStart, 1> HasNonInstancePrototypeBit;  So this is how HasNonInstancePrototypeBit is declared and notice that it is of type BitField which can be found in src/utils.h: template<class T, int shift, int size> class BitField : public BitFieldBase<T, shift, size, uint32_t> { }; template<class T, int shift, int size, class U> class BitFieldBase { public: typedef T FieldType;  Map::HasNonInstancePrototypeBit::decode(bit_field()); first bit_field is called: byte Map::bit_field() const { return READ_BYTE_FIELD(this, kBitFieldOffset); }  And the result of that is passed to Map::HasNonInstancePrototypeBit::decode: (lldb) br s -n bit_field (lldb) expr -i 0 -- map->bit_field()  byte Map::bit_field() const { return READ_BYTE_FIELD(this, kBitFieldOffset); }  So, this is the current Map instance, and we are going to read from. #define READ_BYTE_FIELD(p, offset) \ (*reinterpret_cast<const byte*>(FIELD_ADDR(p, offset))) #define FIELD_ADDR(p, offset) \ (reinterpret_cast<Address>(p) + offset - kHeapObjectTag)  Which will get expanded to: byte Map::bit_field() const { return *reinterpret_cast<const byte*>( reinterpret_cast<Address>(this) + kBitFieldOffset - kHeapObjectTag) }  The instance_size is the instance_size_in_words << kPointerSizeLog2 (3 on my machine): (lldb) memory read -f x -s 1 -c 1 *map+8 0x24d1cd509ed1: 0x03 (lldb) expr 0x03 << 3 (int)$2 = 24
(lldb) expr map->instance_size()
(int) $3 = 24  i::HeapObject::kHeaderSize is 8 on my system which is used in the DEFINE_FIELD_OFFSET_CONSTANTS: #define MAP_FIELDS(V) V(kInstanceSizeInWordsOffset, kUInt8Size) V(kInObjectPropertiesStartOrConstructorFunctionIndexOffset, kUInt8Size) ... DEFINE_FIELD_OFFSET_CONSTANTS(HeapObject::kHeaderSize, MAP_FIELDS)  So we can use this information to read the inobject_properties_start_or_constructor_function_index directly from memory using: (lldb) expr map->inobject_properties_start_or_constructor_function_index() (lldb) memory read -f x -s 1 -c 1 map+9 error: invalid start address expression. error: address expression "map+9" evaluation failed (lldb) memory read -f x -s 1 -c 1 *map+9 0x17b027209ed2: 0x03  Inspect the visitor_id (which is the last of the first byte): lldb) memory read -f x -s 1 -c 1 *map+10 0x17b027209ed3: 0x15 (lldb) expr (int) 0x15 (int)$8 = 21
(lldb) expr map->visitor_id()
(v8::internal::VisitorId) $11 = kVisitJSObjectFast (lldb) expr (int)$11
(int) $12 = 21  Inspect the instance_type (which is part of the second byte): (lldb) expr map->instance_type() (v8::internal::InstanceType)$41 = JS_OBJECT_TYPE
(lldb) expr v8::internal::InstanceType::JS_OBJECT_TYPE
(uint16_t) $35 = 1057 (lldb) memory read -f x -s 2 -c 1 *map+11 0x17b027209ed4: 0x0421 (lldb) expr (int)0x0421 (int)$40 = 1057


Notice that instance_type is a short so that will take up 2 bytes

(lldb) expr map->has_non_instance_prototype()
(bool) $60 = false (lldb) expr map->is_callable() (bool)$46 = false
(lldb) expr map->has_named_interceptor()
(bool) $51 = false (lldb) expr map->has_indexed_interceptor() (bool)$55 = false
(lldb) expr map->is_undetectable()
(bool) $56 = false (lldb) expr map->is_access_check_needed() (bool)$57 = false
(lldb) expr map->is_constructor()
(bool) $58 = false (lldb) expr map->has_prototype_slot() (bool)$59 = false


Verify that the above is correct:

(lldb) expr map->has_non_instance_prototype()
(bool) $44 = false (lldb) memory read -f x -s 1 -c 1 *map+13 0x17b027209ed6: 0x00 (lldb) expr map->set_has_non_instance_prototype(true) (lldb) memory read -f x -s 1 -c 1 *map+13 0x17b027209ed6: 0x01 (lldb) expr map->set_has_prototype_slot(true) (lldb) memory read -f x -s 1 -c 1 *map+13 0x17b027209ed6: 0x81  Inspect second int field (bit_field2): (lldb) memory read -f x -s 1 -c 1 *map+14 0x17b027209ed7: 0x19 (lldb) expr map->is_extensible() (bool)$78 = true
(lldb) expr -- 0x19 & (1 << 0)
(bool) $90 = 1 (lldb) expr map->is_prototype_map() (bool)$79 = false

(lldb) expr map->is_in_retained_map_list()
(bool) $80 = false (lldb) expr map->elements_kind() (v8::internal::ElementsKind)$81 = HOLEY_ELEMENTS
(lldb) expr v8::internal::ElementsKind::HOLEY_ELEMENTS
(int) $133 = 3 (lldb) expr 0x19 >> 3 (int)$134 = 3


Inspect third int field (bit_field3):

(lldb) memory read -f b -s 4 -c 1 *map+15
0x17b027209ed8: 0b00001000001000000000001111111111
(lldb) memory read -f x -s 4 -c 1 *map+15
0x17b027209ed8: 0x082003ff


So we know that a Map instance is a pointer allocated by the Heap and with a specific size. Fields are accessed using indexes (remember there are no member fields in the Map class). We also know that all HeapObject have a Map. The Map is sometimes referred to as the HiddenClass and sometimes the shape of an object. If two objects have the same properties they would share the same Map. This makes sense and I've see blog post that show this but I'd like to verify this to fully understand it. I'm going to try to match https://v8project.blogspot.com/2017/08/fast-properties.html with the code.

So, lets take a look at adding a property to a JSObject. We start by creating a new Map and then use it to create a new JSObject:

  i::Handle<i::Map> map = factory->NewMap(i::JS_OBJECT_TYPE, 32);
i::Handle<i::JSObject> js_object = factory->NewJSObjectFromMap(map);

i::Handle<i::String> prop_name = factory->InternalizeUtf8String("prop_name");
i::Handle<i::String> prop_value = factory->InternalizeUtf8String("prop_value");


Lets take a closer look at AddProperty and how it interacts with the Map. This function can be found in src/objects.cc:

void JSObject::AddProperty(Handle<JSObject> object, Handle<Name> name,
Handle<Object> value,
PropertyAttributes attributes) {
LookupIterator it(object, name, object, LookupIterator::OWN_SKIP_INTERCEPTOR);
CHECK_NE(LookupIterator::ACCESS_CHECK, it.state());


First we have the LookupIterator constructor (src/lookup.h) but since this is a new property which we know does not exist it will not find any property.

CHECK(AddDataProperty(&it, value, attributes, kThrowOnError,
CERTAINLY_NOT_STORE_FROM_KEYED)
.IsJust());

  Handle<JSReceiver> receiver = it->GetStoreTarget<JSReceiver>();
...
it->UpdateProtector();
// Migrate to the most up-to-date map that will be able to store |value|
// under it->name() with |attributes|.
DCHECK_EQ(LookupIterator::TRANSITION, it->state());

// Write the property value.
it->WriteDataValue(value, true);


PrepareTransitionToDataProperty:

  Representation representation = value->OptimalRepresentation();
Handle<FieldType> type = value->OptimalType(isolate, representation);
maybe_map = Map::CopyWithField(map, name, type, attributes, constness,
representation, flag);


Map::CopyWithField:

  Descriptor d = Descriptor::DataField(name, index, attributes, constness, representation, wrapped_type);


Lets take a closer look the Decriptor which can be found in src/property.cc:

Descriptor Descriptor::DataField(Handle<Name> key, int field_index,
PropertyAttributes attributes,
PropertyConstness constness,
Representation representation,
MaybeObjectHandle wrapped_field_type) {
DCHECK(wrapped_field_type->IsSmi() || wrapped_field_type->IsWeakHeapObject());
PropertyDetails details(kData, attributes, kField, constness, representation,
field_index);
return Descriptor(key, wrapped_field_type, details);
}


Descriptor is declared in src/property.h and describes the elements in a instance-descriptor array. These are returned when calling map->instance_descriptors(). Let check some of the arguments:

(lldb) job *key
#prop_name
(lldb) expr attributes
(v8::internal::PropertyAttributes) $27 = NONE (lldb) expr constness (v8::internal::PropertyConstness)$28 = kMutable
(lldb) expr representation
(v8::internal::Representation) $29 = (kind_ = '\b')  The Descriptor class contains three members:  private: Handle<Name> key_; MaybeObjectHandle value_; PropertyDetails details_;  Lets take a closer look PropertyDetails which only has a single member named value_  uint32_t value_;  It also declares a number of classes the extend BitField, for example: class KindField : public BitField<PropertyKind, 0, 1> {}; class LocationField : public BitField<PropertyLocation, KindField::kNext, 1> {}; class ConstnessField : public BitField<PropertyConstness, LocationField::kNext, 1> {}; class AttributesField : public BitField<PropertyAttributes, ConstnessField::kNext, 3> {}; class PropertyCellTypeField : public BitField<PropertyCellType, AttributesField::kNext, 2> {}; class DictionaryStorageField : public BitField<uint32_t, PropertyCellTypeField::kNext, 23> {}; // Bit fields for fast objects. class RepresentationField : public BitField<uint32_t, AttributesField::kNext, 4> {}; class DescriptorPointer : public BitField<uint32_t, RepresentationField::kNext, kDescriptorIndexBitCount> {}; class FieldIndexField : public BitField<uint32_t, DescriptorPointer::kNext, kDescriptorIndexBitCount> { enum PropertyKind { kData = 0, kAccessor = 1 }; enum PropertyLocation { kField = 0, kDescriptor = 1 }; enum class PropertyConstness { kMutable = 0, kConst = 1 }; enum PropertyAttributes { NONE = ::v8::None, READ_ONLY = ::v8::ReadOnly, DONT_ENUM = ::v8::DontEnum, DONT_DELETE = ::v8::DontDelete, ALL_ATTRIBUTES_MASK = READ_ONLY | DONT_ENUM | DONT_DELETE, SEALED = DONT_DELETE, FROZEN = SEALED | READ_ONLY, ABSENT = 64, // Used in runtime to indicate a property is absent. // ABSENT can never be stored in or returned from a descriptor's attributes // bitfield. It is only used as a return value meaning the attributes of // a non-existent property. }; enum class PropertyCellType { // Meaningful when a property cell does not contain the hole. kUndefined, // The PREMONOMORPHIC of property cells. kConstant, // Cell has been assigned only once. kConstantType, // Cell has been assigned only one type. kMutable, // Cell will no longer be tracked as constant. // Meaningful when a property cell contains the hole. kUninitialized = kUndefined, // Cell has never been initialized. kInvalidated = kConstant, // Cell has been deleted, invalidated or never // existed. // For dictionaries not holding cells. kNoCell = kMutable, }; template<class T, int shift, int size> class BitField : public BitFieldBase<T, shift, size, uint32_t> { };  The Type T of KindField will be PropertyKind, the shift will be 0 , and the size 1. Notice that LocationField is using KindField::kNext as its shift. This is a static class constant of type uint32_t and is defined as: static const U kNext = kShift + kSize;  So LocationField would get the value from KindField which should be: class LocationField : public BitField<PropertyLocation, 1, 1> {};  The constructor for PropertyDetails looks like this: PropertyDetails(PropertyKind kind, PropertyAttributes attributes, PropertyCellType cell_type, int dictionary_index = 0) { value_ = KindField::encode(kind) | LocationField::encode(kField) | AttributesField::encode(attributes) | DictionaryStorageField::encode(dictionary_index) | PropertyCellTypeField::encode(cell_type); }  So what does KindField::encode(kind) actualy do then? (lldb) expr static_cast<uint32_t>(kind()) (uint32_t)$36 = 0
(lldb) expr static_cast<uint32_t>(kind()) << 0
(uint32_t) $37 = 0  This value is later returned by calling kind(): PropertyKind kind() const { return KindField::decode(value_); }  So we have all this information about this property, its type (Representation), constness, if it is read-only, enumerable, deletable, sealed, frozen. After that little detour we are back in Descriptor::DataField:  return Descriptor(key, wrapped_field_type, details);  Here we are using the key (name of the property), the wrapped_field_type, and PropertyDetails we created. What is wrapped_field_type again? If we back up a few frames back into Map::TransitionToDataProperty we can see that the type passed in is taken from the following code:  Representation representation = value->OptimalRepresentation(); Handle<FieldType> type = value->OptimalType(isolate, representation);  So this is only taking the type of the field: (lldb) expr representation.kind() (v8::internal::Representation::Kind)$51 = kHeapObject


This makes sense as the map only deals with the shape of the propery and not the value. Next in Map::CopyWithField we have:

  Handle<Map> new_map = Map::CopyAddDescriptor(map, &d, flag);


CopyAddDescriptor does:

  Handle<DescriptorArray> descriptors(map->instance_descriptors());

int nof = map->NumberOfOwnDescriptors();
Handle<DescriptorArray> new_descriptors = DescriptorArray::CopyUpTo(descriptors, nof, 1);
new_descriptors->Append(descriptor);

Handle<LayoutDescriptor> new_layout_descriptor =
FLAG_unbox_double_fields
? LayoutDescriptor::New(map, new_descriptors, nof + 1)
: handle(LayoutDescriptor::FastPointerLayout(), map->GetIsolate());

return CopyReplaceDescriptors(map, new_descriptors, new_layout_descriptor,
SIMPLE_PROPERTY_TRANSITION);


Lets take a closer look at LayoutDescriptor

(lldb) expr new_layout_descriptor->Print()
Layout descriptor: <all tagged>


TODO: Take a closer look at LayoutDescritpor

Later when actually adding the value in Object::AddDataProperty:

  it->WriteDataValue(value, true);


This call will end up in src/lookup.cc and in our case the path will be the following call:

  JSObject::cast(*holder)->WriteToField(descriptor_number(), property_details_, *value);


TODO: Take a closer look at LookupIterator. WriteToField can be found in src/objects-inl.h:

  FieldIndex index = FieldIndex::ForDescriptor(map(), descriptor);


FieldIndex::ForDescriptor can be found in src/field-index-inl.h:

inline FieldIndex FieldIndex::ForDescriptor(const Map* map, int descriptor_index) {
PropertyDetails details = map->instance_descriptors()->GetDetails(descriptor_index);
int field_index = details.field_index();
return ForPropertyIndex(map, field_index, details.representation());
}


Notice that this is calling instance_descriptors() on the passed-in map. This as we recall from earlier returns and DescriptorArray (which is a type of WeakFixedArray). A Descriptor array

Our DecsriptorArray only has one entry:

(lldb) expr map->instance_descriptors()->number_of_descriptors()
(int) $6 = 1 (lldb) expr map->instance_descriptors()->GetKey(0)->Print() #prop_name (lldb) expr map->instance_descriptors()->GetFieldIndex(0) (int)$11 = 0


We can also use Print on the DescriptorArray:

lldb) expr map->instance_descriptors()->Print()

[0]: #prop_name (data field 0:h, p: 0, attrs: [WEC]) @ Any


In our case we are accessing the PropertyDetails and then getting the field_index which I think tells us where in the object the value for this property is stored. The last call in ForDescriptor is ForProperty:

inline FieldIndex FieldIndex::ForPropertyIndex(const Map* map,
int property_index,
Representation representation) {
int inobject_properties = map->GetInObjectProperties();
bool is_inobject = property_index < inobject_properties;
int first_inobject_offset;
int offset;
if (is_inobject) {
first_inobject_offset = map->GetInObjectPropertyOffset(0);
offset = map->GetInObjectPropertyOffset(property_index);
} else {
property_index -= inobject_properties;
offset = FixedArray::kHeaderSize + property_index * kPointerSize;
}
Encoding encoding = FieldEncoding(representation);
return FieldIndex(is_inobject, offset, encoding, inobject_properties,
first_inobject_offset);
}


I was expecting inobject_propertis to be 1 here but it is 0:

(lldb) expr inobject_properties
(int) $14 = 0  Why is that, what am I missing? These in-object properties are stored directly on the object instance and not do not use the properties array. All get back to an example of this later to clarify this. TODO: Add in-object properties example. Back in JSObject::WriteToField:  RawFastPropertyAtPut(index, value);  void JSObject::RawFastPropertyAtPut(FieldIndex index, Object* value) { if (index.is_inobject()) { int offset = index.offset(); WRITE_FIELD(this, offset, value); WRITE_BARRIER(GetHeap(), this, offset, value); } else { property_array()->set(index.outobject_array_index(), value); } }  In our case we know that the index is not inobject() (lldb) expr index.is_inobject() (bool)$18 = false


So, property_array()->set() will be called.

(lldb) expr this
(v8::internal::JSObject *) $21 = 0x00002c31c6a88b59  JSObject inherits from JSReceiver which is where the property_array() function is declared.  inline PropertyArray* property_array() const;  (lldb) expr property_array()->Print() 0x2c31c6a88bb1: [PropertyArray] - map: 0x2c31f5603e21 <Map> - length: 3 - hash: 0 0: 0x2c31f56025a1 <Odd Oddball: uninitialized> 1-2: 0x2c31f56026f1 <undefined> (lldb) expr index.outobject_array_index() (int)$26 = 0
(lldb) expr value->Print()
#prop_value


Looking at the above values printed we should see the property be written to entry 0.

(lldb) expr property_array()->get(0)->Print()
#uninitialized
// after call to set
(lldb) expr property_array()->get(0)->Print()
#prop_value

(lldb) expr map->instance_descriptors()
(v8::internal::DescriptorArray *) $4 = 0x000039a927082339  So a map has an pointer array of instance of DescriptorArray (lldb) expr map->GetInObjectProperties() (int)$19 = 1


Each Map has int that tells us the number of properties it has. This is the number specified when creating a new Map, for example:

i::Handle<i::Map> map = i::Map::Create(asInternal(isolate_), 1);


But at this stage we don't really have any properties. The value for a property is associated with the actual instance of the Object. What the Map specifies is index of the value for a particualar property.

#### Creating a Map instance

Lets take a look at when a map is created.

(lldb) br s -f map_test.cc -l 63

Handle<Map> Factory::NewMap(InstanceType type,
int instance_size,
ElementsKind elements_kind,
int inobject_properties) {
HeapObject* result = isolate()->heap()->AllocateRawWithRetryOrFail(Map::kSize, MAP_SPACE);
result->set_map_after_allocation(*meta_map(), SKIP_WRITE_BARRIER);
return handle(InitializeMap(Map::cast(result), type, instance_size,
elements_kind, inobject_properties),
isolate());
}


We can see that the above is calling AllocateRawWithRetryOrFail on the heap instance passing a size of 88 and specifying the MAP_SPACE:

HeapObject* Heap::AllocateRawWithRetryOrFail(int size, AllocationSpace space,
AllocationAlignment alignment) {
AllocationResult alloc;
HeapObject* result = AllocateRawWithLigthRetry(size, space, alignment);
if (result) return result;

isolate()->counters()->gc_last_resort_from_handles()->Increment();
CollectAllAvailableGarbage(GarbageCollectionReason::kLastResort);
{
AlwaysAllocateScope scope(isolate());
alloc = AllocateRaw(size, space, alignment);
}
if (alloc.To(&result)) {
DCHECK(result != exception());
return result;
}
// TODO(1181417): Fix this.
FatalProcessOutOfMemory("CALL_AND_RETRY_LAST");
return nullptr;
}


The default value for alignment is kWordAligned. Reading the docs in the header it says that this function will try to perform an allocation of size 88 in the MAP_SPACE and if it fails a full GC will be performed and the allocation retried. Lets take a look at AllocateRawWithLigthRetry:

  AllocationResult alloc = AllocateRaw(size, space, alignment);


AllocateRaw can be found in src/heap/heap-inl.h. There are different paths that will be taken depending on the space parameteter. Since it is MAP_SPACE in our case we will focus on that path:

AllocationResult Heap::AllocateRaw(int size_in_bytes, AllocationSpace space, AllocationAlignment alignment) {
...
HeapObject* object = nullptr;
AllocationResult allocation;
if (OLD_SPACE == space) {
...
} else if (MAP_SPACE == space) {
allocation = map_space_->AllocateRawUnaligned(size_in_bytes);
}
...
}


map_space_ is a private member of Heap (src/heap/heap.h):

MapSpace* map_space_;


AllocateRawUnaligned can be found in src/heap/spaces-inl.h:

AllocationResult PagedSpace::AllocateRawUnaligned( int size_in_bytes, UpdateSkipList update_skip_list) {
if (!EnsureLinearAllocationArea(size_in_bytes)) {
return AllocationResult::Retry(identity());
}

HeapObject* object = AllocateLinearly(size_in_bytes);
return object;
}


The default value for update_skip_list is UPDATE_SKIP_LIST. So lets take a look at AllocateLinearly:

HeapObject* PagedSpace::AllocateLinearly(int size_in_bytes) {
Address new_top = current_top + size_in_bytes;
allocation_info_.set_top(new_top);
}


Recall that size_in_bytes in our case is 88.

(lldb) expr current_top
(v8::internal::Address) $5 = 24847457492680 (lldb) expr new_top (v8::internal::Address)$6 = 24847457492768
(lldb) expr new_top - current_top
(unsigned long) 7 = 88  Notice that first the top is set to the new_top and then the current_top is returned and that will be a pointer to the start of the object in memory (which in this case is of v8::internal::Map which is also of type HeapObject). I've been wondering why Map (and other HeapObject) don't have any member fields and only/mostly getters/setters for the various fields that make up an object. Well the answer is that pointers to instances of for example Map point to the first memory location of the instance. And the getters/setter functions use indexed to read/write to memory locations. The indexes are mostly in the form of enum fields that define the memory layout of the type. Next, in AllocateRawUnaligned we have the MSAN_ALLOCATED_UNINITIALIZED_MEMORY macro:  MSAN_ALLOCATED_UNINITIALIZED_MEMORY(object->address(), size_in_bytes);  MSAN_ALLOCATED_UNINITIALIZED_MEMORY can be found in src/msan.h and ms stands for Memory Sanitizer and would only be used if V8_US_MEMORY_SANITIZER is defined. The returned object will be used to construct an AllocationResult when returned. Back in AllocateRaw we have: if (allocation.To(&object)) { ... OnAllocationEvent(object, size_in_bytes); } return allocation;  This will return us in AllocateRawWithLightRetry: AllocationResult alloc = AllocateRaw(size, space, alignment); if (alloc.To(&result)) { DCHECK(result != exception()); return result; }  This will return us back in AllocateRawWithRetryOrFail:  HeapObject* result = AllocateRawWithLigthRetry(size, space, alignment); if (result) return result;  And that return will return to NewMap in src/heap/factory.cc:  result->set_map_after_allocation(*meta_map(), SKIP_WRITE_BARRIER); return handle(InitializeMap(Map::cast(result), type, instance_size, elements_kind, inobject_properties), isolate());  InitializeMap:  map->set_instance_type(type); map->set_prototype(*null_value(), SKIP_WRITE_BARRIER); map->set_constructor_or_backpointer(*null_value(), SKIP_WRITE_BARRIER); map->set_instance_size(instance_size); if (map->IsJSObjectMap()) { DCHECK(!isolate()->heap()->InReadOnlySpace(map)); map->SetInObjectPropertiesStartInWords(instance_size / kPointerSize - inobject_properties); DCHECK_EQ(map->GetInObjectProperties(), inobject_properties); map->set_prototype_validity_cell(*invalid_prototype_validity_cell()); } else { DCHECK_EQ(inobject_properties, 0); map->set_inobject_properties_start_or_constructor_function_index(0); map->set_prototype_validity_cell(Smi::FromInt(Map::kPrototypeChainValid)); } map->set_dependent_code(DependentCode::cast(*empty_fixed_array()), SKIP_WRITE_BARRIER); map->set_weak_cell_cache(Smi::kZero); map->set_raw_transitions(MaybeObject::FromSmi(Smi::kZero)); map->SetInObjectUnusedPropertyFields(inobject_properties); map->set_instance_descriptors(*empty_descriptor_array()); map->set_visitor_id(Map::GetVisitorId(map)); map->set_bit_field(0); map->set_bit_field2(Map::IsExtensibleBit::kMask); int bit_field3 = Map::EnumLengthBits::encode(kInvalidEnumCacheSentinel) | Map::OwnsDescriptorsBit::encode(true) | Map::ConstructionCounterBits::encode(Map::kNoSlackTracking); map->set_bit_field3(bit_field3); map->set_elements_kind(elements_kind); //HOLEY_ELEMENTS map->set_new_target_is_base(true); isolate()->counters()->maps_created()->Increment(); if (FLAG_trace_maps) LOG(isolate(), MapCreate(map)); return map;  ### Context Context extends FixedArray (src/context.h). So an instance of this Context is a FixedArray and we can use Get(index) etc to get entries in the array. ### V8_EXPORT This can be found in quite a few places in v8 source code. For example: class V8_EXPORT ArrayBuffer : public Object {  What is this? It is a preprocessor macro which looks like this: #if V8_HAS_ATTRIBUTE_VISIBILITY && defined(V8_SHARED) # ifdef BUILDING_V8_SHARED # define V8_EXPORT __attribute__ ((visibility("default"))) # else # define V8_EXPORT # endif #else # define V8_EXPORT #endif  So we can see that if V8_HAS_ATTRIBUTE_VISIBILITY, and defined(V8_SHARED), and also if BUILDING_V8_SHARED, V8_EXPORT is set to __attribute__ ((visibility("default")). But in all other cases V8_EXPORT is empty and the preprocessor does not insert anything (nothing will be there come compile time). But what about the __attribute__ ((visibility("default")) what is this? In the GNU compiler collection (GCC) environment, the term that is used for exporting is visibility. As it applies to functions and variables in a shared object, visibility refers to the ability of other shared objects to call a C/C++ function. Functions with default visibility have a global scope and can be called from other shared objects. Functions with hidden visibility have a local scope and cannot be called from other shared objects. Visibility can be controlled by using either compiler options or visibility attributes. In your header files, wherever you want an interface or API made public outside the current Dynamic Shared Object (DSO) , place __attribute__ ((visibility ("default"))) in struct, class and function declarations you wish to make public. With -fvisibility=hidden, you are telling GCC that every declaration not explicitly marked with a visibility attribute has a hidden visibility. There is such a flag in build/common.gypi ### ToLocalChecked() You'll see a few of these calls in the hello_world example:  Local<String> source = String::NewFromUtf8(isolate, js, NewStringType::kNormal).ToLocalChecked();  NewFromUtf8 actually returns a Local wrapped in a MaybeLocal which forces a check to see if the Local<> is empty before using it. NewStringType is an enum which can be kNormalString (k for constant) or kInternalized. The following is after running the preprocessor (clang -E src/api.cc): # 5961 "src/api.cc" Local<String> String::NewFromUtf8(Isolate* isolate, const char* data, NewStringType type, int length) { MaybeLocal<String> result; if (length == 0) { result = String::Empty(isolate); } else if (length > i::String::kMaxLength) { result = MaybeLocal<String>(); } else { i::Isolate* i_isolate = reinterpret_cast<internal::Isolate*>(isolate); i::VMState<v8::OTHER> __state__((i_isolate)); i::RuntimeCallTimerScope _runtime_timer( i_isolate, &i::RuntimeCallStats::API_String_NewFromUtf8); LOG(i_isolate, ApiEntryCall("v8::" "String" "::" "NewFromUtf8")); if (length < 0) length = StringLength(data); i::Handle<i::String> handle_result = NewString(i_isolate->factory(), static_cast<v8::NewStringType>(type), i::Vector<const char>(data, length)) .ToHandleChecked(); result = Utils::ToLocal(handle_result); }; return result.FromMaybe(Local<String>());; }  I was wondering where the Utils::ToLocal was defined but could not find it until I found: MAKE_TO_LOCAL(ToLocal, String, String) #define MAKE_TO_LOCAL(Name, From, To) \ Local<v8::To> Utils::Name(v8::internal::Handle<v8::internal::From> obj) { \ return Convert<v8::internal::From, v8::To>(obj); \ }  The above can be found in src/api.h. The same goes for Local<Object>, Local<String> etc. ### Small Integers Reading through v8.h I came accross // Tag information for Smi Smi stands for small integers. A pointer is really just a integer that is treated like a memory address. We can use that memory address to get the start of the data located in that memory slot. But we can also just store an normal value like 18 in it. There might be cases where it does not make sense to store a small integer somewhere in the heap and have a pointer to it, but instead store the value directly in the pointer itself. But that only works for small integers so there needs to be away to know if the value we want is stored in the pointer or if we should follow the value stored to the heap to get the value. A word on a 64 bit machine is 8 bytes (64 bits) and all of the pointers need to be aligned to multiples of 8. So a pointer could be: 1000 = 8 10000 = 16 11000 = 24 100000 = 32 1000000000 = 512  Remember that we are talking about the pointers and not the values store at the memory location they point to. We can see that there are always three bits that are zero in the pointers. So we can use them for something else and just mask them out when using them as pointers. Tagging involves borrowing one bit of the 32-bit, making it 31-bit and having the leftover bit represent a tag. If the tag is zero then this is a plain value, but if tag is 1 then the pointer must be followed. This does not only have to be for numbers it could also be used for object (I think) Instead the small integer is represented by the 32 bits plus a pointer to the 64-bit number. V8 needs to know if a value stored in memory represents a 32-bit integer, or if it is really a 64-bit number, in which case it has to follow the pointer to get the complete value. This is where the concept of tagging comes in. ### Properties/Elements Take the following object: { firstname: "Jon", lastname: "Doe' }  The above object has two named properties. Named properties differ from integer indexed which is what you have when you are working with arrays. Memory layout of JavaScript Object: Properties JavaScript Object Elements +-----------+ +-----------------+ +----------------+ |property1 |<------+ | HiddenClass | +----->| | +-----------+ | +-----------------+ | +----------------+ |... | +------| Properties | | | element1 |<------+ +-----------+ +-----------------+ | +----------------+ | |... | | Elements |--+ | ... | | +-----------+ +-----------------+ +----------------+ | |propertyN | <---------------------+ | elementN | | +-----------+ | +----------------+ | | | | | | | Named properties: { firstname: "Jon", lastname: "Doe' } Indexed Properties: {1: "Jon", 2: "Doe"}  We can see that properies and elements are stored in different data structures. Elements are usually implemented as a plain array and the indexes can be used for fast access to the elements. But for the properties this is not the case. Instead there is a mapping between the property names and the index into the properties. In src/objects/objects.h we can find JSObject: class JSObject: public JSReceiver { ... DECL_ACCESSORS(elements, FixedArrayBase)  And looking a the DECL_ACCESSOR macro: #define DECL_ACCESSORS(name, type) \ inline type* name() const; \ inline void set_##name(type* value, \ WriteBarrierMode mode = UPDATE_WRITE_BARRIER); inline FixedArrayBase* name() const; inline void set_elements(FixedArrayBase* value, WriteBarrierMode = UPDATE_WRITE_BARRIER)  Notice that JSObject extends JSReceiver which is extended by all types that can have properties defined on them. I think this includes all JSObjects and JSProxy. It is in JSReceiver that the we find the properties array: DECL_ACCESSORS(raw_properties_or_hash, Object)  Now properties (named properties not elements) can be of different kinds internally. These work just like simple dictionaries from the outside but a dictionary is only used in certain curcumstances at runtime. Properties JSObject HiddenClass (Map) +-----------+ +-----------------+ +----------------+ |property1 |<------+ | HiddenClass |-------->| bit field1 | +-----------+ | +-----------------+ +----------------+ |... | +------| Properties | | bit field2 | +-----------+ +-----------------+ +----------------+ |... | | Elements | | bit field3 | +-----------+ +-----------------+ +----------------+ |propertyN | | property1 | +-----------+ +-----------------+ | property2 | +-----------------+ | ... | +-----------------+  #### JSObject Each JSObject has as its first field a pointer to the generated HiddenClass. A hiddenclass contain mappings from property names to indices into the properties data type. When an instance of JSObject is created a Map is passed in. As mentioned earlier JSObject inherits from JSReceiver which inherits from HeapObject For example,in jsobject_test.cc we first create a new Map using the internal Isolate Factory: v8::internal::Handle<v8::internal::Map> map = factory->NewMap(v8::internal::JS_OBJECT_TYPE, 24); v8::internal::Handle<v8::internal::JSObject> js_object = factory->NewJSObjectFromMap(map); EXPECT_TRUE(js_object->HasFastProperties());  When we call js_object->HasFastProperties() this will delegate to the map instance: return !map()->is_dictionary_map();  How do you add a property to a JSObject instance? Take a look at jsobject_test.cc for an example. ### Caching Are ways to optimize polymorphic function calls in dynamic languages, for example JavaScript. #### Lookup caches Sending a message to a receiver requires the runtime to find the correct target method using the runtime type of the receiver. A lookup cache maps the type of the receiver/message name pair to methods and stores the most recently used lookup results. The cache is first consulted and if there is a cache miss a normal lookup is performed and the result stored in the cache. #### Inline caches Using a lookup cache as described above still takes a considerable amount of time since the cache must be probed for each message. It can be observed that the type of the target does often not vary. If a call to type A is done at a particular call site it is very likely that the next time it is called the type will also be A. The method address looked up by the system lookup routine can be cached and the call instruction can be overwritten. Subsequent calls for the same type can jump directly to the cached method and completely avoid the lookup. The prolog of the called method must verify that the receivers type has not changed and do the lookup if it has changed (the type if incorrect, no longer A for example). The target methods address is stored in the callers code, or "inline" with the callers code, hence the name "inline cache". If V8 is able to make a good assumption about the type of object that will be passed to a method, it can bypass the process of figuring out how to access the objects properties, and instead use the stored information from previous lookups to the objects hidden class. #### Polymorfic Inline cache (PIC) A polymorfic call site is one where there are many equally likely receiver types (and thus call targets). • Monomorfic means there is only one receiver type • Polymorfic a few receiver types • Megamorfic very many receiver types This type of caching extends inline caching to not just cache the last lookup, but cache all lookup results for a given polymorfic call site using a specially generated stub. Lets say we have a method that iterates through a list of types and calls a method. If all the types are the same (monomorfic) a PIC acts just like an inline cache. The calls will directly call the target method (with the method prolog followed by the method body). If a different type exists in the list there will be a cache miss in the prolog and the lookup routine called. In normal inline caching this would rebind the call, replacing the call to this types target method. This would happen each time the type changes. With PIC the cache miss handler will generate a small stub routine and rebinds the call to this stub. The stub will check if the receiver is of a type that it has seen before and branch to the correct targets. Since the type of the target is already known at this point it can directly branch to the target method body without the need for the prolog. If the type has not been seen before it will be added to the stub to handle that type. Eventually the stub will contain all types used and there will be no more cache misses/lookups. The problem is that we don't have type information so methods cannot be called directly, but instead be looked up. In a static language a virtual table might have been used. In JavaScript there is no inheritance relationship so it is not possible to know a vtable offset ahead of time. What can be done is to observe and learn about the "types" used in the program. When an object is seen it can be stored and the target of that method call can be stored and inlined into that call. Bascially the type will be checked and if that particular type has been seen before the method can just be invoked directly. But how do we check the type in a dynamic language? The answer is hidden classes which allow the VM to quickly check an object against a hidden class. The inline caching source are located in src/ic. ## --trace-ic  out/x64.debug/d8 --trace-ic --trace-maps class.js

before
[TraceMaps: Normalize from= 0x19a314288b89 to= 0x19a31428aff9 reason= NormalizeAsPrototype ]
[TraceMaps: ReplaceDescriptors from= 0x19a31428aff9 to= 0x19a31428b051 reason= CopyAsPrototype ]
[TraceMaps: InitialMap map= 0x19a31428afa1 SFI= 34_Person ]

[StoreIC in ~Person+65 at class.js:2 (0->.) map=0x19a31428afa1 0x10e68ba83361 <String[4]: name>]
[TraceMaps: Transition from= 0x19a31428afa1 to= 0x19a31428b0a9 name= name ]
[StoreIC in ~Person+102 at class.js:3 (0->.) map=0x19a31428b0a9 0x2beaa25abd89 <String[3]: age>]
[TraceMaps: Transition from= 0x19a31428b0a9 to= 0x19a31428b101 name= age ]
[TraceMaps: SlowToFast from= 0x19a31428b051 to= 0x19a31428b159 reason= OptimizeAsPrototype ]
[StoreIC in ~Person+65 at class.js:2 (.->1) map=0x19a31428afa1 0x10e68ba83361 <String[4]: name>]
[StoreIC in ~Person+102 at class.js:3 (.->1) map=0x19a31428b0a9 0x2beaa25abd89 <String[3]: age>]
[LoadIC in ~+546 at class.js:9 (0->.) map=0x19a31428b101 0x10e68ba83361 <String[4]: name>]
[CallIC in ~+571 at class.js:9 (0->1) map=0x0 0x32f481082231 <String[5]: print>]
Daniel
[LoadIC in ~+642 at class.js:10 (0->.) map=0x19a31428b101 0x2beaa25abd89 <String[3]: age>]
[CallIC in ~+667 at class.js:10 (0->1) map=0x0 0x32f481082231 <String[5]: print>]
41
[LoadIC in ~+738 at class.js:11 (0->.) map=0x19a31428b101 0x10e68ba83361 <String[4]: name>]
[CallIC in ~+763 at class.js:11 (0->1) map=0x0 0x32f481082231 <String[5]: print>]
Tilda
[LoadIC in ~+834 at class.js:12 (0->.) map=0x19a31428b101 0x2beaa25abd89 <String[3]: age>]
[CallIC in ~+859 at class.js:12 (0->1) map=0x0 0x32f481082231 <String[5]: print>]
2
[CallIC in ~+927 at class.js:13 (0->1) map=0x0 0x32f481082231 <String[5]: print>]
after


LoadIC (0->.) means that it has transitioned from unititialized state (0) to pre-monomophic state (.) monomorphic state is specified with a 1. These states can be found in src/ic/ic.cc. What we are doing caching knowledge about the layout of the previously seen object inside the StoreIC/LoadIC calls.

$lldb -- out/x64.debug/d8 class.js  #### HeapObject This class describes heap allocated objects. It is in this class we find information regarding the type of object. This information is contained in v8::internal::Map. ### v8::internal::Map src/objects/map.h • bit_field1 • bit_field2 • bit field3 contains information about the number of properties that this Map has, a pointer to an DescriptorArray. The DescriptorArray contains information like the name of the property, and the posistion where the value is stored in the JSObject. I noticed that this information available in src/objects/map.h. #### DescriptorArray Can be found in src/objects/descriptor-array.h. This class extends FixedArray and has the following entries: [0] the number of descriptors it contains [1] If uninitialized this will be Smi(0) otherwise an enum cache bridge which is a FixedArray of size 2: [0] enum cache: FixedArray containing all own enumerable keys [1] either Smi(0) or a pointer to a FixedArray with indices [2] first key (and internalized String [3] first descriptor  ### Factory Each Internal Isolate has a Factory which is used to create instances. This is because all handles needs to be allocated using the factory (src/heap/factory.h) ### Objects All objects extend the abstract class Object (src/objects/objects.h). ### Oddball This class extends HeapObject and describes null, undefined, true, and false objects. #### Map Extends HeapObject and all heap objects have a Map which describes the objects structure. This is where you can find the size of the instance, access to the inobject_properties. ### Compiler pipeline When a script is compiled all of the top level code is parsed. These are function declarartions (but not the function bodies). function f1() { <- top level code console.log('f1'); <- non top level } function f2() { <- top level code f1(); <- non top level console.logg('f2'); <- non top level } f2(); <- top level code var i = 10; <- top level code  The non top level code must be pre-parsed to check for syntax errors. The top level code is parsed and compiles by the full-codegen compiler. This compiler does not perform any optimizations and it's only task is to generate machine code as quickly as possible (this is pre turbofan) Source ------> Parser --------> Full-codegen ---------> Unoptimized Machine Code  So the whole script is parsed even though we only generated code for the top-level code. The pre-parse (the syntax checking) was not stored in any way. The functions are lazy stubs that when/if the function gets called the function get compiled. This means that the function has to be parsed (again, the first time was the pre-parse remember). If a function is determined to be hot it will be optimized by one of the two optimizing compilers crankshaft for older parts of JavaScript or Turbofan for Web Assembly (WASM) and some of the newer es6 features. The first time V8 sees a function it will parse it into an AST but not do any further processing of that tree until that function is used.  +-----> Full-codegen -----> Unoptimized code / \/ /\ \ Parser ------> AST -------> Cranshaft -----> Optimized code | \ / +-----> Turbofan -----> Optimized code  Inline Cachine (IC) is done here which also help to gather type information. V8 also has a profiler thread which monitors which functions are hot and should be optimized. This profiling also allows V8 to find out information about types using IC. This type information can then be fed to Crankshaft/Turbofan. The type information is stored as a 8 bit value. When a function is optimized the unoptimized code cannot be thrown away as it might be needed since JavaScript is highly dynamic the optimzed function migth change and the in that case we fallback to the unoptimzed code. This takes up alot of memory which may be important for low end devices. Also the time spent in parsing (twice) takes time. The idea with Ignition is to be an bytecode interpreter and to reduce memory consumption, the bytecode is very consice compared to native code which can vary depending on the target platform. The whole source can be parsed and compiled, compared to the current pipeline the has the pre-parse and parse stages mentioned above. So even unused functions will get compiled. The bytecode becomes the source of truth instead of as before the AST. Source ------> Parser --------> Ignition-codegen ---------> Bytecode ---------> Turbofan ----> Optimized Code ---+ /\ | +--------------------------------------------------+ function bajja(a, b, c) { var d = c - 100; return a + d * b; } var result = bajja(2, 2, 150); print(result);$ ./d8 test.js --ignition  --print_bytecode

[generating bytecode for function: bajja]
Parameter count 4
Frame size 8
14 E> 0x2eef8d9b103e @    0 : 7f                StackCheck
38 S> 0x2eef8d9b103f @    1 : 03 64             LdaSmi [100]   // load 100
38 E> 0x2eef8d9b1041 @    3 : 2b 02 02          Sub a2, [2]    // a2 is the third argument. a2 is an argument register
0x2eef8d9b1044 @    6 : 1f fa             Star r0        // r0 is a register for local variables. We only have one which is d
47 S> 0x2eef8d9b1046 @    8 : 1e 03             Ldar a1        // LoaD accumulator from Register argument a1 which is b
60 E> 0x2eef8d9b1048 @   10 : 2c fa 03          Mul r0, [3]    // multiply that is our local variable in r0
56 E> 0x2eef8d9b104b @   13 : 2a 04 04          Add a0, [4]    // add that to our argument register 0 which is a
65 S> 0x2eef8d9b104e @   16 : 83                Return         // return the value in the accumulator?


### Abstract Syntax Tree (AST)

In src/ast/ast.h. You can print the ast using the --print-ast option for d8.

Lets take the following javascript and look at the ast:

const msg = 'testing';
console.log(msg);

$d8 --print-ast simple.js [generating interpreter code for user-defined function: ] --- AST --- FUNC at 0 . KIND 0 . SUSPEND COUNT 0 . NAME "" . INFERRED NAME "" . DECLS . . VARIABLE (0x7ffe5285b0f8) (mode = CONST) "msg" . BLOCK NOCOMPLETIONS at -1 . . EXPRESSION STATEMENT at 12 . . . INIT at 12 . . . . VAR PROXY context[4] (0x7ffe5285b0f8) (mode = CONST) "msg" . . . . LITERAL "testing" . EXPRESSION STATEMENT at 23 . . ASSIGN at -1 . . . VAR PROXY local[0] (0x7ffe5285b330) (mode = TEMPORARY) ".result" . . . CALL Slot(0) . . . . PROPERTY Slot(4) at 31 . . . . . VAR PROXY Slot(2) unallocated (0x7ffe5285b3d8) (mode = DYNAMIC_GLOBAL) "console" . . . . . NAME log . . . . VAR PROXY context[4] (0x7ffe5285b0f8) (mode = CONST) "msg" . RETURN at -1 . . VAR PROXY local[0] (0x7ffe5285b330) (mode = TEMPORARY) ".result"  You can find the declaration of EXPRESSION in ast.h. ### Bytecode Can be found in src/interpreter/bytecodes.h • StackCheck checks that stack limits are not exceeded to guard against overflow. • Star Store content in accumulator regiser in register (the operand). • Ldar LoaD accumulator from Register argument a1 which is b The registers are not machine registers, apart from the accumlator as I understand it, but would instead be stack allocated. #### Parsing Parsing is the parsing of the JavaScript and the generation of the abstract syntax tree. That tree is then visited and bytecode generated from it. This section tries to figure out where in the code these operations are performed. For example, take the script example. $ make run-script
$lldb -- run-script (lldb) br s -n main (lldb) r  Lets take a look at the following line: Local<Script> script = Script::Compile(context, source).ToLocalChecked();  This will land us in api.cc ScriptCompiler::Source script_source(source); return ScriptCompiler::Compile(context, &script_source); MaybeLocal<Script> ScriptCompiler::Compile(Local<Context> context, Source* source, CompileOptions options) { ... auto isolate = context->GetIsolate(); auto maybe = CompileUnboundInternal(isolate, source, options);  CompileUnboundInternal will call GetSharedFunctionInfoForScript (in src/compiler.cc): result = i::Compiler::GetSharedFunctionInfoForScript( str, name_obj, line_offset, column_offset, source->resource_options, source_map_url, isolate->native_context(), NULL, &script_data, options, i::NOT_NATIVES_CODE); (lldb) br s -f compiler.cc -l 1259 LanguageMode language_mode = construct_language_mode(FLAG_use_strict); (lldb) p language_mode (v8::internal::LanguageMode)$10 = SLOPPY


LanguageMode can be found in src/globals.h and it is an enum with three values:

enum LanguageMode : uint32_t { SLOPPY, STRICT, LANGUAGE_END };


SLOPPY mode, I assume, is the mode when there is no "use strict";. Remember that this can go inside a function and does not have to be at the top level of the file.

ParseInfo parse_info(script);


There is a unit test that shows how a ParseInfo instance can be created and inspected.

This will call ParseInfo's constructor (in src/parsing/parse-info.cc), and which will call ParseInfo::InitFromIsolate:

DCHECK_NOT_NULL(isolate);
set_hash_seed(isolate->heap()->HashSeed());
set_stack_limit(isolate->stack_guard()->real_climit());
set_unicode_cache(isolate->unicode_cache());
set_runtime_call_stats(isolate->counters()->runtime_call_stats());
set_ast_string_constants(isolate->ast_string_constants());


I was curious about these ast_string_constants:

(lldb) p *ast_string_constants_
(const v8::internal::AstStringConstants) $58 = { zone_ = { allocation_size_ = 1312 segment_bytes_allocated_ = 8192 position_ = 0x0000000105052538 <no value available> limit_ = 0x0000000105054000 <no value available> allocator_ = 0x0000000103e00080 segment_head_ = 0x0000000105052000 name_ = 0x0000000101623a70 "../../src/ast/ast-value-factory.h:365" sealed_ = false } string_table_ = { v8::base::TemplateHashMapImpl<void *, void *, v8::base::HashEqualityThenKeyMatcher<void *, bool (*)(void *, void *)>, v8::base::DefaultAllocationPolicy> = { map_ = 0x0000000105054000 capacity_ = 64 occupancy_ = 41 match_ = { match_ = 0x000000010014b260 (libv8.dylibv8::internal::AstRawString::Compare(void*, void*) at ast-value-factory.cc:122) } } } hash_seed_ = 500815076 anonymous_function_string_ = 0x0000000105052018 arguments_string_ = 0x0000000105052038 async_string_ = 0x0000000105052058 await_string_ = 0x0000000105052078 boolean_string_ = 0x0000000105052098 constructor_string_ = 0x00000001050520b8 default_string_ = 0x00000001050520d8 done_string_ = 0x00000001050520f8 dot_string_ = 0x0000000105052118 dot_for_string_ = 0x0000000105052138 dot_generator_object_string_ = 0x0000000105052158 dot_iterator_string_ = 0x0000000105052178 dot_result_string_ = 0x0000000105052198 dot_switch_tag_string_ = 0x00000001050521b8 dot_catch_string_ = 0x00000001050521d8 empty_string_ = 0x00000001050521f8 eval_string_ = 0x0000000105052218 function_string_ = 0x0000000105052238 get_space_string_ = 0x0000000105052258 length_string_ = 0x0000000105052278 let_string_ = 0x0000000105052298 name_string_ = 0x00000001050522b8 native_string_ = 0x00000001050522d8 new_target_string_ = 0x00000001050522f8 next_string_ = 0x0000000105052318 number_string_ = 0x0000000105052338 object_string_ = 0x0000000105052358 proto_string_ = 0x0000000105052378 prototype_string_ = 0x0000000105052398 return_string_ = 0x00000001050523b8 set_space_string_ = 0x00000001050523d8 star_default_star_string_ = 0x00000001050523f8 string_string_ = 0x0000000105052418 symbol_string_ = 0x0000000105052438 this_string_ = 0x0000000105052458 this_function_string_ = 0x0000000105052478 throw_string_ = 0x0000000105052498 undefined_string_ = 0x00000001050524b8 use_asm_string_ = 0x00000001050524d8 use_strict_string_ = 0x00000001050524f8 value_string_ = 0x0000000105052518 }  So these are constants that are set on the new ParseInfo instance using the values from the isolate. Not exactly sure what I want with this but I might come back to it later. So, we are back in ParseInfo's constructor: set_allow_lazy_parsing(); set_toplevel(); set_script(script);  Script is of type v8::internal::Script which can be found in src/object/script.h Back now in compiler.cc and the GetSharedFunctionInfoForScript function: Zone compile_zone(isolate->allocator(), ZONE_NAME); ... if (parse_info->literal() == nullptr && !parsing::ParseProgram(parse_info, isolate))  ParseProgram: Parser parser(info); ... FunctionLiteral* result = nullptr; result = parser.ParseProgram(isolate, info);  parser.ParseProgram: Handle<String> source(String::cast(info->script()->source())); (lldb) job *source "var user1 = new Person('Fletch');\x0avar user2 = new Person('Dr.Rosen');\x0aprint("user1 = " + user1.name);\x0aprint("user2 = " + user2.name);\x0a\x0a"  So here we can see our JavaScript as a String. std::unique_ptr<Utf16CharacterStream> stream(ScannerStream::For(source)); scanner_.Initialize(stream.get(), info->is_module()); result = DoParseProgram(info);  DoParseProgram: (lldb) br s -f parser.cc -l 639 ... this->scope()->SetLanguageMode(info->language_mode()); ParseStatementList(body, Token::EOS, &ok);  This call will land in parser-base.h and its ParseStatementList function. (lldb) br s -f parser-base.h -l 4695 StatementT stat = ParseStatementListItem(CHECK_OK_CUSTOM(Return, kLazyParsingComplete)); result = CompileToplevel(&parse_info, isolate, Handle<SharedFunctionInfo>::null());  This will land in CompileTopelevel (in the same file which is src/compiler.cc): // Compile the code. result = CompileUnoptimizedCode(parse_info, shared_info, isolate);  This will land in CompileUnoptimizedCode (in the same file which is src/compiler.cc): // Prepare and execute compilation of the outer-most function. std::unique_ptr<CompilationJob> outer_job( PrepareAndExecuteUnoptimizedCompileJob(parse_info, parse_info->literal(), shared_info, isolate)); std::unique_ptr<CompilationJob> job( interpreter::Interpreter::NewCompilationJob(parse_info, literal, isolate)); if (job->PrepareJob() == CompilationJob::SUCCEEDED && job->ExecuteJob() == CompilationJob::SUCCEEDED) { return job; }  PrepareJobImpl: CodeGenerator::MakeCodePrologue(parse_info(), compilation_info(), "interpreter"); return SUCCEEDED;  codegen.cc MakeCodePrologue: interpreter.cc ExecuteJobImpl: generator()->GenerateBytecode(stack_limit());  src/interpreter/bytecode-generator.cc  RegisterAllocationScope register_scope(this);  The bytecode is register based (if that is the correct term) and we had an example previously. I'm guessing that this is what this call is about. VisitDeclarations will iterate over all the declarations in the file which in our case are: var user1 = new Person('Fletch'); var user2 = new Person('Dr.Rosen'); (lldb) p *variable->raw_name() (const v8::internal::AstRawString)$33 = {
= {
next_ = 0x000000010600a280
string_ = 0x000000010600a280
}
literal_bytes_ = (start_ = "user1", length_ = 5)
hash_field_ = 1303438034
is_one_byte_ = true
has_string_ = false
}

// Perform a stack-check before the body.
builder()->StackCheck(info()->literal()->start_position());


So that call will output a stackcheck instruction, like in the example above:

14 E> 0x2eef8d9b103e @    0 : 7f                StackCheck


### Performance

Say you have the expression x + y the full-codegen compiler might produce:

movq rax, x
movq rbx, y


If x and y are integers just using the add operation would be much quicker:

movq rax, x
movq rbx, y


Recall that functions are optimized so if the compiler has to bail out and unoptimize part of a function then the whole functions will be affected and it will go back to the unoptimized version.

## Bytecode

This section will examine the bytecode for the following JavaScript:

function beve() {
const p = new Promise((resolve, reject) => {
resolve('ok');
});

p.then(msg => {
console.log(msg);
});
}

beve();

$d8 --print-bytecode promise.js  First have the main function which does not have a name: [generating bytecode for function: ] (The code that generated this can be found in src/objects.cc BytecodeArray::Dissassemble) Parameter count 1 Frame size 32 // load what ever the FixedArray[4] is in the constant pool into the accumulator. 0x34423e7ac19e @ 0 : 09 00 LdaConstant [0] // store the FixedArray[4] in register r1 0x34423e7ac1a0 @ 2 : 1e f9 Star r1 // store zero into the accumulator. 0x34423e7ac1a2 @ 4 : 02 LdaZero // store zero (the contents of the accumulator) into register r2. 0x34423e7ac1a3 @ 5 : 1e f8 Star r2 // 0x34423e7ac1a5 @ 7 : 1f fe f7 Mov <closure>, r3 0x34423e7ac1a8 @ 10 : 53 96 01 f9 03 CallRuntime [DeclareGlobalsForInterpreter], r1-r3 0 E> 0x34423e7ac1ad @ 15 : 90 StackCheck 141 S> 0x34423e7ac1ae @ 16 : 0a 01 00 LdaGlobal [1], [0] 0x34423e7ac1b1 @ 19 : 1e f9 Star r1 141 E> 0x34423e7ac1b3 @ 21 : 4f f9 03 CallUndefinedReceiver0 r1, [3] 0x34423e7ac1b6 @ 24 : 1e fa Star r0 148 S> 0x34423e7ac1b8 @ 26 : 94 Return Constant pool (size = 2) 0x34423e7ac149: [FixedArray] in OldSpace - map = 0x344252182309 <Map(HOLEY_ELEMENTS)> - length: 2 0: 0x34423e7ac069 <FixedArray[4]> 1: 0x34423e7abf59 <String[4]: beve> Handler Table (size = 16) Load the global with name in constant pool entry <name_index> into the // accumulator using FeedBackVector slot <slot> outside of a typeof  • LdaConstant Load the constant at index from the constant pool into the accumulator. • Star Store the contents of the accumulator register in dst. • Ldar Load accumulator with value from register src. • LdaGlobal Load the global with name in constant pool entry idx into the accumulator using FeedBackVector slot outside of a typeof. • Mov , Store the value of register You can find the declarations for the these instructions in src/interpreter/interpreter-generator.cc. ## Unified code generation architecture ## FeedbackVector Is attached to every function and is responsible for recording and managing all execution feedback, which is information about types enabling. You can find the declaration for this class in src/feedback-vector.h ## BytecodeGenerator Is currently the only part of V8 that cares about the AST. ## BytecodeGraphBuilder Produces high-level IR graph based on interpreter bytecodes. ## TurboFan Is a compiler backend that gets fed a control flow graph and then does instruction selection, register allocation and code generation. The code generation generates ### Execution/Runtime I'm not sure if V8 follows this exactly but I've heard and read that when the engine comes across a function declaration it only parses and verifies the syntax and saves a ref to the function name. The statements inside the function are not checked at this stage only the syntax of the function declaration (parenthesis, arguments, brackets etc). ### Function methods The declaration of Function can be found in include/v8.h (just noting this as I've looked for it several times) ### Symbol The declarations for the Symbol class can be found in v8.h and the internal implementation in src/api/api.cc. The well known Symbols are generated using macros so you won't find the just by searching using the static function names like 'GetToPrimitive. #define WELL_KNOWN_SYMBOLS(V) \ V(AsyncIterator, async_iterator) \ V(HasInstance, has_instance) \ V(IsConcatSpreadable, is_concat_spreadable) \ V(Iterator, iterator) \ V(Match, match) \ V(Replace, replace) \ V(Search, search) \ V(Split, split) \ V(ToPrimitive, to_primitive) \ V(ToStringTag, to_string_tag) \ V(Unscopables, unscopables) #define SYMBOL_GETTER(Name, name) \ Local<Symbol> v8::Symbol::Get##Name(Isolate* isolate) { \ i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); \ return Utils::ToLocal(i_isolate->factory()->name##_symbol()); \ }  So GetToPrimitive would become: Local<Symbol> v8::Symbol::GeToPrimitive(Isolate* isolate) { i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); return Utils::ToLocal(i_isolate->factory()->to_primitive_symbol()); }  There is an example in symbol-test.cc. ## Builtins Are JavaScript functions/objects that are provided by V8. These are built using a C++ DSL and are passed through: CodeStubAssembler -> CodeAssembler -> RawMachineAssembler.  Builtins need to have bytecode generated for them so that they can be run in TurboFan. src/code-stub-assembler.h All the builtins are declared in src/builtins/builtins-definitions.h by the BUILTIN_LIST_BASE macro. There are different type of builtins (TF = Turbo Fan): TFJ JavaScript linkage which means it is callable as a JavaScript function TFS CodeStub linkage. A builtin with stub linkage can be used to extract common code into a separate code object which can then be used by multiple callers. These is useful because builtins are generated at compile time and included in the V8 snapshot. This means that they are part of every isolate that is created. Being able to share common code for multiple builtins will save space. TFC CodeStub linkage with custom descriptor To see how this works in action we first need to disable snapshots. If we don't, we won't be able to set breakpoints as the the heap will be serialized at compile time and deserialized upon startup of v8. To find the option to disable snapshots use: $ gn args --list out.gn/learning --short | more
...
v8_use_snapshot=true
$gn args out.gn/learning v8_use_snapshot=false$ gn -C out.gn/learning


After building we should be able to set a break point in bootstrapper.cc and its function Genesis::InitializeGlobal:

(lldb) br s -f bootstrapper.cc -l 2684


Lets take a look at how the JSON object is setup:

Handle<String> name = factory->InternalizeUtf8String("JSON");
Handle<JSObject> json_object = factory->NewJSObject(isolate->object_function(), TENURED);


TENURED means that this object should be allocated directly in the old generation.

JSObject::AddProperty(global, name, json_object, DONT_ENUM);


DONT_ENUM is checked by some builtin functions and if set this object will be ignored by those functions.

SimpleInstallFunction(json_object, "parse", Builtins::kJsonParse, 2, false);


Here we can see that we are installing a function named parse, which takes 2 parameters. You can find the definition in src/builtins/builtins-json.cc. What does the SimpleInstallFunction do?

Lets take console as an example which was created using:

Handle<JSObject> console = factory->NewJSObject(cons, TENURED);
SimpleInstallFunction(console, "debug", Builtins::kConsoleDebug, 1, false,
NONE);

V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
Handle<JSObject> base,
const char* name,
Builtins::Name call,
int len,
PropertyAttributes attrs = DONT_ENUM,
BuiltinFunctionId id = kInvalidBuiltinFunctionId) {


So we can see that base is our Handle to a JSObject, and name is "debug". Builtins::Name is Builtins:kConsoleDebug. Where is this defined?
You can find a macro named CPP in src/builtins/builtins-definitions.h:

CPP(ConsoleDebug)

What does this macro expand to?
It is part of the BUILTIN_LIST_BASE macro in builtin-definitions.h We have to look at where BUILTIN_LIST is used which we can find in builtins.cc. In builtins.cc we have an array of BuiltinMetadata which is declared as:

const BuiltinMetadata builtin_metadata[] = {
BUILTIN_LIST(DECL_CPP, DECL_API, DECL_TFJ, DECL_TFC, DECL_TFS, DECL_TFH, DECL_ASM)
};

#define DECL_CPP(Name, ...) { #Name, Builtins::CPP, \


Which will expand to the creation of a BuiltinMetadata struct entry in the array. The BuildintMetadata struct looks like this which might help understand what is going on:

struct BuiltinMetadata {
const char* name;
Builtins::Kind kind;
union {
Address cpp_entry;       // For CPP and API builtins.
int8_t parameter_count;  // For TFJ builtins.
} kind_specific_data;
};


So the CPP(ConsoleDebug) will expand to an entry in the array which would look something like this:

{ ConsoleDebug,
Builtins::CPP,
{
}
},


The third paramter is the creation on the union which might not be obvious.

Back to the question I'm trying to answer which is:
"Buildtins::Name is is Builtins:kConsoleDebug. Where is this defined?"
For this we have to look at builtins.h and the enum Name:

enum Name : int32_t {
#define DEF_ENUM(Name, ...) k##Name,
BUILTIN_LIST_ALL(DEF_ENUM)
#undef DEF_ENUM
builtin_count
};


This will expand to the complete list of builtins in builtin-definitions.h using the DEF_ENUM macro. So the expansion for ConsoleDebug will look like:

enum Name: int32_t {
...
kDebugConsole,
...
};


So backing up to looking at the arguments to SimpleInstallFunction which are:

SimpleInstallFunction(console, "debug", Builtins::kConsoleDebug, 1, false,
NONE);

V8_NOINLINE Handle<JSFunction> SimpleInstallFunction(
Handle<JSObject> base,
const char* name,
Builtins::Name call,
int len,
PropertyAttributes attrs = DONT_ENUM,
BuiltinFunctionId id = kInvalidBuiltinFunctionId) {


We know about Builtins::Name, so lets look at len which is one, what is this?
SimpleInstallFunction will call:

Handle<JSFunction> fun =


len would be used if adapt was true but it is false in our case. This is what it would be used for if adapt was true:

fun->shared()->set_internal_formal_parameter_count(len);


I'm not exactly sure what adapt is referring to here.

PropertyAttributes is not specified so it will get the default value of DONT_ENUM. The last parameter which is of type BuiltinFunctionId is not specified either so the default value of kInvalidBuiltinFunctionId will be used. This is an enum defined in src/objects/objects.h.

This blog provides an example of adding a function to the String object.

$out.gn/learning/mksnapshot --print-code > output  You can then see the generated code from this. This will produce a code stub that can be called through C++. Lets update this to have it be called from JavaScript: Update builtins/builtins-string-get.cc : TF_BUILTIN(GetStringLength, StringBuiltinsAssembler) { Node* const str = Parameter(Descriptor::kReceiver); Return(LoadStringLength(str)); }  We also have to update builtins/builtins-definitions.h: TFJ(GetStringLength, 0)  And bootstrapper.cc: SimpleInstallFunction(prototype, "len", Builtins::kGetStringLength, 0, true);  If you now build using 'ninja -C out.gn/learning_v8' you should be able to run d8 and try this out: d8> const s = 'testing' undefined d8> s.len() 7  Now lets take a closer look at the code that is generated for this: $ out.gn/learning/mksnapshot --print-code > output


Looking at the output generated I was surprised to see two entries for GetStringLength (I changed the name just to make sure there was not something else generating the second one). Why two?

The following uses Intel Assembly syntax which means that no register/immediate prefixes and the first operand is the destination and the second operand the source.

--- Code ---
kind = BUILTIN
name = BeveStringLength
compiler = turbofan
Instructions (size = 136)
0x1fafde09b3a0     0  55             push rbp
0x1fafde09b3a1     1  4889e5         REX.W movq rbp,rsp                  // movq rsp into rbp

0x1fafde09b3a4     4  56             push rsi                            // push the value of rsi (first parameter) onto the stack
0x1fafde09b3a5     5  57             push rdi                            // push the value of rdi (second parameter) onto the stack
0x1fafde09b3a6     6  50             push rax                            // push the value of rax (accumulator) onto the stack

0x1fafde09b3a7     7  4883ec08       REX.W subq rsp,0x8                  // make room for a 8 byte value on the stack
0x1fafde09b3ab     b  488b4510       REX.W movq rax,[rbp+0x10]           // move the value rpm + 10 to rax
0x1fafde09b3af     f  488b58ff       REX.W movq rbx,[rax-0x1]
0x1fafde09b3b3    13  807b0b80       cmpb [rbx+0xb],0x80                // IsString(object). compare byte to zero
0x1fafde09b3b7    17  0f8350000000   jnc 0x1fafde09b40d  <+0x6d>        // jump it carry flag was not set

0x1fafde09b3bd    1d  488b400f       REX.W movq rax,[rax+0xf]
0x1fafde09b3c1    21  4989e2         REX.W movq r10,rsp
0x1fafde09b3c4    24  4883ec08       REX.W subq rsp,0x8
0x1fafde09b3c8    28  4883e4f0       REX.W andq rsp,0xf0
0x1fafde09b3cc    2c  4c891424       REX.W movq [rsp],r10
0x1fafde09b3d0    30  488945e0       REX.W movq [rbp-0x20],rax
0x1fafde09b3d4    34  48be0000000001000000 REX.W movq rsi,0x100000000
0x1fafde09b3de    3e  48bad9c228dfa8090000 REX.W movq rdx,0x9a8df28c2d9    ;; object: 0x9a8df28c2d9 <String[101]: CAST(LoadObjectField(object, offset, MachineTypeOf<T>::value)) at ../../src/code-stub-assembler.h:432>
0x1fafde09b3e8    48  488bf8         REX.W movq rdi,rax
0x1fafde09b3eb    4b  48b830726d0a01000000 REX.W movq rax,0x10a6d7230    ;; external reference (check_object_type)
0x1fafde09b3f5    55  40f6c40f       testb rsp,0xf
0x1fafde09b3f9    59  7401           jz 0x1fafde09b3fc  <+0x5c>
0x1fafde09b3fb    5b  cc             int3l
0x1fafde09b3fc    5c  ffd0           call rax
0x1fafde09b3fe    5e  488b2424       REX.W movq rsp,[rsp]
0x1fafde09b402    62  488b45e0       REX.W movq rax,[rbp-0x20]
0x1fafde09b406    66  488be5         REX.W movq rsp,rbp
0x1fafde09b409    69  5d             pop rbp
0x1fafde09b40a    6a  c20800         ret 0x8

0x1fafde09b40d    6d  48ba71c228dfa8090000 REX.W movq rdx,0x9a8df28c271    ;; object: 0x9a8df28c271 <String[76]\: CSA_ASSERT failed: IsString(object) [../../src/code-stub-assembler.cc:1498]\n>
0x1fafde09b417    77  e8e4d1feff     call 0x1fafde088600     ;; code: BUILTIN
0x1fafde09b41c    7c  cc             int3l
0x1fafde09b41d    7d  cc             int3l
0x1fafde09b41e    7e  90             nop
0x1fafde09b41f    7f  90             nop

Safepoints (size = 8)

RelocInfo (size = 7)
0x1fafde09b3e0  embedded object  (0x9a8df28c2d9 <String[101]: CAST(LoadObjectField(object, offset, MachineTypeOf<T>::value)) at ../../src/code-stub-assembler.h:432>)
0x1fafde09b3ed  external reference (check_object_type)  (0x10a6d7230)
0x1fafde09b40f  embedded object  (0x9a8df28c271 <String[76]\: CSA_ASSERT failed: IsString(object) [../../src/code-stub-assembler.cc:1498]\n>)
0x1fafde09b418  code target (BUILTIN)  (0x1fafde088600)

--- End code ---


### TF_BUILTIN macro

Is a macro to defining Turbofan (TF) builtins and can be found in builtins/builtins-utils-gen.h

If we take a look at the file src/builtins/builtins-bigint-gen.cc and the following function:

TF_BUILTIN(BigIntToI64, CodeStubAssembler) {
if (!Is64()) {
Unreachable();
return;
}

TNode<Object> value = CAST(Parameter(Descriptor::kArgument));
TNode<Context> context = CAST(Parameter(Descriptor::kContext));
TNode<BigInt> n = ToBigInt(context, value);

TVARIABLE(UintPtrT, var_low);
TVARIABLE(UintPtrT, var_high);

BigIntToRawBytes(n, &var_low, &var_high);
Return(var_low.value());
}


Let's take our GetStringLength example from above and see what this will be expanded to after processing this macro:

$clang++ --sysroot=build/linux/debian_sid_amd64-sysroot -isystem=./buildtools/third_party/libc++/trunk/include -isystem=buildtools/third_party/libc++/trunk/include -I. -E src/builtins/builtins-bigint-gen.cc > builtins-bigint-gen.cc.pp  static void Generate_BigIntToI64(compiler::CodeAssemblerState* state); class BigIntToI64Assembler : public CodeStubAssembler { public: using Descriptor = Builtin_BigIntToI64_InterfaceDescriptor; explicit BigIntToI64Assembler(compiler::CodeAssemblerState* state) : CodeStubAssembler(state) {} void GenerateBigIntToI64Impl(); Node* Parameter(Descriptor::ParameterIndices index) { return CodeAssembler::Parameter(static_cast<int>(index)); } }; void Builtins::Generate_BigIntToI64(compiler::CodeAssemblerState* state) { BigIntToI64Assembler assembler(state); state->SetInitialDebugInformation("BigIntToI64", "src/builtins/builtins-bigint-gen.cc", 14); if (Builtins::KindOf(Builtins::kBigIntToI64) == Builtins::TFJ) { assembler.PerformStackCheck(assembler.GetJSContextParameter()); } assembler.GenerateBigIntToI64Impl(); } void BigIntToI64Assembler::GenerateBigIntToI64Impl() { if (!Is64()) { Unreachable(); return; } TNode<Object> value = Cast(Parameter(Descriptor::kArgument)); TNode<Context> context = Cast(Parameter(Descriptor::kContext)); TNode<BigInt> n = ToBigInt(context, value); TVariable<UintPtrT> var_low(this); TVariable<UintPtrT> var_high(this); BigIntToRawBytes(n, &var_low, &var_high); Return(var_low.value()); }  From the resulting class you can see how Parameter can be used from within TF_BUILTIN macro. ## Building V8 You'll need to have checked out the Google V8 sources to you local file system and build it by following the instructions found here. ### Configure v8 build for learning-v8 There is a make target that can generate a build configuration for V8 that is specific to this project. It can be run using the following command: $ make configure_v8


Then to compile this configuration:

$make compile_v8  ### gclient sync $ gclient sync


#### Troubleshooting build:

/v8_src/v8/out/x64.release/obj/libv8_monolith.a(eh-frame.o):eh-frame.cc:function v8::internal::EhFrameWriter::WriteEmptyEhFrame(std::__1::basic_ostream<char, std::__1::char_traits<char> >&): error: undefined reference to 'std::__1::basic_ostream<char, std::__1::char_traits<char> >::write(char const*, long)'
clang: error: linker command failed with exit code 1 (use -v to see invocation)


-stdlib=libc++ is llvm's C++ runtime. This runtime has a __1 namespace. I looks like the static library above was compiled with clangs/llvm's libc++ as we are seeing the __1 namespace.

-stdlib=libstdc++ is GNU's C++ runtime

So we can see that the namespace std::__1 is used which we now know is the namespace that libc++ which is clangs libc++ library. I guess we could go about this in two ways, either we can change v8 build of to use glibc++ when compiling so that the symbols are correct when we want to link against it, or we can update our linker (ld) to use libc++.

We need to include the correct libraries to link with during linking, which means specifying:

-stdlib=libc++ -Wl,-L$(v8_build_dir)  If we look in$(v8_build_dir) we find libc++.so. We also need to this library to be found at runtime by the dynamic linker using LD_LIBRARY_PATH:

$LD_LIBRARY_PATH=../v8_src/v8/out/x64.release/ ./hello-world  Notice that this is using ld from our path. We can tell clang to use a different search path with the -B option: $ clang++ --help | grep -- '-B'
-B <dir>                Add <dir> to search path for binaries and object files used implicitly


libgcc_s is GCC low level runtime library. I've been confusing this with glibc++ libraries for some reason but they are not the same.

Running cctest:

$out.gn/learning/cctest test-heap-profiler/HeapSnapshotRetainedObjectInfo  To get a list of the available tests: $ out.gn/learning/cctest --list


Checking formating/linting:

$git cl format  You can then git diff and see the changes. Running pre-submit checks: $ git cl presubmit


$git cl upload  #### Build details So when we run gn it will generate Ninja build file. GN itself is written in C++ but has a python wrapper around it. A group in gn is just a collection of other targets which enables them to have a name. So when we run gn there will be a number of .ninja files generated. If we look in the root of the output directory we find two .ninja files: build.ninja toolchain.ninja  By default ninja will look for build.ninja and when we run ninja we usually specify the -C out/dir. If no targets are specified on the command line ninja will execute all outputs unless there is one specified as default. V8 has the following default target: default all build all: phony$
./bytecode_builtins_list_generator $./d8$
obj/fuzzer_support.stamp $./gen-regexp-special-case$
obj/generate_bytecode_builtins_list.stamp $obj/gn_all.stamp$
obj/json_fuzzer.stamp $obj/lib_wasm_fuzzer_common.stamp$
./mksnapshot $obj/multi_return_fuzzer.stamp$
obj/parser_fuzzer.stamp $obj/postmortem-metadata.stamp$
obj/regexp_builtins_fuzzer.stamp $obj/regexp_fuzzer.stamp$
obj/run_gen-regexp-special-case.stamp $obj/run_mksnapshot_default.stamp$
obj/run_torque.stamp $./torque$
./torque-language-server $obj/torque_base.stamp$
obj/torque_generated_definitions.stamp $obj/torque_generated_initializers.stamp$
obj/torque_ls_base.stamp $./libv8.so.TOC$
obj/v8_archive.stamp $...  A phony rule can be used to create an alias for other targets. The $ in ninja is an escape character so in the case of the all target it escapes the new line, like using \ in a shell script.

Lets take a look at bytecode_builtins_list_generator:

build $:bytecode_builtins_list_generator: phony ./bytecode_builtins_list_generator  The format of the ninja build statement is: build outputs: rulename inputs  We are again seeing the $ ninja escape character but this time it is escaping the colon which would otherwise be interpreted as separating file names. The output in this case is bytecode_builtins_list_generator. And I'm guessing, as I can't find a connection between ./bytecode_builtins_list_generator and

The default target_out_dir in this case is //out/x64.release_gcc/obj. The executable in BUILD.gn which generates this does not specify any output directory so I'm assuming that it the generated .ninja file is place in the target_out_dir in this case where we can find bytecode_builtins_list_generator.ninja This file has a label named:

label_name = bytecode_builtins_list_generator


Hmm, notice that in build.ninja there is the following command:

subninja toolchain.ninja


And in toolchain.ninja we have:

subninja obj/bytecode_builtins_list_generator.ninja


This is what is making ./bytecode_builtins_list_generator available.

$ninja -C out/x64.release_gcc/ -t targets all | grep bytecode_builtins_list_generator$ rm out/x64.release_gcc/bytecode_builtins_list_generator
$ninja -C out/x64.release_gcc/ bytecode_builtins_list_generator ninja: Entering directory out/x64.release_gcc/' [1/1] LINK ./bytecode_builtins_list_generator  Alright, so I'd like to understand when in the process torque is run to generate classes like TorqueGeneratedStruct: class Struct : public TorqueGeneratedStruct<Struct, HeapObject> {  ./torque$
./torque-language-server $obj/torque_base.stamp$
obj/torque_generated_definitions.stamp $obj/torque_generated_initializers.stamp$
obj/torque_ls_base.stamp $ Like before we can find that obj/torque.ninja in included by the subninja command in toolchain.ninja: subninja obj/torque.ninja  So this is building the executable torque, but it has not been run yet. $ gn ls out/x64.release_gcc/ --type=action
//:generate_bytecode_builtins_list
//:run_gen-regexp-special-case
//:run_mksnapshot_default
//:run_torque
//:v8_dump_build_config
//src/inspector:protocol_compatibility
//src/inspector:protocol_generated_sources
//tools/debug_helper:gen_heap_constants
//tools/debug_helper:run_mkgrokdump


Notice the run_torque target

$gn desc out/x64.release_gcc/ //:run_torque  If we look in toolchain.ninja we have a rule named ___run_torque___build_toolchain_linux_x64__rule command = python ../../tools/run.py ./torque -o gen/torque-generated -v8-root ../.. src/builtins/array-copywithin.tq src/builtins/array-every.tq src/builtins/array-filter.tq src/builtins/array-find.tq ...  And there is a build that specifies the .h and cc files in gen/torque-generated which has this rule in it if they change. ## Building chromium When making changes to V8 you might need to verify that your changes have not broken anything in Chromium. Generate Your Project (gpy) : You'll have to run this once before building: $ gclient sync
$gclient runhooks  #### Update the code base $ git fetch origin master
$git co master$ git merge origin/master


$gn args out.gn/learning  ### Building using Ninja $ ninja -C out.gn/learning


Building the tests:

$ninja -C out.gn/learning chrome/test:unit_tests  An error I got when building the first time: traceback (most recent call last): File "./gyp-mac-tool", line 713, in <module> sys.exit(main(sys.argv[1:])) File "./gyp-mac-tool", line 29, in main exit_code = executor.Dispatch(args) File "./gyp-mac-tool", line 44, in Dispatch return getattr(self, method)(*args[1:]) File "./gyp-mac-tool", line 68, in ExecCopyBundleResource self._CopyStringsFile(source, dest) File "./gyp-mac-tool", line 134, in _CopyStringsFile import CoreFoundation ImportError: No module named CoreFoundation [6642/20987] CXX obj/base/debug/base.task_annotator.o [6644/20987] ACTION base_nacl: build newlib plib_9b4f41e4158ebb93a5d28e6734a13e85 ninja: build stopped: subcommand failed.  I was able to get around this by: $ pip install -U pyobjc


#### Using a specific version of V8

The instructions below work but it is also possible to create a soft link from chromium/src/v8 to local v8 repository and the build/test.

So, we want to include our updated version of V8 so that we can verify that it builds correctly with our change to V8. While I'm not sure this is the proper way to do it, I was able to update DEPS in src (chromium) and set the v8 entry to git@github.com:danbev/v8.git@064718a8921608eaf9b5eadbb7d734ec04068a87:

"git@github.com:danbev/v8.git@064718a8921608eaf9b5eadbb7d734ec04068a87"


You'll have to run gclient sync after this.

Another way is to not updated the DEPS file, which is a version controlled file, but instead update .gclientrc and add a custom_deps entry:

solutions = [{u'managed': False, u'name': u'src', u'url': u'https://chromium.googlesource.com/chromium/src.git',
u'custom_deps': {
"src/v8": "git@github.com:danbev/v8.git@27a666f9be7ca3959c7372bdeeee14aef2a4b7ba"
}, u'deps_file': u'.DEPS.git', u'safesync_url': u''}]


## Buiding pdfium

You may have to compile this project (in addition to chromium to verify that changes in v8 are not breaking code in pdfium.

### Create/clone the project

 $mkdir pdfuim_reop$ gclient config --unmanaged https://pdfium.googlesource.com/pdfium.git
$gclient sync$ cd pdfium


### Building

$ninja -C out/Default  #### Using a branch of v8 You should be able to update the .gclient file adding a custom_deps entry: solutions = [ { "name" : "pdfium", "url" : "https://pdfium.googlesource.com/pdfium.git", "deps_file" : "DEPS", "managed" : False, "custom_deps" : { "v8": "git@github.com:danbev/v8.git@064718a8921608eaf9b5eadbb7d734ec04068a87" }, },  ] cache_dir = None You'll have to run gclient sync after this too. ## Code in this repo #### hello-world hello-world is heavily commented and show the usage of a static int being exposed and accessed from JavaScript. #### instances instances shows the usage of creating new instances of a C++ class from JavaScript. #### run-script run-script is basically the same as instance but reads an external file, script.js and run the script. #### tests The test directory contains unit tests for individual classes/concepts in V8 to help understand them. ## Building this projects code $ make


$./hello-world  ## Cleaning $ make clean


## Contributing a change to V8

1. Create a working branch using git new-branch name

See Googles contributing-code for more details.

$git cl issue  ## Debugging $ lldb hello-world
(lldb) br s -f hello-world.cc -l 27


There are a number of useful functions in src/objects-printer.cc which can also be used in lldb.

#### Print value of a Local object

(lldb) print _v8_internal_Print_Object(*(v8::internal::Object**)(*init_fn))


#### Print stacktrace

(lldb) p _v8_internal_Print_StackTrace()


#### Creating command aliases in lldb

Create a file named .lldbinit (in your project director or home directory). This file can now be found in v8's tools directory.

### Using d8

This is the source used for the following examples:

$cat class.js function Person(name, age) { this.name = name; this.age = age; } print("before"); const p = new Person("Daniel", 41); print(p.name); print(p.age); print("after");  ### V8_shell startup What happens when the v8_shell is run? $ lldb -- out/x64.debug/d8 --enable-inspector class.js
(lldb) breakpoint set --file d8.cc --line 2662
Breakpoint 1: where = d8v8::Shell::Main(int, char**) + 96 at d8.cc:2662, address = 0x0000000100015150


First v8::base::debug::EnableInProcessStackDumping() is called followed by some windows specific code guarded by macros. Next is all the options are set using v8::Shell::SetOptions

SetOptions will call v8::V8::SetFlagsFromCommandLine which is found in src/api.cc:

i::FlagList::SetFlagsFromCommandLine(argc, argv, remove_flags);


This function can be found in src/flags.cc. The flags themselves are defined in src/flag-definitions.h

Next a new SourceGroup array is create:

options.isolate_sources = new SourceGroup[options.num_isolates];
SourceGroup* current = options.isolate_sources;
current->Begin(argv, 1);
for (int i = 1; i < argc; i++) {
const char* str = argv[i];

(lldb) p str
(const char *) $6 = 0x00007fff5fbfed4d "manual.js"  There are then checks performed to see if the args is --isolate or --module, or -e and if not (like in our case) } else if (strncmp(str, "-", 1) != 0) { // Not a flag, so it must be a script to execute. options.script_executed = true;  TODO: I'm not exactly sure what SourceGroups are about but just noting this and will revisit later. This will take us back int Shell::Main in src/d8.cc ::V8::InitializeICUDefaultLocation(argv[0], options.icu_data_file); (lldb) p argv[0] (char *)$8 = 0x00007fff5fbfed48 "./d8"


See ICU a little more details.

Next the default V8 platform is initialized:

g_platform = i::FLAG_verify_predictable ? new PredictablePlatform() : v8::platform::CreateDefaultPlatform();


v8::platform::CreateDefaultPlatform() will be called in our case.

We are then back in Main and have the following lines:

2685 v8::V8::InitializePlatform(g_platform);
2686 v8::V8::Initialize();


This is very similar to what I've seen in the Node.js startup process.

We did not specify any natives_blob or snapshot_blob as an option on the command line so the defaults will be used:

v8::V8::InitializeExternalStartupData(argv[0]);


back in src/d8.cc line 2918:

Isolate* isolate = Isolate::New(create_params);


this call will bring us into api.cc line 8185:

 i::Isolate* isolate = new i::Isolate(false);


So, we are invoking the Isolate constructor (in src/isolate.cc).

isolate->set_snapshot_blob(i::Snapshot::DefaultSnapshotBlob());


api.cc:

isolate->Init(NULL);

compilation_cache_ = new CompilationCache(this);
context_slot_cache_ = new ContextSlotCache();
descriptor_lookup_cache_ = new DescriptorLookupCache();
unicode_cache_ = new UnicodeCache();
inner_pointer_to_code_cache_ = new InnerPointerToCodeCache(this);
global_handles_ = new GlobalHandles(this);
eternal_handles_ = new EternalHandles();
bootstrapper_ = new Bootstrapper(this);
handle_scope_implementer_ = new HandleScopeImplementer(this);
store_stub_cache_ = new StubCache(this, Code::STORE_IC);
materialized_object_store_ = new MaterializedObjectStore(this);
regexp_stack_ = new RegExpStack();
regexp_stack_->isolate_ = this;
date_cache_ = new DateCache();
call_descriptor_data_ =
new CallInterfaceDescriptorData[CallDescriptors::NUMBER_OF_DESCRIPTORS];
access_compiler_data_ = new AccessCompilerData();
cpu_profiler_ = new CpuProfiler(this);
heap_profiler_ = new HeapProfiler(heap());
interpreter_ = new interpreter::Interpreter(this);
compiler_dispatcher_ =
new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size);


src/builtins/builtins.cc, this is where the builtins are defined. TODO: sort out what these macros do.

In src/v8.cc we have a couple of checks for if the options passed are for a stress_run but since we did not pass in any such flags this code path will be followed which will call RunMain:

result = RunMain(isolate, argc, argv, last_run);


this will end up calling:

options.isolate_sources[0].Execute(isolate);


Which will call SourceGroup::Execute(Isolate* isolate)

// Use all other arguments as names of files to load and run.
HandleScope handle_scope(isolate);
Local<String> file_name = String::NewFromUtf8(isolate, arg, NewStringType::kNormal).ToLocalChecked();
if (source.IsEmpty()) {
Shell::Exit(1);
}
Shell::options.script_executed = true;
if (!Shell::ExecuteString(isolate, source, file_name, false, true)) {
exception_was_thrown = true;
break;
}

ScriptOrigin origin(name);
if (compile_options == ScriptCompiler::kNoCompileOptions) {
ScriptCompiler::Source script_source(source, origin);
return ScriptCompiler::Compile(context, &script_source, compile_options);
}


Which will delegate to ScriptCompiler(Local, Source* source, CompileOptions options):

auto maybe = CompileUnboundInternal(isolate, source, options);


CompileUnboundInternal

result = i::Compiler::GetSharedFunctionInfoForScript(
str, name_obj, line_offset, column_offset, source->resource_options,
source_map_url, isolate->native_context(), NULL, &script_data, options,
i::NOT_NATIVES_CODE);


src/compiler.cc

// Compile the function and add it to the cache.
ParseInfo parse_info(script);
Zone compile_zone(isolate->allocator(), ZONE_NAME);
CompilationInfo info(&compile_zone, &parse_info, Handle<JSFunction>::null());


Back in src/compiler.cc-info.cc:

result = CompileToplevel(&info);

(lldb) job *result
0x17df0df309f1: [SharedFunctionInfo]
- name = 0x1a7f12d82471 <String[0]: >
- formal_parameter_count = 0
- expected_nof_properties = 10
- ast_node_count = 23
- instance class name = #Object

- code = 0x1d8484d3661 <Code: BUILTIN>
- source code = function bajja(a, b, c) {
var d = c - 100;
return a + d * b;
}

var result = bajja(2, 2, 150);
print(result);

- anonymous expression
- function token position = -1
- start position = 0
- end position = 114
- no debug info
- length = 0
- optimized_code_map = 0x1a7f12d82241 <FixedArray[0]>
- length: 3
- slot_count: 11
Slot #2 kCreateClosure
Slot #5 CALL_IC
Slot #7 CALL_IC

- bytecode_array = 0x17df0df30c61


Back in d8.cc:

maybe_result = script->Run(realm);


src/api.cc

auto fun = i::Handle<i::JSFunction>::cast(Utils::OpenHandle(this));

(lldb) job *fun
0x17df0df30e01: [Function]
- map = 0x19cfe0003859 [FastProperties]
- prototype = 0x17df0df043b1
- elements = 0x1a7f12d82241 <FixedArray[0]> [FAST_HOLEY_ELEMENTS]
- initial_map =
- shared_info = 0x17df0df309f1 <SharedFunctionInfo>
- name = 0x1a7f12d82471 <String[0]: >
- formal_parameter_count = 0
- context = 0x17df0df03bf9 <FixedArray[245]>
- feedback vector cell = 0x17df0df30ed1 Cell for 0x17df0df30e49 <FixedArray[13]>
- code = 0x1d8484d3661 <Code: BUILTIN>
- properties = 0x1a7f12d82241 <FixedArray[0]> {
#length: 0x2c35a5718089 <AccessorInfo> (const accessor descriptor)
#name: 0x2c35a57180f9 <AccessorInfo> (const accessor descriptor)
#arguments: 0x2c35a5718169 <AccessorInfo> (const accessor descriptor)
#caller: 0x2c35a57181d9 <AccessorInfo> (const accessor descriptor)
#prototype: 0x2c35a5718249 <AccessorInfo> (const accessor descriptor)

}

Local<Value> result;
has_pending_exception = !ToLocal<Value>(i::Execution::Call(isolate, fun, receiver, 0, nullptr), &result);


src/execution.cc

### Zone

Taken directly from src/zone/zone.h:

// The Zone supports very fast allocation of small chunks of
// memory. The chunks cannot be deallocated individually, but instead
// the Zone supports deallocating all chunks in one fast
// operation. The Zone is used to hold temporary data structures like
// the abstract syntax tree, which is deallocated after compilation.


### V8 flags

$./d8 --help  ### d8 (lldb) br s -f d8.cc -l 2935 return v8::Shell::Main(argc, argv); api.cc:6112 i::ReadNatives(); natives-external.cc  ### v8::String::NewFromOneByte So I was a little confused when I first read this function name and thought it had something to do with the length of the string. But the byte is the type of the chars that make up the string. For example, a one byte char would be reinterpreted as uint8_t: const char* data reinterpret_cast<const uint8_t*>(data)  #### Tasks • gdbinit has been updated. Check if there is something that should be ported to lldbinit ### Invocation walkthrough This section will go through calling a Script to understand what happens in V8. I'll be using run-scripts.cc as the example for this. $ lldb -- ./run-scripts
(lldb) br s -n main


I'll step through until the following call:

script->Run(context).ToLocalChecked();


So, Script::Run is defined in api.cc First things that happens in this function is a macro:

PREPARE_FOR_EXECUTION_WITH_CONTEXT_IN_RUNTIME_CALL_STATS_SCOPE(
"v8",
"V8.Execute",
context,
Script,
Run,
MaybeLocal<Value>(),
InternalEscapableScope,
true);
TRACE_EVENT_CALL_STATS_SCOPED(isolate, category, name);
PREPARE_FOR_EXECUTION_GENERIC(isolate, context, class_name, function_name, \
bailout_value, HandleScopeClass, do_callback);


So, what does the preprocessor replace this with then:

auto isolate = context.IsEmpty() ? i::Isolate::Current()                               : reinterpret_cast<i::Isolate*>(context->GetIsolate());


I'm skipping TRACE_EVENT_CALL_STATS_SCOPED for now. PREPARE_FOR_EXECUTION_GENERIC will be replaced with:

if (IsExecutionTerminatingCheck(isolate)) {                        \
return bailout_value;                                            \
}                                                                  \
HandleScopeClass handle_scope(isolate);                            \
CallDepthScope<do_callback> call_depth_scope(isolate, context);    \
LOG_API(isolate, class_name, function_name);                       \
ENTER_V8_DO_NOT_USE(isolate);                                      \
bool has_pending_exception = false

auto fun = i::Handle<i::JSFunction>::cast(Utils::OpenHandle(this));

(lldb) job *fun
0x33826912c021: [Function]
- map = 0x1d0656c03599 [FastProperties]
- prototype = 0x338269102e69
- elements = 0x35190d902241 <FixedArray[0]> [FAST_HOLEY_ELEMENTS]
- initial_map =
- shared_info = 0x33826912bc11 <SharedFunctionInfo>
- name = 0x35190d902471 <String[0]: >
- formal_parameter_count = 0
- context = 0x338269102611 <FixedArray[265]>
- feedback vector cell = 0x33826912c139 <Cell value= 0x33826912c069 <FixedArray[24]>>
- code = 0x1319e25fcf21 <Code BUILTIN>
- properties = 0x35190d902241 <FixedArray[0]> {
#length: 0x2e9d97ce68b1 <AccessorInfo> (const accessor descriptor)
#name: 0x2e9d97ce6921 <AccessorInfo> (const accessor descriptor)
#arguments: 0x2e9d97ce6991 <AccessorInfo> (const accessor descriptor)
#caller: 0x2e9d97ce6a01 <AccessorInfo> (const accessor descriptor)
#prototype: 0x2e9d97ce6a71 <AccessorInfo> (const accessor descriptor)
}


The code for i::JSFunction is generated in src/api.h. Lets take a closer look at this.

#define DECLARE_OPEN_HANDLE(From, To) \
static inline v8::internal::Handle<v8::internal::To> \
OpenHandle(const From* that, bool allow_empty_handle = false);

OPEN_HANDLE_LIST(DECLARE_OPEN_HANDLE)


OPEN_HANDLE_LIST looks like this:

#define OPEN_HANDLE_LIST(V)                    \
....
V(Script, JSFunction)                        \


So lets expand this for JSFunction and it should become:

  static inline v8::internal::Handle<v8::internal::JSFunction> \
OpenHandle(const Script* that, bool allow_empty_handle = false);


So there will be an function named OpenHandle that will take a const pointer to Script.

A little further down in src/api.h there is another macro which looks like this:

OPEN_HANDLE_LIST(MAKE_OPEN_HANDLE)


MAKE_OPEN_HANDLE:

    #define MAKE_OPEN_HANDLE(From, To)
v8::internal::Handle<v8::internal::To> Utils::OpenHandle(
const v8::From* that, bool allow_empty_handle) {
return v8::internal::Handle<v8::internal::To>(
}


And remember that JSFunction is included in the OPEN_HANDLE_LIST so there will be the following in the source after the preprocessor has processed this header: A concrete example would look like this:

v8::internal::Handle<v8::internal::JSFunction> Utils::OpenHandle(
const v8::Script* that, bool allow_empty_handle) {
return v8::internal::Handle<v8::internal::JSFunction>(


You can inspect the output of the preprocessor using:

$clang++ -I./out/x64.release/gen -I. -I./include -E src/api/api-inl.h > api-inl.output  So where is JSFunction declared? It is defined in objects.h ## Ignition interpreter User JavaScript also needs to have bytecode generated for them and they also use the C++ DLS and use the CodeStubAssembler -> CodeAssembler -> RawMachineAssembler just like builtins. ## C++ Domain Specific Language (DLS) #### Build failure After rebasing I've seen the following issue: $ ninja -C out/Debug chrome
ninja: Entering directory out/Debug'
ninja: error: '../../chrome/renderer/resources/plugins/plugin_delay.html', needed by 'gen/chrome/grit/renderer_resources.h', missing and no known rule to make it


The "solution" was to remove the out directory and rebuild.

To find suitable task you can use label:HelpWanted at bugs.chromium.org.

### OpenHandle

What does this call do:

Utils::OpenHandle(*(source->source_string));

OPEN_HANDLE_LIST(MAKE_OPEN_HANDLE)


Which is a macro defined in src/api.h:

#define MAKE_OPEN_HANDLE(From, To)                                             \
v8::internal::Handle<v8::internal::To> Utils::OpenHandle(                    \
const v8::From* that, bool allow_empty_handle) {                         \
DCHECK(allow_empty_handle || that != NULL);                                \
DCHECK(that == NULL ||                                                     \
(*reinterpret_cast<v8::internal::Object* const*>(that))->Is##To()); \
return v8::internal::Handle<v8::internal::To>(                             \
reinterpret_cast<v8::internal::To**>(const_cast<v8::From*>(that)));    \
}

OPEN_HANDLE_LIST(MAKE_OPEN_HANDLE)


If we take a closer look at the macro is should expand to something like this in our case:

 v8::internal::Handle<v8::internal::To> Utils::OpenHandle(const v8:String* that, false) {
DCHECK(allow_empty_handle || that != NULL);                                \
DCHECK(that == NULL ||                                                     \
(*reinterpret_cast<v8::internal::Object* const*>(that))->IsString()); \
return v8::internal::Handle<v8::internal::String>(                             \
reinterpret_cast<v8::internal::String**>(const_cast<v8::String*>(that)));    \
}


So this is returning a new v8::internal::Handle, the constructor is defined in src/handles.h:95.

src/objects.cc Handle WeakFixedArray::Add(Handle maybe_array, 10167 Handle value, 10168 int* assigned_index) { Notice the name of the first parameter maybe_array but it is not of type maybe?

### Context

JavaScript provides a set of builtin functions and objects. These functions and objects can be changed by user code. Each context is separate collection of these objects and functions.

And internal::Context is declared in deps/v8/src/contexts.h and extends FixedArray

class Context: public FixedArray {


A Context can be create by calling:

const v8::HandleScope handle_scope(isolate_);
Handle<Context> context = Context::New(isolate_,
nullptr,
v8::Local<v8::ObjectTemplate>());


Context::New can be found in src/api.cc:6405:

Local<Context> v8::Context::New(
v8::Isolate* external_isolate, v8::ExtensionConfiguration* extensions,
v8::MaybeLocal<ObjectTemplate> global_template,
v8::MaybeLocal<Value> global_object,
DeserializeInternalFieldsCallback internal_fields_deserializer) {
return NewContext(external_isolate, extensions, global_template,
global_object, 0, internal_fields_deserializer);
}


The declaration of this function can be found in include/v8.h:

static Local<Context> New(
Isolate* isolate, ExtensionConfiguration* extensions = NULL,
MaybeLocal<ObjectTemplate> global_template = MaybeLocal<ObjectTemplate>(),
MaybeLocal<Value> global_object = MaybeLocal<Value>(),
DeserializeInternalFieldsCallback internal_fields_deserializer =
DeserializeInternalFieldsCallback());


So we can see the reason why we did not have to specify internal_fields_deserialize. What is ExtensionConfiguration?
This class can be found in include/v8.h and only has two members, a count of the extension names and an array with the names.

If specified these will be installed by Boostrapper::InstallExtensions which will delegate to Genesis::InstallExtensions, both can be found in src/boostrapper.cc. Where are extensions registered?
This is done once per process and called from V8::Initialize():

void Bootstrapper::InitializeOncePerProcess() {
free_buffer_extension_ = new FreeBufferExtension;
v8::RegisterExtension(free_buffer_extension_);
gc_extension_ = new GCExtension(GCFunctionName());
v8::RegisterExtension(gc_extension_);
externalize_string_extension_ = new ExternalizeStringExtension;
v8::RegisterExtension(externalize_string_extension_);
statistics_extension_ = new StatisticsExtension;
v8::RegisterExtension(statistics_extension_);
trigger_failure_extension_ = new TriggerFailureExtension;
v8::RegisterExtension(trigger_failure_extension_);
ignition_statistics_extension_ = new IgnitionStatisticsExtension;
v8::RegisterExtension(ignition_statistics_extension_);
}


The extensions can be found in src/extensions. You register your own extensions and an example of this can be found in test/context_test.cc.

(lldb) br s -f node.cc -l 4439
(lldb) expr context->length()
(int) $522 = 281  This output was taken Creating a new Context is done by v8::CreateEnvironment (lldb) br s -f api.cc -l 6565  InvokeBootstrapper<ObjectType> invoke; 6635 result = -> 6636 invoke.Invoke(isolate, maybe_proxy, proxy_template, extensions, 6637 context_snapshot_index, embedder_fields_deserializer);  This will later end up in Snapshot::NewContextFromSnapshot: Vector<const byte> context_data = ExtractContextData(blob, static_cast<uint32_t>(context_index)); SnapshotData snapshot_data(context_data); MaybeHandle<Context> maybe_result = PartialDeserializer::DeserializeContext( isolate, &snapshot_data, can_rehash, global_proxy, embedder_fields_deserializer);  So we can see here that the Context is deserialized from the snapshot. What does the Context contain at this stage: (lldb) expr result->length() (int)$650 = 281
(lldb) expr result->Print()
// not inlcuding the complete output


Lets take a look at an entry:

(lldb) expr result->get(0)->Print()
0xc201584331: [Function] in OldSpace
- map = 0xc24c002251 [FastProperties]
- prototype = 0xc201584371
- elements = 0xc2b2882251 <FixedArray[0]> [HOLEY_ELEMENTS]
- initial_map =
- shared_info = 0xc2b2887521 <SharedFunctionInfo>
- name = 0xc2b2882441 <String[0]: >
- formal_parameter_count = -1
- kind = [ NormalFunction ]
- context = 0xc201583a59 <FixedArray[281]>
- code = 0x2df1f9865a61 <Code BUILTIN>
- source code = () {}
- properties = 0xc2b2882251 <FixedArray[0]> {
#length: 0xc2cca83729 <AccessorInfo> (const accessor descriptor)
#name: 0xc2cca83799 <AccessorInfo> (const accessor descriptor)
#arguments: 0xc201587fd1 <AccessorPair> (const accessor descriptor)
#caller: 0xc201587fd1 <AccessorPair> (const accessor descriptor)
#constructor: 0xc201584c29 <JSFunction Function (sfi = 0xc2b28a6fb1)> (const data descriptor)
#apply: 0xc201588079 <JSFunction apply (sfi = 0xc2b28a7051)> (const data descriptor)
#bind: 0xc2015880b9 <JSFunction bind (sfi = 0xc2b28a70f1)> (const data descriptor)
#call: 0xc2015880f9 <JSFunction call (sfi = 0xc2b28a7191)> (const data descriptor)
#toString: 0xc201588139 <JSFunction toString (sfi = 0xc2b28a7231)> (const data descriptor)
0xc2b28bc669 <Symbol: Symbol.hasInstance>: 0xc201588179 <JSFunction [Symbol.hasInstance] (sfi = 0xc2b28a72d1)> (const data descriptor)
}

- feedback vector: not available


So we can see that this is of type [Function] which we can cast using:

(lldb) expr JSFunction::cast(result->get(0))->code()->Print()
0x2df1f9865a61: [Code]
kind = BUILTIN
name = EmptyFunction

(lldb) expr JSFunction::cast(result->closure())->Print()
0xc201584331: [Function] in OldSpace
- map = 0xc24c002251 [FastProperties]
- prototype = 0xc201584371
- elements = 0xc2b2882251 <FixedArray[0]> [HOLEY_ELEMENTS]
- initial_map =
- shared_info = 0xc2b2887521 <SharedFunctionInfo>
- name = 0xc2b2882441 <String[0]: >
- formal_parameter_count = -1
- kind = [ NormalFunction ]
- context = 0xc201583a59 <FixedArray[281]>
- code = 0x2df1f9865a61 <Code BUILTIN>
- source code = () {}
- properties = 0xc2b2882251 <FixedArray[0]> {
#length: 0xc2cca83729 <AccessorInfo> (const accessor descriptor)
#name: 0xc2cca83799 <AccessorInfo> (const accessor descriptor)
#arguments: 0xc201587fd1 <AccessorPair> (const accessor descriptor)
#caller: 0xc201587fd1 <AccessorPair> (const accessor descriptor)
#constructor: 0xc201584c29 <JSFunction Function (sfi = 0xc2b28a6fb1)> (const data descriptor)
#apply: 0xc201588079 <JSFunction apply (sfi = 0xc2b28a7051)> (const data descriptor)
#bind: 0xc2015880b9 <JSFunction bind (sfi = 0xc2b28a70f1)> (const data descriptor)
#call: 0xc2015880f9 <JSFunction call (sfi = 0xc2b28a7191)> (const data descriptor)
#toString: 0xc201588139 <JSFunction toString (sfi = 0xc2b28a7231)> (const data descriptor)
0xc2b28bc669 <Symbol: Symbol.hasInstance>: 0xc201588179 <JSFunction [Symbol.hasInstance] (sfi = 0xc2b28a72d1)> (const data descriptor)
}

- feedback vector: not available


So this is the JSFunction associated with the deserialized context. Not sure what this is about as looking at the source code it looks like an empty function. A function can also be set on the context so I'm guessing that this give access to the function of a context once set. Where is function set, well it is probably deserialized but we can see it be used in deps/v8/src/bootstrapper.cc:

{
Handle<JSFunction> function = SimpleCreateFunction(isolate, factory->empty_string(), Builtins::kAsyncFunctionAwaitCaught, 2, false);
native_context->set_async_function_await_caught(*function);
}
​console
(lldb) expr isolate()->builtins()->builtin_handle(Builtins::Name::kAsyncFunctionAwaitCaught)->Print()


Context::Scope is a RAII class used to Enter/Exit a context. Lets take a closer look at Enter:

void Context::Enter() {
i::Handle<i::Context> env = Utils::OpenHandle(this);
i::Isolate* isolate = env->GetIsolate();
ENTER_V8_NO_SCRIPT_NO_EXCEPTION(isolate);
i::HandleScopeImplementer* impl = isolate->handle_scope_implementer();
impl->EnterContext(env);
impl->SaveContext(isolate->context());
isolate->set_context(*env);
}


So the current context is saved and then the this context env is set as the current on the isolate. EnterContext will push the passed-in context (deps/v8/src/api.cc):

void HandleScopeImplementer::EnterContext(Handle<Context> context) {
entered_contexts_.push_back(*context);
}
...
DetachableVector<Context*> entered_contexts_;

DetachableVector is a delegate/adaptor with some additonaly features on a std::vector.
Handle<Context> context1 = NewContext(isolate);
Handle<Context> context2 = NewContext(isolate);
Context::Scope context_scope1(context1);        // entered_contexts_ [context1], saved_contexts_[isolateContext]
Context::Scope context_scope2(context2);        // entered_contexts_ [context1, context2], saved_contexts[isolateContext, context1]


Now, SaveContext is using the current context, not this context (env) and pushing that to the end of the saved_contexts_ vector. We can look at this as we entered context_scope2 from context_scope1:

And Exit looks like:

void Context::Exit() {
i::Handle<i::Context> env = Utils::OpenHandle(this);
i::Isolate* isolate = env->GetIsolate();
ENTER_V8_NO_SCRIPT_NO_EXCEPTION(isolate);
i::HandleScopeImplementer* impl = isolate->handle_scope_implementer();
if (!Utils::ApiCheck(impl->LastEnteredContextWas(env),
"v8::Context::Exit()",
"Cannot exit non-entered context")) {
return;
}
impl->LeaveContext();
isolate->set_context(impl->RestoreContext());
}


#### EmbedderData

A context can have embedder data set on it. Like decsribed above a Context is internally A FixedArray. SetEmbedderData in Context is implemented in src/api.cc:

const char* location = "v8::Context::SetEmbedderData()";
i::Handle<i::FixedArray> data = EmbedderDataFor(this, index, true, location);
i::Handle<i::FixedArray> data(env->embedder_data());


location is only used for logging and we can ignore it for now. EmbedderDataFor:

i::Handle<i::Context> env = Utils::OpenHandle(context);
...
i::Handle<i::FixedArray> data(env->embedder_data());


We can find embedder_data in src/contexts-inl.h

#define NATIVE_CONTEXT_FIELD_ACCESSORS(index, type, name) \
inline void set_##name(type* value);                    \
inline bool is_##name(type* value) const;               \
inline type* name() const;
NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSORS)


And NATIVE_CONTEXT_FIELDS in context.h:

#define NATIVE_CONTEXT_FIELDS(V)                                               \
V(GLOBAL_PROXY_INDEX, JSObject, global_proxy_object)                         \
V(EMBEDDER_DATA_INDEX, FixedArray, embedder_data)                            \
...

#define NATIVE_CONTEXT_FIELD_ACCESSORS(index, type, name) \
void Context::set_##name(type* value) {                 \
DCHECK(IsNativeContext());                            \
set(index, value);                                    \
}                                                       \
bool Context::is_##name(type* value) const {            \
DCHECK(IsNativeContext());                            \
return type::cast(get(index)) == value;               \
}                                                       \
type* Context::name() const {                           \
DCHECK(IsNativeContext());                            \
return type::cast(get(index));                        \
}
NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSORS)
#undef NATIVE_CONTEXT_FIELD_ACCESSORS


So the preprocessor would expand this to:

FixedArray embedder_data() const;

void Context::set_embedder_data(FixedArray value) {
DCHECK(IsNativeContext());
set(EMBEDDER_DATA_INDEX, value);
}

bool Context::is_embedder_data(FixedArray value) const {
DCHECK(IsNativeContext());
return FixedArray::cast(get(EMBEDDER_DATA_INDEX)) == value;
}

FixedArray Context::embedder_data() const {
DCHECK(IsNativeContext());
return FixedArray::cast(get(EMBEDDER_DATA_INDEX));
}


We can take a look at the initial data:

lldb) expr data->Print()
0x2fac3e896439: [FixedArray] in OldSpace
- map = 0x2fac9de82341 <Map(HOLEY_ELEMENTS)>
- length: 3
0-2: 0x2fac1cb822e1 <undefined>
(lldb) expr data->length()
(int) 5 = 3  And after setting: (lldb) expr data->Print() 0x2fac3e896439: [FixedArray] in OldSpace - map = 0x2fac9de82341 <Map(HOLEY_ELEMENTS)> - length: 3 0: 0x2fac20c866e1 <String[7]: embdata> 1-2: 0x2fac1cb822e1 <undefined> (lldb) expr v8::internal::String::cast(data->get(0))->Print() "embdata"  This was taken while debugging ContextTest::EmbedderData. ### ENTER_V8_FOR_NEW_CONTEXT This macro is used in CreateEnvironment (src/api.cc) and the call in this function looks like this: ENTER_V8_FOR_NEW_CONTEXT(isolate);  ### Factory::NewMap This section will take a look at the following call: i::Handle<i::Map> map = factory->NewMap(i::JS_OBJECT_TYPE, 24);  Lets take a closer look at this function which can be found in src/factory.cc: Handle<Map> Factory::NewMap(InstanceType type, int instance_size, ElementsKind elements_kind, int inobject_properties) { CALL_HEAP_FUNCTION( isolate(), isolate()->heap()->AllocateMap(type, instance_size, elements_kind, inobject_properties), Map); }  If we take a look at factory.h we can see the default values for elements_kind and inobject_properties: Handle<Map> NewMap(InstanceType type, int instance_size, ElementsKind elements_kind = TERMINAL_FAST_ELEMENTS_KIND, int inobject_properties = 0);  If we expand the CALL_HEAP_FUNCTION macro we will get:  AllocationResult __allocation__ = isolate()->heap()->AllocateMap(type, instance_size, elements_kind, inobject_properties), Object* __object__ = nullptr; RETURN_OBJECT_UNLESS_RETRY(isolate(), Map) /* Two GCs before panicking. In newspace will almost always succeed. */ for (int __i__ = 0; __i__ < 2; __i__++) { (isolate())->heap()->CollectGarbage( __allocation__.RetrySpace(), GarbageCollectionReason::kAllocationFailure); __allocation__ = FUNCTION_CALL; RETURN_OBJECT_UNLESS_RETRY(isolate, Map) } (isolate())->counters()->gc_last_resort_from_handles()->Increment(); (isolate())->heap()->CollectAllAvailableGarbage( GarbageCollectionReason::kLastResort); { AlwaysAllocateScope __scope__(isolate()); t __allocation__ = isolate()->heap()->AllocateMap(type, instance_size, elements_kind, inobject_properties), } RETURN_OBJECT_UNLESS_RETRY(isolate, Map) /* TODO(1181417): Fix this. */ v8::internal::Heap::FatalProcessOutOfMemory("CALL_AND_RETRY_LAST", true); return Handle<Map>();  So, lets take a look at isolate()->heap()->AllocateMap in 'src/heap/heap.cc':  HeapObject* result = nullptr; AllocationResult allocation = AllocateRaw(Map::kSize, MAP_SPACE);  AllocateRaw can be found in src/heap/heap-inl.h:  bool large_object = size_in_bytes > kMaxRegularHeapObjectSize; HeapObject* object = nullptr; AllocationResult allocation; if (NEW_SPACE == space) { if (large_object) { space = LO_SPACE; } else { allocation = new_space_->AllocateRaw(size_in_bytes, alignment); if (allocation.To(&object)) { OnAllocationEvent(object, size_in_bytes); } return allocation; } } } else if (MAP_SPACE == space) { allocation = map_space_->AllocateRawUnaligned(size_in_bytes); }  (lldb) expr large_object (bool)3 = false
(lldb) expr size_in_bytes
(int) $5 = 80 (lldb) expr map_space_ (v8::internal::MapSpace *)$6 = 0x0000000104700f60


AllocateRawUnaligned can be found in src/heap/spaces-inl.h

  HeapObject* object = AllocateLinearly(size_in_bytes);


### v8::internal::Object

Is an abstract super class for all classes in the object hierarch and both Smi and HeapObject are subclasses of Object so there are no data members in object only functions. For example:

  bool IsObject() const { return true; }
INLINE(bool IsSmi() const
INLINE(bool IsLayoutDescriptor() const
INLINE(bool IsHeapObject() const
INLINE(bool IsPrimitive() const
INLINE(bool IsNumber() const
INLINE(bool IsNumeric() const
INLINE(bool IsAbstractCode() const
INLINE(bool IsAccessCheckNeeded() const
INLINE(bool IsArrayList() const
INLINE(bool IsBigInt() const
INLINE(bool IsUndefined() const
INLINE(bool IsNull() const
INLINE(bool IsTheHole() const
INLINE(bool IsException() const
INLINE(bool IsUninitialized() const
INLINE(bool IsTrue() const
INLINE(bool IsFalse() const
...


### v8::internal::Smi

Extends v8::internal::Object and are not allocated on the heap. There are no members as the pointer itself is used to store the information.

In our case the calling v8::Isolate::New which is done by the test fixture:

virtual void SetUp() {
isolate_ = v8::Isolate::New(create_params_);
}


This will call:

Isolate* Isolate::New(const Isolate::CreateParams& params) {
Isolate* isolate = Allocate();
Initialize(isolate, params);
return isolate;
}


In Isolate::Initialize we'll call i::Snapshot::Initialize(i_isolate):

if (params.entry_hook || !i::Snapshot::Initialize(i_isolate)) {
...


Which will call:

bool success = isolate->Init(&deserializer);


Before this call all the roots are uninitialized. Reading this blog it says that the Isolate class contains a roots table. It looks to me that the Heap contains this data structure but perhaps that is what they meant.

(lldb) bt 3
* frame #0: 0x0000000101584f43 libv8.dylibv8::internal::StartupDeserializer::DeserializeInto(this=0x00007ffeefbfe200, isolate=0x000000010481cc00) at startup-deserializer.cc:39
frame #1: 0x0000000101028bb6 libv8.dylibv8::internal::Isolate::Init(this=0x000000010481cc00, des=0x00007ffeefbfe200) at isolate.cc:3036
frame #2: 0x000000010157c682 libv8.dylibv8::internal::Snapshot::Initialize(isolate=0x000000010481cc00) at snapshot-common.cc:54


In startup-deserializer.cc we can find StartupDeserializer::DeserializeInto:

  DisallowHeapAllocation no_gc;
isolate->heap()->IterateSmiRoots(this);
isolate->heap()->IterateStrongRoots(this, VISIT_ONLY_STRONG);


After If we take a look in src/roots.h we can find the read-only roots in Heap. If we take the 10 value, which is:

V(String, empty_string, empty_string)                                        \


we can then inspect this value:

(lldb) expr roots_[9]
(v8::internal::Object *) $32 = 0x0000152d30b82851 (lldb) expr roots_[9]->IsString() (bool)$30 = true
(lldb) expr roots_[9]->Print()
#


So this entry is a pointer to objects on the managed heap which have been deserialized from the snapshot.

The heap class has a lot of members that are initialized during construction by the body of the constructor looks like this:

{
// Ensure old_generation_size_ is a multiple of kPageSize.
DCHECK_EQ(0, max_old_generation_size_ & (Page::kPageSize - 1));

memset(roots_, 0, sizeof(roots_[0]) * kRootListLength);
set_native_contexts_list(nullptr);
set_allocation_sites_list(Smi::kZero);
set_encountered_weak_collections(Smi::kZero);
// Put a dummy entry in the remembered pages so we can find the list the
// minidump even if there are no real unmapped pages.
RememberUnmappedPage(nullptr, false);
}


We can see that roots_ is filled with 0 values. We can inspect roots_ using:

(lldb) expr roots_
(lldb) expr RootListIndex::kRootListLength
(int) $16 = 509  Now they are all 0 at this stage, so when will this array get populated? These will happen in Isolate::Init:  heap_.SetUp() if (!create_heap_objects) des->DeserializeInto(this); void StartupDeserializer::DeserializeInto(Isolate* isolate) { -> 17 Initialize(isolate); startup-deserializer.cc:37 isolate->heap()->IterateSmiRoots(this);  This will delegate to ConfigureHeapDefaults() which will call Heap::ConfigureHeap: enum RootListIndex { kFreeSpaceMapRootIndex, kOnePointerFillerMapRootIndex, ... }  (lldb) expr heap->RootListIndex::kFreeSpaceMapRootIndex (int)$3 = 0
(lldb) expr heap->RootListIndex::kOnePointerFillerMapRootIndex
(int) $4 = 1  ### MemoryChunk Found in src/heap/spaces.h an instace of a MemoryChunk represents a region in memory that is owned by a specific space. ### Embedded builtins In the blog post explains how the builtins are embedded into the executable in to the .TEXT section which is readonly and therefore can be shared amoung multiple processes. We know that builtins are compiled and stored in the snapshot but now it seems that the are instead placed in to out.gn/learning/gen/embedded.cc and the combined with the object files from the compile to produce the libv8.dylib. V8 has a configuration option named v8_enable_embedded_builtins which which case embedded.cc will be added to the list of sources. This is done in BUILD.gn and the v8_snapshot target. If v8_enable_embedded_builtins is false then src/snapshot/embedded-empty.cc will be included instead. Both of these files have the following functions: const uint8_t* DefaultEmbeddedBlob() uint32_t DefaultEmbeddedBlobSize() #ifdef V8_MULTI_SNAPSHOTS const uint8_t* TrustedEmbeddedBlob() uint32_t TrustedEmbeddedBlobSize() #endif  These functions are used by isolate.cc and declared extern: extern const uint8_t* DefaultEmbeddedBlob(); extern uint32_t DefaultEmbeddedBlobSize();  And the usage of DefaultEmbeddedBlob can be see in Isolate::Isolate where is sets the embedded blob: SetEmbeddedBlob(DefaultEmbeddedBlob(), DefaultEmbeddedBlobSize());  Lets set a break point there and see if this is empty of not. (lldb) expr v8_embedded_blob_size_ (uint32_t)$0 = 4021088


So we can see that we are not using the empty one. Isolate::SetEmbeddedBlob

We can see in src/snapshot/deserializer.cc (line 552) we have a check for the embedded_blob():

  CHECK_NOT_NULL(isolate->embedded_blob());
EmbeddedData d = EmbeddedData::FromBlob();


EmbeddedData can be found in src/snapshot/snapshot.h and the implementation can be found in snapshot-common.cc.

Address EmbeddedData::InstructionStartOfBuiltin(int i) const {
const uint8_t* result = RawData() + metadata[i].instructions_offset;
}

(lldb) expr *metadata
(const v8::internal::EmbeddedData::Metadata) $7 = (instructions_offset = 0, instructions_length = 1464)   struct Metadata { // Blob layout information. uint32_t instructions_offset; uint32_t instructions_length; };  (lldb) expr *this (v8::internal::EmbeddedData)$10 = (data_ = "\xffffffdc\xffffffc0\xffffff88'"y[\xffffffd6", size_ = 4021088)
(const v8::internal::EmbeddedData::Metadata) $8 = (instructions_offset = 0, instructions_length = 1464)  So, is it possible for us to verify that this information is in the .text section? (lldb) expr result (const uint8_t *)$13 = 0x0000000101b14ee0 "UH\x89�jH\x83�(H\x89U�H�\x16H\x89}�H�u�H�E�H\x89U�H\x83�
(lldb) image lookup --address 0x0000000101b14ee0 --verbose
Summary: libv8.dylibv8_Default_embedded_blob_ + 7072
Module: file = "/Users/danielbevenius/work/google/javascript/v8/out.gn/learning/libv8.dylib", arch = "x86_64"
Symbol: id = {0x0004b596}, range = [0x0000000101b13340-0x0000000101ee8ea0), name="v8_Default_embedded_blob_"


So what we have is a pointer to the .text segment which is returned:

(lldb) memory read -f x -s 1 -c 13 0x0000000101b14ee0
0x101b14ee0: 0x55 0x48 0x89 0xe5 0x6a 0x18 0x48 0x83
0x101b14ee8: 0xec 0x28 0x48 0x89 0x55


And we can compare this with out.gn/learning/gen/embedded.cc:

V8_EMBEDDED_TEXT_HEADER(v8_Default_embedded_blob_)
__asm__(
...
".byte 0x55,0x48,0x89,0xe5,0x6a,0x18,0x48,0x83,0xec,0x28,0x48,0x89,0x55\n"
...
);


The macro V8_EMBEDDED_TEXT_HEADER can be found src/snapshot/macros.h:

#define V8_EMBEDDED_TEXT_HEADER(LABEL)         \
__asm__(V8_ASM_DECLARE(#LABEL)               \
".csect " #LABEL "[DS]\n"            \
#LABEL ":\n"                         \
".llong ." #LABEL ", TOC[tc0], 0\n"  \
V8_ASM_TEXT_SECTION                  \
"." #LABEL ":\n");

define V8_ASM_DECLARE(NAME) ".private_extern " V8_ASM_MANGLE_LABEL NAME "\n"
#define V8_ASM_MANGLE_LABEL "_"
#define V8_ASM_TEXT_SECTION ".csect .text[PR]\n"


And would be expanded by the preprocessor into:

  __asm__(".private_extern " _ v8_Default_embedded_blob_ "\n"
".csect " v8_Default_embedded_blob_ "[DS]\n"
v8_Default_embedded_blob_ ":\n"
".llong ." v8_Default_embedded_blob_ ", TOC[tc0], 0\n"
".csect .text[PR]\n"
"." v8_Default_embedded_blob_ ":\n");
__asm__(
...
".byte 0x55,0x48,0x89,0xe5,0x6a,0x18,0x48,0x83,0xec,0x28,0x48,0x89,0x55\n"
...
);


Back in src/snapshot/deserialzer.cc we are on this line:

  Address address = d.InstructionStartOfBuiltin(builtin_index);
if (RelocInfo::OffHeapTargetIsCodedSpecially()) {
// is false in our case so skipping the code here
} else {
UnalignedCopy(current, &o);
current++;
}
break;


### print-code

$./d8 -print-bytecode -print-code sample.js [generated bytecode for function: (0x2a180824ffbd <SharedFunctionInfo>)] Parameter count 1 Register count 5 Frame size 40 0x2a1808250066 @ 0 : 12 00 LdaConstant [0] 0x2a1808250068 @ 2 : 26 f9 Star r2 0x2a180825006a @ 4 : 27 fe f8 Mov <closure>, r3 0x2a180825006d @ 7 : 61 32 01 f9 02 CallRuntime [DeclareGlobals], r2-r3 0x2a1808250072 @ 12 : 0b LdaZero 0x2a1808250073 @ 13 : 26 fa Star r1 0x2a1808250075 @ 15 : 0d LdaUndefined 0x2a1808250076 @ 16 : 26 fb Star r0 0x2a1808250078 @ 18 : 00 0c 10 27 LdaSmi.Wide [10000] 0x2a180825007c @ 22 : 69 fa 00 TestLessThan r1, [0] 0x2a180825007f @ 25 : 9a 1c JumpIfFalse [28] (0x2a180825009b @ 53) 0x2a1808250081 @ 27 : a7 StackCheck 0x2a1808250082 @ 28 : 13 01 01 LdaGlobal [1], [1] 0x2a1808250085 @ 31 : 26 f9 Star r2 0x2a1808250087 @ 33 : 0c 02 LdaSmi [2] 0x2a1808250089 @ 35 : 26 f7 Star r4 0x2a180825008b @ 37 : 5e f9 fa f7 03 CallUndefinedReceiver2 r2, r1, r4, [3] 0x2a1808250090 @ 42 : 26 fb Star r0 0x2a1808250092 @ 44 : 25 fa Ldar r1 0x2a1808250094 @ 46 : 4c 05 Inc [5] 0x2a1808250096 @ 48 : 26 fa Star r1 0x2a1808250098 @ 50 : 8a 20 00 JumpLoop [32], [0] (0x2a1808250078 @ 18) 0x2a180825009b @ 53 : 25 fb Ldar r0 0x2a180825009d @ 55 : ab Return Constant pool (size = 2) 0x2a1808250035: [FixedArray] in OldSpace - map: 0x2a18080404b1 <Map> - length: 2 0: 0x2a180824ffe5 <FixedArray[2]> 1: 0x2a180824ff61 <String[#9]: something> Handler Table (size = 0) Source Position Table (size = 0) [generated bytecode for function: something (0x2a180824fff5 <SharedFunctionInfo something>)] Parameter count 3 Register count 0 Frame size 0 0x2a18082501ba @ 0 : 25 02 Ldar a1 0x2a18082501bc @ 2 : 34 03 00 Add a0, [0] 0x2a18082501bf @ 5 : ab Return Constant pool (size = 0) Handler Table (size = 0) Source Position Table (size = 0) --- Raw source --- function something(x, y) { return x + y } for (let i = 0; i < 10000; i++) { something(i, 2); } --- Optimized code --- optimization_id = 0 source_position = 0 kind = OPTIMIZED_FUNCTION stack_slots = 14 compiler = turbofan address = 0x108400082ae1 Instructions (size = 536) 0x108400082b20 0 488d1df9ffffff REX.W leaq rbx,[rip+0xfffffff9] 0x108400082b27 7 483bd9 REX.W cmpq rbx,rcx 0x108400082b2a a 7418 jz 0x108400082b44 <+0x24> 0x108400082b2c c 48ba6800000000000000 REX.W movq rdx,0x68 0x108400082b36 16 49bae0938c724b560000 REX.W movq r10,0x564b728c93e0 (Abort) ;; off heap target 0x108400082b40 20 41ffd2 call r10 0x108400082b43 23 cc int3l 0x108400082b44 24 8b59d0 movl rbx,[rcx-0x30] 0x108400082b47 27 4903dd REX.W addq rbx,r13 0x108400082b4a 2a f6430701 testb [rbx+0x7],0x1 0x108400082b4e 2e 740d jz 0x108400082b5d <+0x3d> 0x108400082b50 30 49bae0f781724b560000 REX.W movq r10,0x564b7281f7e0 (CompileLazyDeoptimizedCode) ;; off heap target 0x108400082b5a 3a 41ffe2 jmp r10 0x108400082b5d 3d 55 push rbp 0x108400082b5e 3e 4889e5 REX.W movq rbp,rsp 0x108400082b61 41 56 push rsi 0x108400082b62 42 57 push rdi 0x108400082b63 43 48ba4200000000000000 REX.W movq rdx,0x42 0x108400082b6d 4d 4c8b15c4ffffff REX.W movq r10,[rip+0xffffffc4] 0x108400082b74 54 41ffd2 call r10 0x108400082b77 57 cc int3l 0x108400082b78 58 4883ec18 REX.W subq rsp,0x18 0x108400082b7c 5c 488975a0 REX.W movq [rbp-0x60],rsi 0x108400082b80 60 488b4dd0 REX.W movq rcx,[rbp-0x30] 0x108400082b84 64 f6c101 testb rcx,0x1 0x108400082b87 67 0f8557010000 jnz 0x108400082ce4 <+0x1c4> 0x108400082b8d 6d 81f9204e0000 cmpl rcx,0x4e20 0x108400082b93 73 0f8c0b000000 jl 0x108400082ba4 <+0x84> 0x108400082b99 79 488b45d8 REX.W movq rax,[rbp-0x28] 0x108400082b9d 7d 488be5 REX.W movq rsp,rbp 0x108400082ba0 80 5d pop rbp 0x108400082ba1 81 c20800 ret 0x8 0x108400082ba4 84 493b6560 REX.W cmpq rsp,[r13+0x60] (external value (StackGuard::address_of_jslimit())) 0x108400082ba8 88 0f8669000000 jna 0x108400082c17 <+0xf7> 0x108400082bae 8e 488bf9 REX.W movq rdi,rcx 0x108400082bb1 91 d1ff sarl rdi, 1 0x108400082bb3 93 4c8bc7 REX.W movq r8,rdi 0x108400082bb6 96 4183c002 addl r8,0x2 0x108400082bba 9a 0f8030010000 jo 0x108400082cf0 <+0x1d0> 0x108400082bc0 a0 83c701 addl rdi,0x1 0x108400082bc3 a3 0f8033010000 jo 0x108400082cfc <+0x1dc> 0x108400082bc9 a9 e921000000 jmp 0x108400082bef <+0xcf> 0x108400082bce ae 6690 nop 0x108400082bd0 b0 488bcf REX.W movq rcx,rdi 0x108400082bd3 b3 83c102 addl rcx,0x2 0x108400082bd6 b6 0f802c010000 jo 0x108400082d08 <+0x1e8> 0x108400082bdc bc 4c8bc7 REX.W movq r8,rdi 0x108400082bdf bf 4183c001 addl r8,0x1 0x108400082be3 c3 0f802b010000 jo 0x108400082d14 <+0x1f4> 0x108400082be9 c9 498bf8 REX.W movq rdi,r8 0x108400082bec cc 4c8bc1 REX.W movq r8,rcx 0x108400082bef cf 81ff10270000 cmpl rdi,0x2710 0x108400082bf5 d5 0f8d0b000000 jge 0x108400082c06 <+0xe6> 0x108400082bfb db 493b6560 REX.W cmpq rsp,[r13+0x60] (external value (StackGuard::address_of_jslimit())) 0x108400082bff df 77cf ja 0x108400082bd0 <+0xb0> 0x108400082c01 e1 e943000000 jmp 0x108400082c49 <+0x129> 0x108400082c06 e6 498bc8 REX.W movq rcx,r8 0x108400082c09 e9 4103c8 addl rcx,r8 0x108400082c0c ec 0f8061000000 jo 0x108400082c73 <+0x153> 0x108400082c12 f2 488bc1 REX.W movq rax,rcx 0x108400082c15 f5 eb86 jmp 0x108400082b9d <+0x7d> 0x108400082c17 f7 33c0 xorl rax,rax 0x108400082c19 f9 48bef50c240884100000 REX.W movq rsi,0x108408240cf5 ;; object: 0x108408240cf5 <NativeContext[261]> 0x108400082c23 103 48bb101206724b560000 REX.W movq rbx,0x564b72061210 ;; external reference (Runtime::StackGuard) 0x108400082c2d 10d 488bf8 REX.W movq rdi,rax 0x108400082c30 110 4c8bc6 REX.W movq r8,rsi 0x108400082c33 113 49ba2089a3724b560000 REX.W movq r10,0x564b72a38920 (CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit) ;; off heap target 0x108400082c3d 11d 41ffd2 call r10 0x108400082c40 120 488b4dd0 REX.W movq rcx,[rbp-0x30] 0x108400082c44 124 e965ffffff jmp 0x108400082bae <+0x8e> 0x108400082c49 129 48897da8 REX.W movq [rbp-0x58],rdi 0x108400082c4d 12d 488b1dd1ffffff REX.W movq rbx,[rip+0xffffffd1] 0x108400082c54 134 33c0 xorl rax,rax 0x108400082c56 136 48bef50c240884100000 REX.W movq rsi,0x108408240cf5 ;; object: 0x108408240cf5 <NativeContext[261]> 0x108400082c60 140 4c8b15ceffffff REX.W movq r10,[rip+0xffffffce] 0x108400082c67 147 41ffd2 call r10 0x108400082c6a 14a 488b7da8 REX.W movq rdi,[rbp-0x58] 0x108400082c6e 14e e95dffffff jmp 0x108400082bd0 <+0xb0> 0x108400082c73 153 48b968ea2f744b560000 REX.W movq rcx,0x564b742fea68 ;; external reference (Heap::NewSpaceAllocationTopAddress()) 0x108400082c7d 15d 488b39 REX.W movq rdi,[rcx] 0x108400082c80 160 4c8d4f0c REX.W leaq r9,[rdi+0xc] 0x108400082c84 164 4c8945b0 REX.W movq [rbp-0x50],r8 0x108400082c88 168 49bb70ea2f744b560000 REX.W movq r11,0x564b742fea70 ;; external reference (Heap::NewSpaceAllocationLimitAddress()) 0x108400082c92 172 4d390b REX.W cmpq [r11],r9 0x108400082c95 175 0f8721000000 ja 0x108400082cbc <+0x19c> 0x108400082c9b 17b ba0c000000 movl rdx,0xc 0x108400082ca0 180 49ba200282724b560000 REX.W movq r10,0x564b72820220 (AllocateRegularInYoungGeneration) ;; off heap target 0x108400082caa 18a 41ffd2 call r10 0x108400082cad 18d 488d78ff REX.W leaq rdi,[rax-0x1] 0x108400082cb1 191 488b0dbdffffff REX.W movq rcx,[rip+0xffffffbd] 0x108400082cb8 198 4c8b45b0 REX.W movq r8,[rbp-0x50] 0x108400082cbc 19c 4c8d4f0c REX.W leaq r9,[rdi+0xc] 0x108400082cc0 1a0 4c8909 REX.W movq [rcx],r9 0x108400082cc3 1a3 488d4f01 REX.W leaq rcx,[rdi+0x1] 0x108400082cc7 1a7 498bbd40010000 REX.W movq rdi,[r13+0x140] (root (heap_number_map)) 0x108400082cce 1ae 8979ff movl [rcx-0x1],rdi 0x108400082cd1 1b1 c4c1032ac0 vcvtlsi2sd xmm0,xmm15,r8 0x108400082cd6 1b6 c5fb114103 vmovsd [rcx+0x3],xmm0 0x108400082cdb 1bb 488bc1 REX.W movq rax,rcx 0x108400082cde 1be e9bafeffff jmp 0x108400082b9d <+0x7d> 0x108400082ce3 1c3 90 nop 0x108400082ce4 1c4 49c7c500000000 REX.W movq r13,0x0 0x108400082ceb 1cb e850f30300 call 0x1084000c2040 ;; eager deoptimization bailout 0x108400082cf0 1d0 49c7c501000000 REX.W movq r13,0x1 0x108400082cf7 1d7 e844f30300 call 0x1084000c2040 ;; eager deoptimization bailout 0x108400082cfc 1dc 49c7c502000000 REX.W movq r13,0x2 0x108400082d03 1e3 e838f30300 call 0x1084000c2040 ;; eager deoptimization bailout 0x108400082d08 1e8 49c7c503000000 REX.W movq r13,0x3 0x108400082d0f 1ef e82cf30300 call 0x1084000c2040 ;; eager deoptimization bailout 0x108400082d14 1f4 49c7c504000000 REX.W movq r13,0x4 0x108400082d1b 1fb e820f30300 call 0x1084000c2040 ;; eager deoptimization bailout 0x108400082d20 200 49c7c505000000 REX.W movq r13,0x5 0x108400082d27 207 e814f30700 call 0x108400102040 ;; lazy deoptimization bailout 0x108400082d2c 20c 49c7c506000000 REX.W movq r13,0x6 0x108400082d33 213 e808f30700 call 0x108400102040 ;; lazy deoptimization bailout Source positions: pc offset position f7 0 Inlined functions (count = 1) 0x10840824fff5 <SharedFunctionInfo something> Deoptimization Input Data (deopt points = 7) index bytecode-offset pc 0 22 NA 1 2 NA 2 46 NA 3 2 NA 4 46 NA 5 27 120 6 27 14a Safepoints (size = 50) 0x108400082c40 120 200 10000010000000 (sp -> fp) 5 0x108400082c6a 14a 20c 10000000000000 (sp -> fp) 6 0x108400082cad 18d NA 00000000000000 (sp -> fp) <none> RelocInfo (size = 34) 0x108400082b38 off heap target 0x108400082b52 off heap target 0x108400082c1b full embedded object (0x108408240cf5 <NativeContext[261]>) 0x108400082c25 external reference (Runtime::StackGuard) (0x564b72061210) 0x108400082c35 off heap target 0x108400082c58 full embedded object (0x108408240cf5 <NativeContext[261]>) 0x108400082c75 external reference (Heap::NewSpaceAllocationTopAddress()) (0x564b742fea68) 0x108400082c8a external reference (Heap::NewSpaceAllocationLimitAddress()) (0x564b742fea70) 0x108400082ca2 off heap target 0x108400082cec runtime entry (eager deoptimization bailout) 0x108400082cf8 runtime entry (eager deoptimization bailout) 0x108400082d04 runtime entry (eager deoptimization bailout) 0x108400082d10 runtime entry (eager deoptimization bailout) 0x108400082d1c runtime entry (eager deoptimization bailout) 0x108400082d28 runtime entry (lazy deoptimization bailout) 0x108400082d34 runtime entry (lazy deoptimization bailout) --- End code ---$


$mkdir lib$ mkdir deps ; cd deps
$git clone git@github.com:google/googletest.git$ cd googletest/googletest
$/usr/bin/clang++ --std=c++14 -Iinclude -I. -pthread -c src/gtest-all.cc$ ar -rv libgtest-linux.a gtest-all.o
$cp libgtest-linux.a ../../../../lib/gtest  Linking issue: ./lib/gtest/libgtest-linux.a(gtest-all.o):gtest-all.cc:function testing::internal::BoolFromGTestEnv(char const*, bool): error: undefined reference to 'std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::c_str() const'  $ nm lib/gtest/libgtest-linux.a | grep basic_string | c++filt
....


There are a lot of symbols listed above but the point is that in the object file of libgtest-linux.a these symbols were compiled in. Now, when we compile v8 and the tests we are using -std=c++14 and we have to use the same when compiling gtest. Lets try that. Just adding that does not help in this case. We need to check which c++ headers are being used:

$/usr/bin/clang++ -print-search-dirs programs: =/usr/bin:/usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../x86_64-redhat-linux/bin libraries: =/usr/lib64/clang/9.0.0: /usr/bin/../lib/gcc/x86_64-redhat-linux/9: /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../lib64: /usr/bin/../lib64: /lib/../lib64: /usr/lib/../lib64: /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../..: /usr/bin/../lib: /lib:/usr/lib$


Lets search for the string header and inspect the namespace in that header:

$find /usr/ -name string /usr/include/c++/9/debug/string /usr/include/c++/9/experimental/string /usr/include/c++/9/string /usr/src/debug/gcc-9.2.1-1.fc31.x86_64/obj-x86_64-redhat-linux/x86_64-redhat-linux/libstdc++-v3/include/string  $ vi /usr/include/c++/9/string


So this looks alright and thinking about this a little more I've been bitten by the linking with different libc++ symbols issue (again). When we compile using Make we are using the c++ headers that are shipped with v8 (clang libc++). Take the string header for example in v8/buildtools/third_party/libc++/trunk/include/string which is from clang's c++ library which does not use namespaces (__11 or __14 etc).

But when I compiled gtest did not specify the istystem include path and the default would be used adding symbols with __11 into them. When the linker tries to find these symbols it fails as it does not have any such symbols in the libraries that it searches.

Create a simple test linking with the standard build of gtest to see if that compiles and runs:

$/usr/bin/clang++ -std=c++14 -I./deps/googletest/googletest/include -L$PWD/lib -g -O0 -o test/simple_test test/main.cc test/simple.cc lib/libgtest.a -lpthread


That worked and does not segfault.

But when I run the version that is built using the makefile I get:

lldb) target create "./test/persistent-object_test"
Current executable set to './test/persistent-object_test' (x86_64).
(lldb) r
warning: (x86_64) /lib64/libgcc_s.so.1 unsupported DW_FORM values: 0x1f20 0x1f21

[ FATAL ] Process 1024232 stopped
frame #0: 0x00007ffff7c0a7b0 libc.so.6__GI___libc_free + 32
libc.so.6__GI___libc_free:
->  0x7ffff7c0a7b0 <+32>: mov    rax, qword ptr [rdi - 0x8]
0x7ffff7c0a7b4 <+36>: lea    rsi, [rdi - 0x10]
0x7ffff7c0a7b8 <+40>: test   al, 0x2
0x7ffff7c0a7ba <+42>: jne    0x7ffff7c0a7f0            ; <+96>
(lldb) bt
* frame #0: 0x00007ffff7c0a7b0 libc.so.6__GI___libc_free + 32
frame #1: 0x000000000042bb58 persistent-object_teststd::__1::basic_stringbuf<char, std::__1::char_traits<char>, std::__1::allocator<char> >::~basic_stringbuf(this=0x000000000046e908) at iosfwd:130:32
frame #2: 0x000000000042ba4f persistent-object_teststd::__1::basic_stringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> >::~basic_stringstream(this=0x000000000046e8f0, vtt=0x000000000044db28) at iosfwd:139:32
frame #3: 0x0000000000420176 persistent-object_teststd::__1::basic_stringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> >::~basic_stringstream(this=0x000000000046e8f0) at iosfwd:139:32
frame #4: 0x000000000042bacc persistent-object_teststd::__1::basic_stringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> >::~basic_stringstream(this=0x000000000046e8f0) at iosfwd:139:32
frame #5: 0x0000000000427f4e persistent-object_testtesting::internal::scoped_ptr<std::__1::basic_stringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> > >::reset(this=0x00007fffffffcee8, p=0x0000000000000000) at gtest-port.h:1216:9
frame #6: 0x0000000000427ee9 persistent-object_testtesting::internal::scoped_ptr<std::__1::basic_stringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> > >::~scoped_ptr(this=0x00007fffffffcee8) at gtest-port.h:1201:19
frame #7: 0x000000000041f265 persistent-object_testtesting::Message::~Message(this=0x00007fffffffcee8) at gtest-message.h:89:18
frame #8: 0x00000000004235ec persistent-object_teststd::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > testing::internal::StreamableToString<int>(streamable=0x00007fffffffcf9c) at gtest-message.h:247:3
frame #9: 0x000000000040d2bd persistent-object_testtesting::internal::FormatFileLocation(file="/home/danielbevenius/work/google/learning-v8/deps/googletest/googletest/src/gtest-internal-inl.h", line=663) at gtest-port.cc:946:28
frame #11: 0x000000000042242c persistent-object_testtesting::internal::UnitTestImpl::AddTestInfo(this=0x000000000046e480, set_up_tc=(persistent-object_testtesting::Test::SetUpTestCase() at gtest.h:427), tear_down_tc=(persistent-object_testtesting::Test::TearDownTestCase() at gtest.h:435), test_info=0x000000000046e320)(), void (*)(), testing::TestInfo*) at gtest-internal-inl.h:663:7
frame #12: 0x000000000040d04f persistent-object_testtesting::internal::MakeAndRegisterTestInfo(test_case_name="Persistent", name="object", type_param=0x0000000000000000, value_param=0x0000000000000000, code_location=<unavailable>, fixture_class_id=0x000000000046d748, set_up_tc=(persistent-object_testtesting::Test::SetUpTestCase() at gtest.h:427), tear_down_tc=(persistent-object_testtesting::Test::TearDownTestCase() at gtest.h:435), factory=0x000000000046e300)(), void (*)(), testing::internal::TestFactoryBase*) at gtest.cc:2599:22
frame #13: 0x00000000004048b8 persistent-object_test::__cxx_global_var_init() at persistent-object_test.cc:5:1
frame #14: 0x00000000004048e9 persistent-object_test_GLOBAL__sub_I_persistent_object_test.cc at persistent-object_test.cc:0
frame #15: 0x00000000004497a5 persistent-object_test__libc_csu_init + 69
frame #16: 0x00007ffff7ba512e libc.so.6__libc_start_main + 126
frame #17: 0x0000000000404eba persistent-object_test_start + 42


This issue came up when linking a unit test with gtest:

/usr/bin/ld: ./lib/gtest/libgtest-linux.a(gtest-all.o): in function testing::internal::BoolFromGTestEnv(char const*, bool)':
/home/danielbevenius/work/google/learning-v8/deps/googletest/googletest/src/gtest-port.cc:1259: undefined reference to std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::~basic_string()'


So this indicated that the object files in libgtest-linux.a where infact using headers from libc++ and not libstc++. This was a really stupig mistake on my part, I'd not specified the output file explicitly (-o) so this was getting added into the current working directory, but the file included in the archive was taken from within deps/googltest/googletest/ directory which was old and compiled using libc++.

### Peristent cast-function-type

This issue was seen in Node.js when compiling with GCC. It can also been see if building V8 using GCC and also enabling -Wcast-function-type in BUILD.gn:

      "-Wcast-function-type",


There are unit tests in V8 that also produce this warning, for example test/cctest/test-global-handles.cc: Original:

g++ -MMD -MF obj/test/cctest/cctest_sources/test-global-handles.o.d -DV8_INTL_SUPPORT -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DCR_SYSROOT_HASH=9c905c99558f10e19cc878b5dca1d4bd58c607ae -D_DEBUG -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DENABLE_DISASSEMBLER -DV8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=64 -DENABLE_GDB_JIT_INTERFACE -DENABLE_MINOR_MC -DOBJECT_PRINT -DV8_TRACE_MAPS -DV8_ENABLE_ALLOCATION_TIMEOUT -DV8_ENABLE_FORCE_SLOW_PATH -DV8_ENABLE_DOUBLE_CONST_STORE_CHECK -DV8_INTL_SUPPORT -DENABLE_HANDLE_ZAPPING -DV8_SNAPSHOT_NATIVE_CODE_COUNTERS -DV8_CONCURRENT_MARKING -DV8_ENABLE_LAZY_SOURCE_POSITIONS -DV8_CHECK_MICROTASKS_SCOPES_CONSISTENCY -DV8_EMBEDDED_BUILTINS -DV8_WIN64_UNWINDING_INFO -DV8_ENABLE_REGEXP_INTERPRETER_THREADED_DISPATCH -DV8_SNAPSHOT_COMPRESSION -DV8_ENABLE_CHECKS -DV8_COMPRESS_POINTERS -DV8_31BIT_SMIS_ON_64BIT_ARCH -DV8_DEPRECATION_WARNINGS -DV8_IMMINENT_DEPRECATION_WARNINGS -DV8_TARGET_ARCH_X64 -DV8_HAVE_TARGET_OS -DV8_TARGET_OS_LINUX -DDEBUG -DDISABLE_UNTRUSTED_CODE_MITIGATIONS -DV8_ENABLE_CHECKS -DV8_COMPRESS_POINTERS -DV8_31BIT_SMIS_ON_64BIT_ARCH -DV8_DEPRECATION_WARNINGS -DV8_IMMINENT_DEPRECATION_WARNINGS -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DUSE_CHROMIUM_ICU=1 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -DUCHAR_TYPE=uint16_t -I../.. -Igen -I../../include -Igen/include -I../.. -Igen -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -I../../include -I../../tools/debug_helper -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -pthread -m64 -march=x86-64 -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -Wno-comments -Wno-packed-not-aligned -Wno-missing-field-initializers -Wno-unused-parameter -fno-omit-frame-pointer -g2 -Wno-strict-overflow -Wno-return-type -Wcast-function-type -O3 -fno-ident -fdata-sections -ffunction-sections -fvisibility=default -std=gnu++14 -Wno-narrowing -Wno-class-memaccess -fno-exceptions -fno-rtti --sysroot=../../build/linux/debian_sid_amd64-sysroot -c ../../test/cctest/test-global-handles.cc -o obj/test/cctest/cctest_sources/test-global-handles.o
In file included from ../../include/v8-inspector.h:14,
from ../../src/execution/isolate.h:15,
from ../../src/api/api.h:10,
from ../../src/api/api-inl.h:8,
from ../../test/cctest/test-global-handles.cc:28:
../../include/v8.h: In instantiation of ‘void v8::PersistentBase<T>::SetWeak(P*, typename v8::WeakCallbackInfo<P>::Callback, v8::WeakCallbackType) [with P = v8::Global<v8::Object>; T = v8::Object; typename v8::WeakCallbackInfo<P>::Callback = void (*)(const v8::WeakCallbackInfo<v8::Global<v8::Object> >&)]’:
../../test/cctest/test-global-handles.cc:292:47:   required from here
../../include/v8.h:10750:16: warning: cast between incompatible function types from ‘v8::WeakCallbackInfo<v8::Global<v8::Object> >::Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<v8::Global<v8::Object> >&)’} to ‘Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<void>&)’} [-Wcast-function-type]
10750 |                reinterpret_cast<Callback>(callback), type);
|                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../include/v8.h: In instantiation of ‘void v8::PersistentBase<T>::SetWeak(P*, typename v8::WeakCallbackInfo<P>::Callback, v8::WeakCallbackType) [with P = v8::internal::{anonymous}::FlagAndGlobal; T = v8::Object; typename v8::WeakCallbackInfo<P>::Callback = void (*)(const v8::WeakCallbackInfo<v8::internal::{anonymous}::FlagAndGlobal>&)]’:
../../test/cctest/test-global-handles.cc:493:53:   required from here
../../include/v8.h:10750:16: warning: cast between incompatible function types from ‘v8::WeakCallbackInfo<v8::internal::{anonymous}::FlagAndGlobal>::Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<v8::internal::{anonymous}::FlagAndGlobal>&)’} to ‘Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<void>&)’} [-Wcast-function-type]


Formatted for git commit message:

g++ -MMD -MF obj/test/cctest/cctest_sources/test-global-handles.o.d
...
In file included from ../../include/v8-inspector.h:14,
from ../../src/execution/isolate.h:15,
from ../../src/api/api.h:10,
from ../../src/api/api-inl.h:8,
from ../../test/cctest/test-global-handles.cc:28:
../../include/v8.h:
In instantiation of ‘void v8::PersistentBase<T>::SetWeak(
P*,
typename v8::WeakCallbackInfo<P>::Callback,
v8::WeakCallbackType)
[with
P = v8::Global<v8::Object>;
T = v8::Object;
typename v8::WeakCallbackInfo<P>::Callback =
void (*)(const v8::WeakCallbackInfo<v8::Global<v8::Object> >&)
]’:
../../test/cctest/test-global-handles.cc:292:47:   required from here
../../include/v8.h:10750:16: warning:
cast between incompatible function types from
‘v8::WeakCallbackInfo<v8::Global<v8::Object> >::Callback’ {aka
‘void (*)(const v8::WeakCallbackInfo<v8::Global<v8::Object> >&)’} to
‘Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<void>&)’}
[-Wcast-function-type]
10750 |                reinterpret_cast<Callback>(callback), type);
|                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


This commit suggests adding a pragma specifically for GCC to suppress this warning. The motivation for this is that there were quite a few of these warnings in the Node.js build, but these have been suppressed by adding a similar pragma but around the include of v8.h [1].

$In file included from persistent-obj.cc:8: /home/danielbevenius/work/google/v8_src/v8/include/v8.h: In instantiation of ‘void v8::PersistentBase<T>::SetWeak(P*, typename v8::WeakCallbackInfo<P>::Callback, v8::WeakCallbackType) [with P = Something; T = v8::Object; typename v8::WeakCallbackInfo<P>::Callback = void (*)(const v8::WeakCallbackInfo<Something>&)]’: persistent-obj.cc:57:38: required from here /home/danielbevenius/work/google/v8_src/v8/include/v8.h:10750:16: warning: cast between incompatible function types from ‘v8::WeakCallbackInfo<Something>::Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<Something>&)’} to ‘Callback’ {aka ‘void (*)(const v8::WeakCallbackInfo<void>&)’} [-Wcast-function-type] 10750 | reinterpret_cast<Callback>(callback), type); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  Currently, we have added a pragma to avoid this warning in node.js but we'd like to add this in v8 and closer to the actual code that is causing it. In node we have to set the praga on the header. template <class T> template <typename P> V8_INLINE void PersistentBase<T>::SetWeak( P* parameter, typename WeakCallbackInfo<P>::Callback callback, WeakCallbackType type) { typedef typename WeakCallbackInfo<void>::Callback Callback; V8::MakeWeak(reinterpret_cast<internal::Address*>(this->val_), parameter, reinterpret_cast<Callback>(callback), type); }  Notice the second parameter is typename WeakCallbackInfo<P>::Callback which is a typedef:  typedef void (*Callback)(const WeakCallbackInfo<T>& data);  This is a function declaration for Callback which is a function that takes a reference to a const WeakCallbackInfo and returns void. So we could define it like this: void WeakCallback(const v8::WeakCallbackInfo<Something>& data) { Something* obj = data.GetParameter(); std::cout << "in make weak callback..." << '\n'; }  And the trying to cast it into:  typedef typename v8::WeakCallbackInfo<void>::Callback Callback; Callback cb = reinterpret_cast<Callback>(WeakCallback);  This is done as V8::MakeWeak has the following signature: void V8::MakeWeak(i::Address* location, void* parameter, WeakCallbackInfo<void>::Callback weak_callback, WeakCallbackType type) { i::GlobalHandles::MakeWeak(location, parameter, weak_callback, type); }  ### gdb warnings warning: Could not find DWO CU obj/v8_compiler/common-node-cache.dwo(0x42b8adb87d74d56b) referenced by CU at offset 0x206f7 [in module /home/danielbevenius/work/google/learning-v8/hello-world]  This can be worked around by specifying the --cd argument to gdb: $ gdb --cd=/home/danielbevenius/work/google/v8_src/v8/out/x64.release --args /home/danielbevenius/work/google/learning-v8/hello-world


### Building with g++

Update args.gn to include:

is_clang = false


Next I got the following error when trying to compile:

$ninja -v -C out/x64.release/ obj/test/cctest/cctest_sources/test-global-handles.o ux/debian_sid_amd64-sysroot -fexceptions -frtti -c ../../src/torque/instance-type-generator.cc -o obj/torque_base/instance-type-generator.o In file included from /usr/include/c++/9/bits/stl_algobase.h:59, from /usr/include/c++/9/memory:62, from ../../src/torque/implementation-visitor.h:8, from ../../src/torque/instance-type-generator.cc:5: /usr/include/c++/9/x86_64-redhat-linux/bits/c++config.h:3:10: fatal error: bits/wordsize.h: No such file or directory 3 | #include <bits/wordsize.h> | ^~~~~~~~~~~~~~~~~ compilation terminated. ninja: build stopped: subcommand failed.  $ export CPATH=/usr/include

third_party/binutils/Linux_x64/Release/bin/ld.gold: error: cannot open /usr/lib64/libatomic.so.1.2.0: No such file or directory

$sudo dnf install -y libatomic  I still got an error because of a warning but I'm trying to build using: treat_warnings_as_errors = false  Lets see how that works out. I also had to use gnus linker by disableing gold: use_gold = false  ### CodeStubAssembler This history of this is that JavaScript builtins used be written in assembly which gave very good performance but made porting V8 to different architectures more difficult as these builtins had to have specific implementations for each supported architecture, so it dit not scale very well. With the addition of features to the JavaScript specifications having to support new features meant having to implement them for all platforms which made it difficult to keep up and deliver these new features. The goal is to have the perfomance of handcoded assembly but not have to write it for every platform. So a portable assembly language was build on top of Tubofans backend. This is an API that generates Turbofan's machine-level IR. This IR can be used by Turbofan to produce very good machine code on all platforms. So one "only" has to implement one component/function/feature (not sure what to call this) and then it can be made available to all platforms. They no longer have to maintain all that handwritten assembly. Just to be clear CSA is a C++ API that is used to generate IR which is then compiled in to machine code for the target instruction set architectur. ### Torque Torque is a DLS language to avoid having to use the CodeStubAssembler directly (it is still used behind the scene). This language is statically typed, garbage collected, and compatible with JavaScript. The JavaScript standard library was implemented in V8 previously using hand written assembly. But as we mentioned in the previous section this did not scale. It could have been written in JavaScript too, and I think this was done in the past but this has some issues as builtins would need warmup time to become optimized, there were also issues with monkey-patching and exposing VM internals unintentionally. Is torque run a build time, I'm thinking yes as it would have to generate the c++ code. There is a main function in torque.cc which will be built into an executable $ ./out/x64.release_gcc/torque --help
Unexpected command-line argument "--help", expected a .tq file.


The files that are processed by torque are defined in BUILD.gc in the torque_files section. There is also a template named run_torque. I've noticed that this template and others in GN use the script tools/run.py. This is apperently because GN can only execute scripts at the moment and what this script does is use python to create a subprocess with the passed in argument:

$gn help action  And a template is way to reuse code in GN. There is a make target that shows what is generated by torque: $ make torque-example


This will create a directory in the current directory named gen/torque-generated. Notice that this directory contains c++ headers and sources.

It take torque-example.tq as input. For this file the following header will be generated:

#ifndef V8_GEN_TORQUE_GENERATED_TORQUE_EXAMPLE_TQ_H_
#define V8_GEN_TORQUE_GENERATED_TORQUE_EXAMPLE_TQ_H_

#include "src/builtins/builtins-promise.h"
#include "src/compiler/code-assembler.h"
#include "src/codegen/code-stub-assembler.h"
#include "src/utils/utils.h"
#include "torque-generated/field-offsets-tq.h"
#include "torque-generated/csa-types-tq.h"

namespace v8 {
namespace internal {

void HelloWorld_0(compiler::CodeAssemblerState* state_);

}  // namespace internal
}  // namespace v8

#endif  // V8_GEN_TORQUE_GENERATED_TORQUE_EXAMPLE_TQ_H_


This is only to show the generated files and make it clear that torque will generate these file which will then be compiled during the v8 build. So, lets try copying example-torque.tq to v8/src/builtins directory.

$cp torque-example.tq ../v8_src/v8/src/builtins/  This is not enough to get it included in the build, we have to update BUILD.gn and add this file to the torque_files list. After running the build we can see that there is a file named src/builtins/torque-example-tq-csa.h generated along with a .cc. To understand how this works I'm going to use https://v8.dev/docs/torque-builtins as a starting point:  transitioning javascript builtin MathIs42(js-implicit context: NativeContext, receiver: JSAny)(x: JSAny): Boolean { const number: Number = ToNumber_Inline(x); typeswitch (number) { case (smi: Smi): { return smi == 42 ? True : False; } case (heapNumber: HeapNumber): { return Convert<float64>(heapNumber) == 42 ? True : False; } } }  This has been updated to work with the latest V8 version. Next, we need to update src/init/bootstrappers.cc to add/install this function on the math object:  SimpleInstallFunction(isolate_, math, "is42", Builtins::kMathIs42, 1, true);  After this we need to rebuild v8: $ env CPATH=/usr/include ninja -v -C out/x64.release_gcc

$d8 d8> Math.is42(42) true d8> Math.is42(2) false  If we look at the generated code that Torque has produced in out/x64.release_gcc/gen/torque-generated/src/builtins/math-tq-csa.cc (we can run it through the preprocessor using): $ clang++ --sysroot=build/linux/debian_sid_amd64-sysroot -isystem=./buildtools/third_party/libc++/trunk/include -isystem=buildtools/third_party/libc++/trunk/include -I. -E out/x64.release_gcc/gen/torque-generated/src/builtins/math-tq-csa.cc > math.cc.pp


If we open math.cc.pp and search for Is42 we can find:

class MathIs42Assembler : public CodeStubAssembler {
public:
using Descriptor = Builtin_MathIs42_InterfaceDescriptor;
explicit MathIs42Assembler(compiler::CodeAssemblerState* state) : CodeStubAssembler(state) {}
void GenerateMathIs42Impl();
Node* Parameter(Descriptor::ParameterIndices index) {
return CodeAssembler::Parameter(static_cast<int>(index));
}
};

void Builtins::Generate_MathIs42(compiler::CodeAssemblerState* state) {
MathIs42Assembler assembler(state);
state->SetInitialDebugInformation("MathIs42", "out/x64.release_gcc/gen/torque-generated/src/builtins/math-tq-csa.cc", 2121);
if (Builtins::KindOf(Builtins::kMathIs42) == Builtins::TFJ) {
assembler.PerformStackCheck(assembler.GetJSContextParameter());
}
assembler.GenerateMathIs42Impl();
}

void MathIs42Assembler::GenerateMathIs42Impl() {
...


So this is what gets generated by the Torque compiler and what we see above is CodeStubAssemble class.

If we take a look in out/x64.release_gcc/gen/torque-generated/builtin-definitions-tq.h we can find the following line that has been generated:

TFJ(MathIs42, 1, kReceiver, kX) \


Now, there is a section about the TF_BUILTIN macro, and it will create function declarations, and function and class definitions:

Now, in src/builtins/builtins.h we have the following macros:

class Builtins {
public:

enum Name : int32_t {
#define DEF_ENUM(Name, ...) k##Name,
BUILTIN_LIST(DEF_ENUM, DEF_ENUM, DEF_ENUM, DEF_ENUM, DEF_ENUM, DEF_ENUM,
DEF_ENUM)
#undef DEF_ENUM
...
}

#define DECLARE_TF(Name, ...) \
static void Generate_##Name(compiler::CodeAssemblerState* state);

BUILTIN_LIST(IGNORE_BUILTIN, DECLARE_TF, DECLARE_TF, DECLARE_TF, DECLARE_TF,
IGNORE_BUILTIN, DECLARE_ASM)


And BUILTINS_LIST is declared in src/builtins/builtins-definitions.h and this file includes:

#include "torque-generated/builtin-definitions-tq.h"

#define BUILTIN_LIST(CPP, TFJ, TFC, TFS, TFH, BCH, ASM)  \
BUILTIN_LIST_BASE(CPP, TFJ, TFC, TFS, TFH, ASM)        \
BUILTIN_LIST_FROM_TORQUE(CPP, TFJ, TFC, TFS, TFH, ASM) \
BUILTIN_LIST_INTL(CPP, TFJ, TFS)                       \
BUILTIN_LIST_BYTECODE_HANDLERS(BCH)


Notice BUILTIN_LIST_FROM_TORQUE, this is how our MathIs42 gets included from builtin-definitions-tq.h. This is in turn included by builtins.h.

If we take a look at the this header after it has gone through the preprocessor we can see what has been generated for MathIs42:

$clang++ --sysroot=build/linux/debian_sid_amd64-sysroot -isystem=./buildtools/third_party/libc++/trunk/include -isystem=buildtools/third_party/libc++/trunk/include -I. -I./out/x64.release_gcc/gen/ -E src/builtins/builtins.h > builtins.h.pp  First MathIs42 will be come a member in the Name enum of the Builtins class: class Builtins { public: enum Name : int32_t { ... kMathIs42, }; static void Generate_MathIs42(compiler::CodeAssemblerState* state);  We should also take a look in src/builtins/builtins-descriptors.h as the BUILTIN_LIST is used there two and specifically to our current example there is a DEFINE_TFJ_INTERFACE_DESCRIPTOR macro used: BUILTIN_LIST(IGNORE_BUILTIN, DEFINE_TFJ_INTERFACE_DESCRIPTOR, DEFINE_TFC_INTERFACE_DESCRIPTOR, DEFINE_TFS_INTERFACE_DESCRIPTOR, DEFINE_TFH_INTERFACE_DESCRIPTOR, IGNORE_BUILTIN, DEFINE_ASM_INTERFACE_DESCRIPTOR) #define DEFINE_TFJ_INTERFACE_DESCRIPTOR(Name, Argc, ...) \ struct Builtin_##Name##_InterfaceDescriptor { \ enum ParameterIndices { \ kJSTarget = compiler::CodeAssembler::kTargetParameterIndex, \ ##__VA_ARGS__, \ kJSNewTarget, \ kJSActualArgumentsCount, \ kContext, \ kParameterCount, \ }; \ };  So the above will generate the following code but this time for builtins.cc: $ clang++ --sysroot=build/linux/debian_sid_amd64-sysroot -isystem=./buildtools/third_party/libc++/trunk/include -isystem=buildtools/third_party/libc++/trunk/include -I. -I./out/x64.release_gcc/gen/ -E src/builtins/builtins.cc > builtins.cc.pp

struct Builtin_MathIs42_InterfaceDescriptor {
enum ParameterIndices {
kJSTarget = compiler::CodeAssembler::kTargetParameterIndex,
kX,
kJSNewTarget,
kJSActualArgumentsCount,
kContext,
kParameterCount,
};

...
{"MathIs42", Builtins::TFJ, {1, 0}}
...
};


BuiltinMetadata is a struct defined in builtins.cc and in our case the name is passed, then the type, and the last struct is specifying the number of parameters and the last 0 is unused as far as I can tell and only there make it different from the constructor that takes an Address parameter.

So, where is Generate_MathIs42 used:

void SetupIsolateDelegate::SetupBuiltinsInternal(Isolate* isolate) {
Code code;
...
code = BuildWithCodeStubAssemblerJS(isolate, index, &Builtins::Generate_MathIs42, 1, "MathIs42");
...


BuildWithCodeStubAssemblerJS can be found in src/builtins/setup-builtins-internal.cc

Code BuildWithCodeStubAssemblerJS(Isolate* isolate, int32_t builtin_index,
CodeAssemblerGenerator generator, int argc,
const char* name) {
Zone zone(isolate->allocator(), ZONE_NAME);
const int argc_with_recv = (argc == kDontAdaptArgumentsSentinel) ? 0 : argc + 1;
compiler::CodeAssemblerState state(
isolate, &zone, argc_with_recv, Code::BUILTIN, name,
PoisoningMitigationLevel::kDontPoison, builtin_index);
generator(&state);
Handle<Code> code = compiler::CodeAssembler::GenerateCode(
&state, BuiltinAssemblerOptions(isolate, builtin_index));
return *code;


Lets add a conditional break point so that we can stop in this function when MathIs42 is passed in:

(gdb) br setup-builtins-internal.cc:161
(gdb) cond 1 ((int)strcmp(name, "MathIs42")) == 0


We can see that we first create a new CodeAssemblerState, which we say previously was that type that the Generate_MathIs42 function takes. TODO: look into this class a litte more. After this generator will be called with the newly created state passed in:

(gdb) p generator
$8 = (v8::internal::(anonymous namespace)::CodeAssemblerGenerator) 0x5619fd61b66e <v8::internal::Builtins::Generate_MathIs42(v8::internal::compiler::CodeAssemblerState*)>  TODO: Take a closer look at generate and how that code works. After generate returns we will have the following call:  generator(&state); Handle<Code> code = compiler::CodeAssembler::GenerateCode( &state, BuiltinAssemblerOptions(isolate, builtin_index)); return *code;  Then next thing that will happen is the code returned will be added to the builtins by calling SetupIsolateDelegate::AddBuiltin: void SetupIsolateDelegate::AddBuiltin(Builtins* builtins, int index, Code code) { builtins->set_builtin(index, code); }  set_builtins can be found in src/builtins/builtins.cc and looks like this: void Builtins::set_builtin(int index, Code builtin) { isolate_->heap()->set_builtin(index, builtin); }  And Heap::set_builtin does:  void Heap::set_builtin(int index, Code builtin) { isolate()->builtins_table()[index] = builtin.ptr(); }  So this is how the builtins_table is populated. And when is SetupBuiltinsInternal called? It is called from SetupIsolateDelegat::SetupBuiltins which is called from Isolate::Init. Just to recap before I loose track of what is going on...We have math.tq, which is the torque source file. This is parsed by the torque compiler/parser and it will generate c++ headers and source files, one of which will be a CodeStubAssembler class for our MathI42 function. It will also generate the "torque-generated/builtin-definitions-tq.h. After this has happened the sources need to be compiled into object files. After that if a snapshot is configured to be created, mksnapshot will create a new Isolate and in that process the MathIs42 builtin will get added. Then a context will be created and saved. The snapshot can then be deserialized into an Isoalte as some later point. Alright, so we have seen what gets generated for the function MathIs42 but how does this get "hooked" but to enable us to call Math.is42(11)? In bootstrapper.cc we can see a number of lines:  SimpleInstallFunction(isolate_, math, "trunc", Builtins::kMathTrunc, 1, true);  And we are going to add a line like the following:  SimpleInstallFunction(isolate_, math, "is42", Builtins::kMathIs42, 1, true);  The signature for SimpleInstallFunction looks like this V8_NOINLINE Handle<JSFunction> SimpleInstallFunction( Isolate* isolate, Handle<JSObject> base, const char* name, Builtins::Name call, int len, bool adapt, PropertyAttributes attrs = DONT_ENUM) { Handle<String> internalized_name = isolate->factory()->InternalizeUtf8String(name); Handle<JSFunction> fun = SimpleCreateFunction(isolate, internalized_name, call, len, adapt); JSObject::AddProperty(isolate, base, internalized_name, fun, attrs); return fun; }  So we see that the function is added as a property to the Math object. Notice that we also have to add kMathIs42 to the Builtins class which is now part of the builtins_table_ array which we went through above. #### Transitioning/Transient In torgue source files we can sometimes see types declared as transient, and functions that have a transitioning specifier. In V8 HeapObjects can change at runtime (I think an example of this would be deleting an element in an array which would transition it to a different type of array HoleyElementArray or something like that. TODO: verify and explain this). And a function that calls JavaScript which cause such a transition is marked with transitioning. #### Callables Are like functions is js/c++ but have some additional capabilities and there are several different types of callables: macro callables These correspond to generated CodeStubAssebler C++ that will be inlined at the callsite. builtin callables These will become V8 builtins with info added to builtin-definitions.h (via the include of torque-generated/builtin-definitions-tq.h). There is only one copy of this and this will be a call instead of being inlined as is the case with macros. runtime callables intrinsic callables #### Explicit parameters macros and builtins can have parameters. For example: @export macro HelloWorld1(msg: JSAny) { Print(msg); }  And we can call this from another macro like this: @export macro HelloWorld() { HelloWorld1('Hello World'); }  #### Implicit parameters In the previous section we showed explicit parameters but we can also have implicit parameters: @export macro HelloWorld2(implicit msg: JSAny)() { Print(msg); } @export macro HelloWorld() { const msg = 'Hello implicit'; HelloWorld2(); }  ### Troubleshooting Compilation error when including src/objects/objects-inl.h: /home/danielbevenius/work/google/v8_src/v8/src/objects/object-macros.h:263:14: error: no declaration matches ‘bool v8::internal::HeapObject::IsJSCollator() const’  Does this need i18n perhaps? $ gn args --list out/x64.release_gcc | grep i18n
v8_enable_i18n_support

usr/bin/ld: /tmp/ccJOrUMl.o: in function v8::internal::MaybeHandle<v8::internal::Object>::Check() const':
/home/danielbevenius/work/google/v8_src/v8/src/handles/maybe-handles.h:44: undefined reference to V8_Fatal(char const*, ...)'
collect2: error: ld returned 1 exit status


V8_Fatal is referenced but not defined in v8_monolith.a:

$nm libv8_monolith.a | grep V8_Fatal | c++filt ... U V8_Fatal(char const*, int, char const*, ...)  And I thought it might be defined in libv8_libbase.a but it is the same there. Actually, I was looking at the wrong symbol. This was not from the logging.o object file. If we look at it we find: v8_libbase/logging.o: ... 0000000000000000 T V8_Fatal(char const*, int, char const*, ...)  In out/x64.release/obj/logging.o we can find it defined: $ nm -C  libv8_libbase.a | grep -A 50 logging.o | grep V8_Fatal
0000000000000000 T V8_Fatal(char const*, int, char const*, ...)


T means that the symbol is in the text section. So if the linker is able to find libv8_libbase.a it should be able to resolve this.

So we need to make sure the linker can find the directory where the libraries are located ('-Wl,-Ldir'), and also that it will include the library ('-Wl,-llibname')

With this in place I can see that the linker can open the archive:

attempt to open /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/obj/libv8_libbase.so failed


But I'm still getting the same linking error. If we look closer at the error message we can see that it is maybe-handles.h that is complaining. Could it be that the order is incorrect when linking. libv8_libbase.a needs to come after libv8_monolith Something I noticed is that even though the library libv8_libbase.a is found it does not look like the linker actually reads the object files. I can see that it does this for libv8_monolith.a:

(/home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/obj/libv8_monolith.a)common-node-cache.o


Hmm, actually looking at the signature of the function it is V8_Fatal(char const*, ...) and not char const*, int, char const*, ...)

For a debug build it will be:

    void V8_Fatal(const char* file, int line, const char* format, ...);


And else

    void V8_Fatal(const char* format, ...);


So it looks like I need to set debug to false. With this the V8_Fatal symbol in logging.o is:

$nm -C out/x64.release_gcc/obj/v8_libbase/logging.o | grep V8_Fatal 0000000000000000 T V8_Fatal(char const*, ...)  ### V8 Build artifacts What is actually build when you specify v8_monolithic: When this type is chosen the build cannot be a component build, there is an assert for this. In this case a static library build: if (v8_monolithic) { # A component build is not monolithic. assert(!is_component_build) # Using external startup data would produce separate files. assert(!v8_use_external_startup_data) v8_static_library("v8_monolith") { deps = [ ":v8", ":v8_libbase", ":v8_libplatform", ":v8_libsampler", "//build/win:default_exe_manifest", ] configs = [ ":internal_config" ] } }  Notice that the builtin function is called static_library so is a template that can be found in gni/v8.gni v8_static_library: This will use source_set instead of creating a static library when compiling. When set to false, the object files that would be included in the linker command. The can speed up the build as the creation of the static libraries is skipped. But this does not really help when linking to v8 externally as from this project. is_component_build: This will compile targets declared as components as shared libraries. All the v8_components in BUILD.gn will be built as .so files in the output director (not the obj directory which is the case for static libraries). So the only two options are the v8_monolith or is_component_build where it might be an advantage of being able to build a single component and not have to rebuild the whole monolith at times. ### wee8 libwee8 can be produced which is a library which only supports WebAssembly and does not support JavaScript. $ ninja -C out/wee8 wee8


### V8 Internal Isolate

src/execution/isolate.h is where you can find the v8::internal::Isolate.

class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {


And HiddenFactory is just to allow Isolate to inherit privately from Factory which can be found in src/heap/factory.h.

### Startup Walk through

This section will walk through the start up on V8 by using the hello_world example in this project:

$LD_LIBRARY_PATH=../v8_src/v8/out/x64.release_gcc/ lldb ./hello-world (lldb) br s -n main Breakpoint 1: where = hello-worldmain + 25 at hello-world.cc:41:38, address = 0x0000000000402821   V8::InitializeExternalStartupData(argv[0]);  This call will land in api.cc which will just delegate the call to and internal (internal namespace that is). If you try to step into this function you will just land on the next line in hello_world. This is because we compiled v8 without external start up data so this function will be empty: $ objdump -Cd out/x64.release_gcc/obj/v8_base_without_compiler/startup-data-util.o
Disassembly of section .text._ZN2v88internal37InitializeExternalStartupDataFromFileEPKc:

0000000000000000 <v8::internal::InitializeExternalStartupDataFromFile(char const*)>:
0:    c3                       retq


Next, we have:

    std::unique_ptr<Platform> platform = platform::NewDefaultPlatform();


This will land in src/libplatform/default-platform.cc which will create a new DefaultPlatform.

Isolate* isolate = Isolate::New(create_params);


This will call Allocate:

Isolate* isolate = Allocate();

Isolate* Isolate::Allocate() {
return reinterpret_cast<Isolate*>(i::Isolate::New());
}


Remember that the internal Isolate can be found in src/execution/isolate.h. In src/execution/isolate.cc we find Isolate::New

Isolate* Isolate::New(IsolateAllocationMode mode) {
std::unique_ptr<IsolateAllocator> isolate_allocator = std::make_unique<IsolateAllocator>(mode);
void* isolate_ptr = isolate_allocator->isolate_memory();
Isolate* isolate = new (isolate_ptr) Isolate(std::move(isolate_allocator));


So we first create an IsolateAllocator instance which will allocate memory for a single Isolate instance. This is then passed into the Isolate constructor, notice the usage of new here, this is just a normal heap allocation.

The default new operator has been deleted and an override provided that takes a void pointer, which is just returned:

  void* operator new(size_t, void* ptr) { return ptr; }
void* operator new(size_t) = delete;
void operator delete(void*) = delete;


In this case it just returns the memory allocateed by isolate-memory(). The reason for doing this is that using the new operator not only invokes the new operator but the compiler will also add a call the types constructor passing in the address of the allocated memory.

Isolate::Isolate(std::unique_ptr<i::IsolateAllocator> isolate_allocator)
: isolate_data_(this),
isolate_allocator_(std::move(isolate_allocator)),
allocator_(FLAG_trace_zone_stats
? new VerboseAccountingAllocator(&heap_, 256 * KB)
: new AccountingAllocator()),
builtins_(this),
rail_mode_(PERFORMANCE_ANIMATION),
code_event_dispatcher_(new CodeEventDispatcher()),
jitless_(FLAG_jitless),
#if V8_SFI_HAS_UNIQUE_ID
next_unique_sfi_id_(0),
#endif


Notice that isolate_data_ will be populated by calling the constructor which takes an pointer to an Isolate.

class IsolateData final {
public:
explicit IsolateData(Isolate* isolate) : stack_guard_(isolate) {}


Back in Isolate's constructor we have:

#define ISOLATE_INIT_LIST(V)                                                   \
/* Assembler state. */                                                       \
V(FatalErrorCallback, exception_behavior, nullptr)                           \
...

#define ISOLATE_INIT_EXECUTE(type, name, initial_value) \
name##_ = (initial_value);
ISOLATE_INIT_LIST(ISOLATE_INIT_EXECUTE)
#undef ISOLATE_INIT_EXECUTE


So lets expand the first entry to understand what is going on:

   exception_behavior_ = (nullptr);
oom_behavior_ = (nullptr);
event_logger_ = (nullptr);
allow_code_gen_callback_ = (nullptr);
modify_code_gen_callback_ = (nullptr);
allow_wasm_code_gen_callback_ = (nullptr);
wasm_module_callback_ = (&NoExtension);
wasm_instance_callback_ = (&NoExtension);
wasm_streaming_callback_ = (nullptr);
relocatable_top_ = (nullptr);
string_stream_debug_object_cache_ = (nullptr);
string_stream_current_security_token_ = (Object());
api_external_references_ = (nullptr);
external_reference_map_ = (nullptr);
root_index_map_ = (nullptr);
turbo_statistics_ = (nullptr);
code_tracer_ = (nullptr);
per_isolate_assert_data_ = (0xFFFFFFFFu);
promise_reject_callback_ = (nullptr);
snapshot_blob_ = (nullptr);
external_script_source_size_ = (0);
is_profiling_ = (false);
num_cpu_profilers_ = (0);
formatting_stack_trace_ = (false);
debug_execution_mode_ = (DebugInfo::kBreakpoints);
code_coverage_mode_ = (debug::CoverageMode::kBestEffort);
type_profile_mode_ = (debug::TypeProfileMode::kNone);
last_stack_frame_info_id_ = (0);
last_console_context_id_ = (0);
inspector_ = (nullptr);
next_v8_call_is_safe_for_termination_ = (false);
only_terminate_in_safe_scope_ = (false);
detailed_source_positions_for_profiling_ = (FLAG_detailed_line_info);
embedder_wrapper_type_index_ = (-1);
embedder_wrapper_object_index_ = (-1);


So all of the entries in this list will become private members of the Isolate class after the preprocessor is finished. There will also be public assessor to get and set these initial values values (which is the last entry in the ISOLATE_INIT_LIST above.

Back in isolate.cc constructor we have:

#define ISOLATE_INIT_ARRAY_EXECUTE(type, name, length) \
memset(name##_, 0, sizeof(type) * length);
ISOLATE_INIT_ARRAY_LIST(ISOLATE_INIT_ARRAY_EXECUTE)
#undef ISOLATE_INIT_ARRAY_EXECUTE
#define ISOLATE_INIT_ARRAY_LIST(V)                                             \
/* SerializerDeserializer state. */                                          \
V(int32_t, jsregexp_static_offsets_vector, kJSRegexpStaticOffsetsVectorSize) \
...

InitializeDefaultEmbeddedBlob();


After that we have created a new Isolate, we were in this function call:

  Isolate* isolate = new (isolate_ptr) Isolate(std::move(isolate_allocator));


After this we will be back in api.cc:

  Initialize(isolate, params);

void Isolate::Initialize(Isolate* isolate,
const v8::Isolate::CreateParams& params) {


We are not using any external snapshot data so the following will be false:

  if (params.snapshot_blob != nullptr) {
i_isolate->set_snapshot_blob(params.snapshot_blob);
} else {
i_isolate->set_snapshot_blob(i::Snapshot::DefaultSnapshotBlob());

(gdb) p snapshot_blob_
$7 = (const v8::StartupData *) 0x0 (gdb) n (gdb) p i_isolate->snapshot_blob_$8 = (const v8::StartupData *) 0x7ff92d7d6cf0 <v8::internal::blob>


snapshot_blob_ is also one of the members that was set up with ISOLATE_INIT_LIST. So we are setting up the Isolate instance for creation.

Isolate::Scope isolate_scope(isolate);
if (!i::Snapshot::Initialize(i_isolate)) {


In src/snapshot/snapshot-common.cc we find

bool Snapshot::Initialize(Isolate* isolate) {
...
const v8::StartupData* blob = isolate->snapshot_blob();
Vector<const byte> startup_data = ExtractStartupData(blob);
SnapshotData startup_snapshot_data(MaybeDecompress(startup_data));
StartupDeserializer startup_deserializer(&startup_snapshot_data);
startup_deserializer.SetRehashability(ExtractRehashability(blob));



So we get the blob and create deserializers for it which are then passed to isolate->InitWithSnapshot which delegated to Isolate::Init. The blob will have be create previously using mksnapshot (more on this can be found later).

This will use a FOR_EACH_ISOLATE_ADDRESS_NAME macro to assign to the isolate_addresses_ field:

isolate_addresses_[IsolateAddressId::kHandlerAddress] = reinterpret_cast<Address>(handler_address());


After this we have a number of members that are assigned to:

  compilation_cache_ = new CompilationCache(this);
descriptor_lookup_cache_ = new DescriptorLookupCache();
inner_pointer_to_code_cache_ = new InnerPointerToCodeCache(this);
global_handles_ = new GlobalHandles(this);
eternal_handles_ = new EternalHandles();
bootstrapper_ = new Bootstrapper(this);
handle_scope_implementer_ = new HandleScopeImplementer(this);
store_stub_cache_ = new StubCache(this);
materialized_object_store_ = new MaterializedObjectStore(this);
regexp_stack_ = new RegExpStack();
regexp_stack_->isolate_ = this;
date_cache_ = new DateCache();
heap_profiler_ = new HeapProfiler(heap());
interpreter_ = new interpreter::Interpreter(this);
compiler_dispatcher_ =
new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size);


After this we have:

isolate_data_.external_reference_table()->Init(this);


This will land in src/codegen/external-reference-table.cc where we have:

void ExternalReferenceTable::Init(Isolate* isolate) {
int index = 0;
is_initialized_ = static_cast<uint32_t>(true);

CHECK_EQ(kSize, index);
}

}



Now, lets take a look at AddReferences:

Add(ExternalReference::abort_with_reason().address(), index);


What are ExternalReferences?
They represent c++ addresses used in generated code.

static const Address c_builtins[] = {
...



I can see that the function declaration is in external-reference.h but the implementation is not there. Instead this is defined in src/builtins/builtins-api.cc:

BUILTIN(HandleApiCall) {
(will expand to:)

V8_WARN_UNUSED_RESULT static Object Builtin_Impl_HandleApiCall(
BuiltinArguments args, Isolate* isolate);

int args_length, Address* args_object, Isolate* isolate) {
BuiltinArguments args(args_length, args_object);
RuntimeCallTimerScope timer(isolate,
RuntimeCallCounterId::kBuiltin_HandleApiCall);
TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.runtime"), "V8.Builtin_HandleApiCall");
return CONVERT
}
int args_length, Address* args_object, Isolate* isolate) {
DCHECK(isolate->context().is_null() || isolate->context().IsContext());
if (V8_UNLIKELY(TracingFlags::is_runtime_stats_enabled())) {
return Builtin_Impl_Stats_HandleApiCall(args_length, args_object, isolate);
}
BuiltinArguments args(args_length, args_object);
return CONVERT_OBJECT(Builtin_Impl_HandleApiCall(args, isolate));
}

V8_WARN_UNUSED_RESULT static Object Builtin_Impl_HandleApiCall(
BuiltinArguments args, Isolate* isolate) {
HandleScope scope(isolate);
Handle<JSFunction> function = args.target();
Handle<HeapObject> new_target = args.new_target();
Handle<FunctionTemplateInfo> fun_data(function->shared().get_api_func_data(),
isolate);
RETURN_RESULT_OR_FAILURE(
isolate, HandleApiCallHelper<true>(isolate, function, new_target,
} else {
RETURN_RESULT_OR_FAILURE(
isolate, HandleApiCallHelper<false>(isolate, function, new_target,
}
}


The BUILTIN macro can be found in src/builtins/builtins-utils.h:

#define BUILTIN(name)                                                       \
V8_WARN_UNUSED_RESULT static Object Builtin_Impl_##name(                  \
BuiltinArguments args, Isolate* isolate);

  if (setup_delegate_ == nullptr) {
setup_delegate_ = new SetupIsolateDelegate(create_heap_objects);
}

if (!setup_delegate_->SetupHeap(&heap_)) {
V8::FatalProcessOutOfMemory(this, "heap object creation");
return false;
}


This does nothing in the current code path and the code comment says that the heap will be deserialized from the snapshot and true will be returned.

InitializeThreadLocal();
startup_deserializer->DeserializeInto(this);

DisallowHeapAllocation no_gc;
isolate->heap()->IterateSmiRoots(this);
isolate->heap()->IterateStrongRoots(this, VISIT_FOR_SERIALIZATION);
Iterate(isolate, this);
isolate->heap()->IterateWeakRoots(this, VISIT_FOR_SERIALIZATION);
DeserializeDeferredObjects();
RestoreExternalReferenceRedirectors(accessor_infos());
RestoreExternalReferenceRedirectors(call_handler_infos());


In heap.cc we find IterateSmiRootswhich takes a pointer to aRootVistor. RootVisitor is used for visiting and modifying (optionally) the pointers contains in roots. This is used in garbage collection and also in serializing and deserializing snapshots.

### Roots

RootVistor:

class RootVisitor {
public:
virtual void VisitRootPointers(Root root, const char* description,
FullObjectSlot start, FullObjectSlot end) = 0;

virtual void VisitRootPointer(Root root, const char* description,
FullObjectSlot p) {
VisitRootPointers(root, description, p, p + 1);
}

static const char* RootName(Root root);


Root is an enum in src/object/visitors.h. This enum is generated by a macro and expands to:

enum class Root {
kStringTable,
kExternalStringsTable,
kStrongRootList,
kSmiRootList,
kBootstrapper,
kTop,
kRelocatable,
kDebug,
kCompilationCache,
kHandleScope,
kBuiltins,
kGlobalHandles,
kEternalHandles,
kStrongRoots,
kExtensions,
kCodeFlusher,
kPartialSnapshotCache,
kWeakCollections,
kWrapperTracing,
kUnknown,
kNumberOfRoots
};


These can be displayed using:

$./test/roots_test --gtest_filter=RootsTest.visitor_roots  Just to keep things clear for myself here, these visitor roots are only used for GC and serialization/deserialization (at least I think so) and should not be confused with the RootIndex enum in src/roots/roots.h. Lets set a break point in mksnapshot and see if we can find where one of the above Root enum elements is used to make it a little more clear what these are used for. $ lldb ../v8_src/v8/out/x64.debug/mksnapshot
(lldb) target create "../v8_src/v8/out/x64.debug/mksnapshot"
Current executable set to '../v8_src/v8/out/x64.debug/mksnapshot' (x86_64).
(lldb) br s -n main
Breakpoint 1: where = mksnapshotmain + 42, address = 0x00000000009303ca
(lldb) r


What this does is that it creates an V8 environment (Platform, Isolate, Context) and then saves it to a file, either a binary file on disk but it can also save it to a .cc file that can be used in programs in which case the binary is a byte array. It does this in much the same way as the hello-world example create a platform and then initializes it, and the creates and initalizes a new Isolate. After the Isolate a new Context will be create using the Isolate. If there was an embedded-src flag passed to mksnaphot it will be run.

StartupSerializer will use the Root enum elements for example and the deserializer will use the same enum elements.

Adding a script to a snapshot:

$gdb ../v8_src/v8/out/x64.release_gcc/mksnapshot --embedded-src="$PWD/embed.js"


TODO: Look into CreateOffHeapTrampolines.

So the VisitRootPointers function takes one of these Root's and visits all those roots. In our case the first Root to be visited is Heap::IterateSmiRoots:

void Heap::IterateSmiRoots(RootVisitor* v) {
ExecutionAccess access(isolate());
v->VisitRootPointers(Root::kSmiRootList, nullptr,
roots_table().smi_roots_begin(),
roots_table().smi_roots_end());
v->Synchronize(VisitorSynchronization::kSmiRootList);
}


And here we can see that it is using Root::kSmiRootList, and passing nullptr for the description argument (I wonder what this is used for?). Next, comes the start and end arguments.

(lldb) p roots_table().smi_roots_begin()
(v8::internal::FullObjectSlot) $5 = { v8::internal::SlotBase<v8::internal::FullObjectSlot, unsigned long, 8> = (ptr_ = 50680614097760) }  We can list all the values of roots_table using: (lldb) expr -A -- roots_table()  In src/snapshot/deserializer.cc we can find VisitRootPointers: void Deserializer::VisitRootPointers(Root root, const char* description, FullObjectSlot start, FullObjectSlot end) ReadData(FullMaybeObjectSlot(start), FullMaybeObjectSlot(end), SnapshotSpace::kNew, kNullAddress);  Notice that description is never used. ReadDatais in the same source file: The class SnapshotByteSource has a data member that is initialized upon construction from a const char* or a Vector. Where is this done? This was done back in Snapshot::Initialize:  const v8::StartupData* blob = isolate->snapshot_blob(); Vector<const byte> startup_data = ExtractStartupData(blob); Vector<const byte> read_only_data = ExtractReadOnlyData(blob); SnapshotData startup_snapshot_data(MaybeDecompress(startup_data)); SnapshotData read_only_snapshot_data(MaybeDecompress(read_only_data)); StartupDeserializer startup_deserializer(&startup_snapshot_data);  (lldb) expr *this (v8::internal::SnapshotByteSource)$30 = (data_ = "\x04", length_ = 125752, position_ = 1)


All the roots in a heap are declared in src/roots/roots.h. You can access the roots using RootsTable via the Isolate using isolate_data->roots() or by using isolate->roots_table. The roots_ field is an array of Address elements:

class RootsTable {
public:
static constexpr size_t kEntriesCount = static_cast<size_t>(RootIndex::kRootListLength);
...
private:
static const char* root_names_[kEntriesCount];


RootIndex is generated by a macro

enum class RootIndex : uint16_t {


The complete enum can be displayed using:

$./test/roots_test --gtest_filter=RootsTest.list_root_index  Lets take a look at an entry: (lldb) p roots_[(uint16_t)RootIndex::kError_string] (v8::internal::Address)$1 = 42318447256121


Now, there are functions in factory which can be used to retrieve these addresses, like factory->Error_string():

(lldb) expr *isolate->factory()->Error_string()
(v8::internal::String) $9 = { v8::internal::TorqueGeneratedString<v8::internal::String, v8::internal::Name> = { v8::internal::Name = { v8::internal::TorqueGeneratedName<v8::internal::Name, v8::internal::PrimitiveHeapObject> = { v8::internal::PrimitiveHeapObject = { v8::internal::TorqueGeneratedPrimitiveHeapObject<v8::internal::PrimitiveHeapObject, v8::internal::HeapObject> = { v8::internal::HeapObject = { v8::internal::Object = { v8::internal::TaggedImpl<v8::internal::HeapObjectReferenceType::STRONG, unsigned long> = (ptr_ = 42318447256121) } } } } } } } } (lldb) expr$9.length()
(int32_t) $10 = 5 (lldb) expr$9.Print()
#Error


These accessor functions declarations are generated by the ROOT_LIST(ROOT_ACCESSOR)) macros:

#define ROOT_ACCESSOR(Type, name, CamelName) inline Handle<Type> name();
ROOT_LIST(ROOT_ACCESSOR)
#undef ROOT_ACCESSOR


And the definitions can be found in src/heap/factory-inl.h and look like this The implementations then look like this:

String ReadOnlyRoots::Error_string() const {
return  String::unchecked_cast(Object(at(RootIndex::kError_string)));
}

return Handle<String>(&at(RootIndex::kError_string));
}


The unit test roots_test shows and example of this.

This shows the usage of root entries but where are the roots added to this array. roots_ is a member of IsolateData in src/execution/isolate-data.h:

  RootsTable roots_;


We can inspect the roots_ content by using the interal Isolate:

(lldb) f
frame #0: 0x00007ffff6261cdf libv8.sov8::Isolate::Initialize(isolate=0x00000eb900000000, params=0x00007fffffffd0d0) at api.cc:8269:31
8266    void Isolate::Initialize(Isolate* isolate,
8267                             const v8::Isolate::CreateParams& params) {

(lldb) expr i_isolate->isolate_data_.roots_
(v8::internal::RootsTable) $5 = { roots_ = { [0] = 0 [1] = 0 [2] = 0  So we can see that the roots are intially zero:ed out. And the type of roots_ is an array of Address's.  frame #3: 0x00007ffff6c33d58 libv8.sov8::internal::Deserializer::VisitRootPointers(this=0x00007fffffffcce0, root=kReadOnlyRootList, description=0x0000000000000000, start=FullObjectSlot @ 0x00007fffffffc530, end=FullObjectSlot @ 0x00007fffffffc528) at deserializer.cc:94:11 frame #4: 0x00007ffff6b6212f libv8.sov8::internal::ReadOnlyRoots::Iterate(this=0x00007fffffffc5c8, visitor=0x00007fffffffcce0) at roots.cc:21:29 frame #5: 0x00007ffff6c46fee libv8.sov8::internal::ReadOnlyDeserializer::DeserializeInto(this=0x00007fffffffcce0, isolate=0x00000f7500000000) at read-only-deserializer.cc:41:18 frame #6: 0x00007ffff66af631 libv8.sov8::internal::ReadOnlyHeap::DeseralizeIntoIsolate(this=0x000000000049afb0, isolate=0x00000f7500000000, des=0x00007fffffffcce0) at read-only-heap.cc:85:23 frame #7: 0x00007ffff66af5de libv8.sov8::internal::ReadOnlyHeap::SetUp(isolate=0x00000f7500000000, des=0x00007fffffffcce0) at read-only-heap.cc:78:53  This will land us in roots.cc ReadOnlyRoots::Iterate(RootVisitor* visitor): void ReadOnlyRoots::Iterate(RootVisitor* visitor) { visitor->VisitRootPointers(Root::kReadOnlyRootList, nullptr, FullObjectSlot(read_only_roots_), FullObjectSlot(&read_only_roots_[kEntriesCount])); visitor->Synchronize(VisitorSynchronization::kReadOnlyRootList); }  Deserializer::VisitRootPointers calls Deserializer::ReadData and the roots_ array is still zero:ed out when we enter this function. void Deserializer::VisitRootPointers(Root root, const char* description, FullObjectSlot start, FullObjectSlot end) { ReadData(FullMaybeObjectSlot(start), FullMaybeObjectSlot(end), SnapshotSpace::kNew, kNullAddress);  Notice that we called VisitRootPointer and pased in Root:kReadOnlyRootList, nullptr (the description), and start and end addresses as FullObjectSlots. The signature of VisitRootPointers looks like this: virtual void VisitRootPointers(Root root, const char* description, FullObjectSlot start, FullObjectSlot end)  In our case we are using the address of read_only_roots_ from src/roots/roots.h and the end is found by using the static member of ReadOnlyRoots::kEntrysCount. The switch statement in ReadData is generated by macros so lets take a look at an expanded snippet to understand what is going on: template <typename TSlot> bool Deserializer::ReadData(TSlot current, TSlot limit, SnapshotSpace source_space, Address current_object_address) { Isolate* const isolate = isolate_; ... while (current < limit) { byte data = source_.Get();  So current is the start address of the read_only_list and limit the end. source_ is a member of ReadOnlyDeserializer and is of type SnapshotByteSource. source_ got populated back in Snapshot::Initialize(internal_isolate): const v8::StartupData* blob = isolate->snapshot_blob(); Vector<const byte> read_only_data = ExtractReadOnlyData(blob); ReadOnlyDeserializer read_only_deserializer(&read_only_snapshot_data);  And ReadOnlyDeserializer extends Deserialier (src/snapshot/deserializer.h) which has a constructor that sets the source_ member to data->Payload(). So source_ is will be pointer to an instance of SnapshotByteSource which can be found in src/snapshot-source-sink.h: class SnapshotByteSource final { public: SnapshotByteSource(const char* data, int length) : data_(reinterpret_cast<const byte*>(data)), length_(length), position_(0) {} byte Get() { return data_[position_++]; } ... private: const byte* data_; int length_; int posistion_;  Alright, so we are calling source_.Get() which we can see returns the current entry from the byte array data_ and increment the position. So with that in mind lets take closer look at the switch statment:  while (current < limit) { byte data = source_.Get(); switch (data) { case kNewObject + static_cast<int>(SnapshotSpace::kNew): current = ReadDataCase<TSlot, kNewObject, SnapshotSpace::kNew>(isolate, current, current_object_address, data, write_barrier_needed); break; case kNewObject + static_cast<int>(SnapshotSpace::kOld): [[clang::fallthrough]]; case kNewObject + static_cast<int>(SnapshotSpace::kCode): [[clang::fallthrough]]; case kNewObject + static_cast<int>(SnapshotSpace::kMap): static_assert((static_cast<int>(SnapshotSpace::kMap) & ~kSpaceMask) == 0, "(static_cast<int>(SnapshotSpace::kMap) & ~kSpaceMask) == 0"); [[clang::fallthrough]]; ...  We can see that switch statement will assign the passed-in current with a new instance of ReadDataCase.  current = ReadDataCase<TSlot, kNewObject, SnapshotSpace::kNew>(isolate, current, current_object_address, data, write_barrier_needed);  Notice that kNewObject is the type of SerializerDeserliazer::Bytecode that is to be read (I think), this enum can be found in src/snapshot/serializer-common.h. TSlot I think stands for the "Type of Slot", which in our case is a FullMaybyObjectSlot.  HeapObject heap_object; if (bytecode == kNewObject) { heap_object = ReadObject(space);  ReadObject is also in deserializer.cc : Address address = allocator()->Allocate(space, size); HeapObject obj = HeapObject::FromAddress(address); isolate_->heap()->OnAllocationEvent(obj, size); Alright, lets set a watch point on the roots_ array to see when the first entry is populated and try to figure this out that way: console (lldb) watch set variable isolate->isolate_data_.roots_.roots_[0] Watchpoint created: Watchpoint 5: addr = 0xf7500000080 size = 8 state = enabled type = w declare @ '/home/danielbevenius/work/google/v8_src/v8/src/heap/read-only-heap.cc:28' watchpoint spec = 'isolate->isolate_data_.roots_.roots_[0]' new value: 0 (lldb) r Watchpoint 5 hit: old value: 0 new value: 16995320070433 Process 1687448 stopped * thread #1, name = 'hello-world', stop reason = watchpoint 5 frame #0: 0x00007ffff664e5b1 libv8.sov8::internal::FullMaybeObjectSlot::store(this=0x00007fffffffc3b0, value=MaybeObject @ 0x00007fffffffc370) const at slots-inl.h:74:1 71 72 void FullMaybeObjectSlot::store(MaybeObject value) const { 73 *location() = value.ptr(); -> 74 } 75  We can verify that location actually contains the address of roots_[0]: (lldb) expr -f hex -- this->ptr_ (v8::internal::Address)$164 = 0x00000f7500000080
(lldb) expr -f hex -- &this->isolate_->isolate_data_.roots_.roots_[0]
(v8::internal::Address *) $171 = 0x00000f7500000080 (lldb) expr -f hex -- value.ptr() (unsigned long)$184 = 0x00000f7508040121
(lldb) expr -f hex -- isolate_->isolate_data_.roots_.roots_[0]
(v8::internal::Address) $183 = 0x00000f7508040121  The first entry is free_space_map. (lldb) expr v8::internal::Map::unchecked_cast(v8::internal::Object(value->ptr())) (v8::internal::Map)$185 = {
v8::internal::HeapObject = {
v8::internal::Object = {
v8::internal::TaggedImpl<v8::internal::HeapObjectReferenceType::STRONG, unsigned long> = (ptr_ = 16995320070433)
}
}


Next, we will go through the while loop again:

(lldb) expr -f hex -- isolate_->isolate_data_.roots_.roots_[1]
(v8::internal::Address) $191 = 0x0000000000000000 (lldb) expr -f hex -- &isolate_->isolate_data_.roots_.roots_[1] (v8::internal::Address *)$192 = 0x00000f7500000088
(lldb) expr -f hex -- location()
(v8::internal::SlotBase<v8::internal::FullMaybeObjectSlot, unsigned long, 8>::TData *) $194 = 0x00000f7500000088  Notice that in Deserializer::Write we have:  dest.store(value); return dest + 1;  And it's current value is: (v8::internal::Address)$197 = 0x00000f7500000088


Which is the same address as roots_[1] that we just wrote to.

If we know the type that an Address points to we can use the Type::cast(Object obj) to cast it into a pointer of that type. I think this works will all types.

(lldb) expr -A -f hex  -- v8::internal::Oddball::cast(v8::internal::Object(isolate_->isolate_data_.roots_.roots_[4]))
(v8::internal::Oddball) $258 = { v8::internal::TorqueGeneratedOddball<v8::internal::Oddball, v8::internal::PrimitiveHeapObject> = { v8::internal::PrimitiveHeapObject = { v8::internal::TorqueGeneratedPrimitiveHeapObject<v8::internal::PrimitiveHeapObject, v8::internal::HeapObject> = { v8::internal::HeapObject = { v8::internal::Object = { v8::internal::TaggedImpl<v8::internal::HeapObjectReferenceType::STRONG, unsigned long> = (ptr_ = 0x00000f750804030d) } } } } } }  You can also just cast it to an object and try printing it: (lldb) expr -A -f hex -- v8::internal::Object(isolate_->isolate_data_.roots_.roots_[4]).Print() #undefined  This is actually the Oddball UndefinedValue so it makes sense in this case I think. With this value in the roots_ array we can use the function ReadOnlyRoots::undefined_value(): (lldb) expr v8::internal::ReadOnlyRoots(&isolate_->heap_).undefined_value() (v8::internal::Oddball)$265 = {
v8::internal::TorqueGeneratedOddball<v8::internal::Oddball, v8::internal::PrimitiveHeapObject> = {
v8::internal::PrimitiveHeapObject = {
v8::internal::TorqueGeneratedPrimitiveHeapObject<v8::internal::PrimitiveHeapObject, v8::internal::HeapObject> = {
v8::internal::HeapObject = {
v8::internal::Object = {
v8::internal::TaggedImpl<v8::internal::HeapObjectReferenceType::STRONG, unsigned long> = (ptr_ = 16995320070925)
}
}
}
}
}
}


So how are these roots used, take the above undefined_value for example?
Well most things (perhaps all) that are needed go via the Factory which the internal Isolate is a type of. In factory we can find:

Handle<Oddball> Factory::undefined_value() {
return Handle<Oddball>(&isolate()->roots_table()[RootIndex::kUndefinedValue]);
}


Notice that this is basically what we did in the debugger before but here it is wrapped in Handle so that it can be tracked by the GC.

The unit test isolate_test explores the internal isolate and has example of usages of the above mentioned methods.

InitwithSnapshot will call Isolate::Init:

bool Isolate::Init(ReadOnlyDeserializer* read_only_deserializer,
StartupDeserializer* startup_deserializer) {

#define ASSIGN_ELEMENT(CamelName, hacker_name)                  \
#undef ASSIGN_ELEMENT

  Address isolate_addresses_[kIsolateAddressCount + 1] = {};

(gdb) p isolate_addresses_
$16 = {0 <repeats 13 times>}  Lets take a look at the expanded code in Isolate::Init: $ clang++ -I./out/x64.release/gen -I. -I./include -E src/execution/isolate.cc > output

isolate_addresses_[IsolateAddressId::kHandlerAddress] = reinterpret_cast<Address>(handler_address());


Then functions, like handler_address() are implemented as:

inline Address* handler_address() { return &thread_local_top()->handler_; }

(gdb) x/x isolate_addresses_[0]
0x1a3500003240:    0x00000000


At this point in the program we have only set the entries to point contain the addresses specified in ThreadLocalTop, At the time there are initialized the will mostly be initialized to kNullAddress:

static const Address kNullAddress = 0;


And notice that the functions above return pointers so later these pointers can be updated to point to something. What/when does this happen? Lets continue and find out...

Back in Isolate::Init we have:

  compilation_cache_ = new CompilationCache(this);
descriptor_lookup_cache_ = new DescriptorLookupCache();
inner_pointer_to_code_cache_ = new InnerPointerToCodeCache(this);
global_handles_ = new GlobalHandles(this);
eternal_handles_ = new EternalHandles();
bootstrapper_ = new Bootstrapper(this);
handle_scope_implementer_ = new HandleScopeImplementer(this);
store_stub_cache_ = new StubCache(this);
materialized_object_store_ = new MaterializedObjectStore(this);
regexp_stack_ = new RegExpStack();
regexp_stack_->isolate_ = this;
date_cache_ = new DateCache();
heap_profiler_ = new HeapProfiler(heap());
interpreter_ = new interpreter::Interpreter(this);

compiler_dispatcher_ =
new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size);

// SetUp the object heap.
DCHECK(!heap_.HasBeenSetUp());
heap_.SetUp();

...


Lets take a look at InitializeThreadLocal

void Isolate::InitializeThreadLocal() {
clear_pending_exception();
clear_pending_message();
clear_scheduled_exception();
}

void Isolate::clear_pending_exception() {
}


#define ROOT_ACCESSOR(Type, name, CamelName) \
V8_INLINE class Type name() const;         \
V8_INLINE Handle<Type> name##_handle() const;

#undef ROOT_ACCESSOR


This will expand to a number of function declarations that looks like this:

$clang++ -I./out/x64.release/gen -I. -I./include -E src/roots/roots.h > output  inline __attribute__((always_inline)) class Map free_space_map() const; inline __attribute__((always_inline)) Handle<Map> free_space_map_handle() const;  The Map class is what all HeapObject use to describe their structure. Notice that there is also a Handle declared. These are generated by a macro in roots-inl.h: Map ReadOnlyRoots::free_space_map() const { ((void) 0); return Map::unchecked_cast(Object(at(RootIndex::kFreeSpaceMap))); } Handle<Map> ReadOnlyRoots::free_space_map_handle() const { ((void) 0); return Handle<Map>(&at(RootIndex::kFreeSpaceMap)); }  Notice that this is using the RootIndex enum that was mentioned earlier:  return Map::unchecked_cast(Object(at(RootIndex::kFreeSpaceMap)));  In object/map.h there is the following line:  DECL_CAST(Map)  Which can be found in objects/object-macros.h: #define DECL_CAST(Type) \ V8_INLINE static Type cast(Object object); \ V8_INLINE static Type unchecked_cast(Object object) { \ return bit_cast<Type>(object); \ }  This will expand to something like  static Map cast(Object object); static Map unchecked_cast(Object object) { return bit_cast<Map>(object); }  And the Object part is the Object contructor that takes an Address:  explicit constexpr Object(Address ptr) : TaggedImpl(ptr) {}  That leaves the at function which is a private function in ReadOnlyRoots:  V8_INLINE Address& at(RootIndex root_index) const;  So we are now back in Isolate::Init after the call to InitializeThreadLocal we have: setup_delegate_->SetupBuiltins(this);  In the following line in api.cc, where does i::OBJECT_TEMPLATE_INFO_TYPE come from:  i::Handle<i::Struct> struct_obj = isolate->factory()->NewStruct( i::OBJECT_TEMPLATE_INFO_TYPE, i::AllocationType::kOld);  ### InstanceType The enum InstanceType is defined in src/objects/instance-type.h: #include "torque-generated/instance-types-tq.h" enum InstanceType : uint16_t { ... #define MAKE_TORQUE_INSTANCE_TYPE(TYPE, value) TYPE = value, TORQUE_ASSIGNED_INSTANCE_TYPES(MAKE_TORQUE_INSTANCE_TYPE) #undef MAKE_TORQUE_INSTANCE_TYPE ... };  And in gen/torque-generated/instance-types-tq.h we can find: #define TORQUE_ASSIGNED_INSTANCE_TYPES(V) \ ... V(OBJECT_TEMPLATE_INFO_TYPE, 79) \ ...  There is list in src/objects/objects-definitions.h: #define STRUCT_LIST_GENERATOR_BASE(V, _) \ ... V(_, OBJECT_TEMPLATE_INFO_TYPE, ObjectTemplateInfo, object_template_info) \ ...  template <typename Impl> Handle<Struct> FactoryBase<Impl>::NewStruct(InstanceType type, AllocationType allocation) { Map map = Map::GetInstanceTypeMap(read_only_roots(), type);  If we look in Map::GetInstanceTypeMap in map.cc we find:  Map map; switch (type) { #define MAKE_CASE(TYPE, Name, name) \ case TYPE: \ map = roots.name##_map(); \ break; STRUCT_LIST(MAKE_CASE) #undef MAKE_CASE  Now, we know that our type is: (gdb) p type$1 = v8::internal::OBJECT_TEMPLATE_INFO_TYPE

    map = roots.object_template_info_map();       \


And we can inspect the output of the preprocessor of roots.cc and find:

Map ReadOnlyRoots::object_template_info_map() const {
((void) 0);
return Map::unchecked_cast(Object(at(RootIndex::kObjectTemplateInfoMap)));
}


And this is something we have seen before.

One things I ran into was wanting to print the InstanceType using the overloaded << operator which is defined for the InstanceType in objects.cc.

std::ostream& operator<<(std::ostream& os, InstanceType instance_type) {
switch (instance_type) {
#define WRITE_TYPE(TYPE) \
case TYPE:             \
return os << #TYPE;
INSTANCE_TYPE_LIST(WRITE_TYPE)
#undef WRITE_TYPE
}
UNREACHABLE();
}


The code I'm using is the followig:

  i::InstanceType type = map.instance_type();
std::cout << "object_template_info_map type: " << type << '\n';


This will cause the UNREACHABLE() function to be called and a Fatal error thrown. But note that the following line works:

  std::cout << "object_template_info_map type: " << v8::internal::OBJECT_TEMPLATE_INFO_TYPE << '\n';


And prints

object_template_info_map type: OBJECT_TEMPLATE_INFO_TYPE


In the switch/case block above the case for this value is:

  case OBJECT_TEMPLATE_INFO_TYPE:
return os << "OBJECT_TEMPLATE_INFO_TYPE"


When map.instance_type() is called, it returns a value of 1023 but the value of OBJECT_TEMPLATE_INFO_TYPE is:

OBJECT_TEMPLATE_INFO_TYPE = 79


And we can confirm this using:

  std::cout << "object_template_info_map type: " << static_cast<uint16_t>(v8::internal::OBJECT_TEMPLATE_INFO_TYPE) << '\n';


Which will print:

object_template_info_map type: 79


### Context creation

When we create a new context using:

  Local<ObjectTemplate> global = ObjectTemplate::New(isolate_);
Local<Context> context = Context::New(isolate_, nullptr, global);


The Context class in include/v8.h declares New as follows:

static Local<Context> New(Isolate* isolate,
ExtensionConfiguration* extensions = nullptr,
MaybeLocal<ObjectTemplate> global_template = MaybeLocal<ObjectTemplate>(),
MaybeLocal<Value> global_object = MaybeLocal<Value>(),
DeserializeInternalFieldsCallback internal_fields_deserializer = DeserializeInternalFieldsCallback(),


When a step into Context::New(isolate_, nullptr, global) this will first break in the constructor of DeserializeInternalFieldsCallback in v8.h which has default values for the callback function and data_args (both are nullptr). After that gdb will break in MaybeLocal and setting val_ to nullptr. Next it will break in Local::operator* for the value of global which is then passed to the MaybeLocalv8::ObjectTemplate constructor. After those break points the break point will be in api.cc and v8::Context::New. New will call NewContext in api.cc.

There will be some checks and logging/tracing and then a call to CreateEnvironment:

i::Handle<i::Context> env = CreateEnvironment<i::Context>(
isolate,
extensions,
global_template,
global_object,
context_snapshot_index,
embedder_fields_deserializer,


The first line in CreateEnironment is:

ENTER_V8_FOR_NEW_CONTEXT(isolate);


Which is a macro defined in api.cc

i::VMState<v8::OTHER> __state__((isolate)); \
i::DisallowExceptions __no_exceptions__((isolate))


So the first break point we break on will be the execution/vm-state-inl.h and VMState's constructor:

template <StateTag Tag>
VMState<Tag>::VMState(Isolate* isolate)
: isolate_(isolate), previous_tag_(isolate->current_vm_state()) {
isolate_->set_current_vm_state(Tag);
}


In gdb you'll see this:

(gdb) s
v8::internal::VMState<(v8::StateTag)5>::VMState (isolate=0x372500000000, this=<synthetic pointer>) at ../../src/api/api.cc:6005
(gdb) s
v8::internal::Isolate::current_vm_state (this=0x372500000000) at ../../src/execution/isolate.h:1072


Notice that VMState's constructor sets its previous_tag_ to isolate->current_vm_state() which is generated by the macro THREAD_LOCAL_TOP_ACCESSOR. The next break point will be:

#0  v8::internal::PerIsolateAssertScopeDebugOnly<(v8::internal::PerIsolateAssertType)5, false>::PerIsolateAssertScopeDebugOnly (
isolate=0x372500000000, this=0x7ffc7b51b500) at ../../src/common/assert-scope.h:107
107      explicit PerIsolateAssertScopeDebugOnly(Isolate* isolate)


We can find that DisallowExceptions is defined in src/common/assert-scope.h as:

using DisallowExceptions =
PerIsolateAssertScopeDebugOnly<NO_EXCEPTION_ASSERT, false>;


After all that we can start to look at the code in CreateEnvironment.

    // Create the environment.
InvokeBootstrapper<ObjectType> invoke;
result = invoke.Invoke(isolate, maybe_proxy, proxy_template, extensions,
context_snapshot_index, embedder_fields_deserializer,

template <typename ObjectType>
struct InvokeBootstrapper;

template <>
struct InvokeBootstrapper<i::Context> {
i::Handle<i::Context> Invoke(
i::Isolate* isolate, i::MaybeHandle<i::JSGlobalProxy> maybe_global_proxy,
v8::Local<v8::ObjectTemplate> global_proxy_template,
v8::ExtensionConfiguration* extensions, size_t context_snapshot_index,
v8::DeserializeInternalFieldsCallback embedder_fields_deserializer,
return isolate->bootstrapper()->CreateEnvironment(
maybe_global_proxy, global_proxy_template, extensions,
}
};


Bootstrapper can be found in src/init/bootstrapper.cc:

HandleScope scope(isolate_);
Handle<Context> env;
{
Genesis genesis(isolate_, maybe_global_proxy, global_proxy_template,
context_snapshot_index, embedder_fields_deserializer,
env = genesis.result();
if (env.is_null() || !InstallExtensions(env, extensions)) {
return Handle<Context>();
}
}


Notice that the break point will be in the HandleScope constructor. Then a new instance of Genesis is created which performs some actions in its constructor.

global_proxy = isolate->factory()->NewUninitializedJSGlobalProxy(instance_size);


This will land in factory.cc:

Handle<Map> map = NewMap(JS_GLOBAL_PROXY_TYPE, size);


size will be 16 in this case. NewMap is declared in factory.h which has default values for its parameters:

  Handle<Map> NewMap(InstanceType type, int instance_size,
ElementsKind elements_kind = TERMINAL_FAST_ELEMENTS_KIND,
int inobject_properties = 0);


In Factory::InitializeMap we have the following check:

DCHECK_EQ(map.GetInObjectProperties(), inobject_properties);


Remember that I called Context::New with the following arguments:

  Local<ObjectTemplate> global = ObjectTemplate::New(isolate_);
Local<Context> context = Context::New(isolate_, nullptr, global);


### TaggedImpl

Has a single private member which is declared as:

StorageType ptr_;


An instance can be created using:

  i::TaggedImpl<i::HeapObjectReferenceType::STRONG, i::Address>  tagged{};


Storage type can also be Tagged_t which is defined in globals.h:

 using Tagged_t = uint32_t;


It looks like it can be a different value when using pointer compression.

### Object (internal)

This class extends TaggedImpl:

class Object : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {


An Object can be created using the default constructor, or by passing in an Address which will delegate to TaggedImpl constructors. Object itself does not have any members (apart from ptr_ which is inherited from TaggedImpl that is). So if we create an Object on the stack this is like a pointer/reference to an object:

+------+
|Object|
|------|
|ptr_  |---->
+------+


Now, ptr_ is a TaggedImpl so it would be a Smi in which case it would just contains the value directly, for example a small integer:

+------+
|Object|
|------|
|  18  |
+------+


### Handle

A Handle is similar to a Object and ObjectSlot in that it also contains an Address member (called location_ and declared in HandleBase), but with the difference is that Handles can be relocated by the garbage collector.

### NewContext

When we create a new context using:

const v8::Local<v8::ObjectTemplate> obt = v8::Local<v8::ObjectTemplate>();
v8::Handle<v8::Context> context = v8::Context::New(isolate_, nullptr, obt);


The above is using the static function New declared in include/v8.h

static Local<Context> New(
Isolate* isolate,
ExtensionConfiguration* extensions = nullptr,
MaybeLocal<ObjectTemplate> global_template = MaybeLocal<ObjectTemplate>(),
MaybeLocal<Value> global_object = MaybeLocal<Value>(),
DeserializeInternalFieldsCallback internal_fields_deserializer = DeserializeInternalFieldsCallback(),


The implementation for this function can be found in src/api/api.cc How does a Local become a MaybeLocal in this above case?
This is because MaybeLocal has a constructor that takes a Local<S> and this will be casted into the val_ member of the MaybeLocal instance.

TODO

### What is the difference between a Local and a Handle?

Currently, the torque generator will generate Print functions that look like the following:

template <>
void TorqueGeneratedEnumCache<EnumCache, Struct>::EnumCachePrint(std::ostream& os) {
os << "\n - keys: " << Brief(this->keys());
os << "\n - indices: " << Brief(this->indices());
os << "\n";
}


Notice the last line where the newline character is printed as a string. This would just be a char instead '\n'.

There are a number of things that need to happen only once upon startup for each process. These things are placed in V8::InitializeOncePerProcessImpl which can be found in src/init/v8.cc. This is called by v8::V8::Initialize().

  CpuFeatures::Probe(false);
ElementsAccessor::InitializeOncePerProcess();
Bootstrapper::InitializeOncePerProcess();
CallDescriptors::InitializeOncePerProcess();
wasm::WasmEngine::InitializeOncePerProcess();


ElementsAccessor populates the accessor_array with Elements listed in ELEMENTS_LIST. TODO: take a closer look at Elements.

v8::Isolate::Initialize will set up the heap.

i_isolate->heap()->ConfigureHeap(params.constraints);


It is when we create an new Context that Genesis is created. This will call Snapshot::NewContextFromSnapshot. So the context is read from the StartupData* blob with ExtractContextData(blob).

What is the global proxy?

### Builtins runtime error

Builtins is a member of Isolate and an instance is created by the Isolate constructor. We can inspect the value of initialized_ and that it is false:

(gdb) p *this->builtins()
$3 = {static kNoBuiltinId = -1, static kFirstWideBytecodeHandler = 1248, static kFirstExtraWideBytecodeHandler = 1398, static kLastBytecodeHandlerPlusOne = 1548, static kAllBuiltinsAreIsolateIndependent = true, isolate_ = 0x0, initialized_ = false, js_entry_handler_offset_ = 0}  The above is printed form Isolate's constructor and it is not changes in the contructor. This is very strange, while I though that the initialized_ was being updated it now looks like there might be two instances, one with has this value as false and the other as true. And also one has a nullptr as the isolate and the other as an actual value. For example, when I run the hello-world example: $4 = (v8::internal::Builtins *) 0x33b20000a248
(gdb) p &builtins_
$5 = (v8::internal::Builtins *) 0x33b20000a248  Notice that these are poiting to the same location in memory. (gdb) p &builtins_$1 = (v8::internal::Builtins *) 0x25210000a248
(gdb) p builtins()
$2 = (v8::internal::Builtins *) 0x25210000a228  Alright, so after looking into this closer I noticed that I was including internal headers in the test itself. When I include src/builtins/builtins.h I will get an implementation of isolate->builtins() in the object file which is in the shared library libv8.so, but the field is part of object file that is part of the cctest. This will be a different method and not the method that is in libv8_v8.so shared library. As I'm only interested in exploring v8 internals and my goal is only for each unit test to verify my understanding I've statically linked those object files needed, like builtins.o and code.o to the test.  Fatal error in ../../src/snapshot/read-only-deserializer.cc, line 35 # Debug check failed: !isolate->builtins()->is_initialized(). # # # #FailureMessage Object: 0x7ffed92ceb20 ==== C stack trace =============================== /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x1d) [0x7fabe6c348c1] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8_libplatform.so(+0x652d9) [0x7fabe6cac2d9] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8_libbase.so(V8_Fatal(char const*, int, char const*, ...)+0x172) [0x7fabe6c2416d] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8_libbase.so(v8::base::SetPrintStackTrace(void (*)())+0) [0x7fabe6c23de0] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8_libbase.so(V8_Dcheck(char const*, int, char const*)+0x2d) [0x7fabe6c241b1] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::internal::ReadOnlyDeserializer::DeserializeInto(v8::internal::Isolate*)+0x192) [0x7fabe977c468] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::internal::ReadOnlyHeap::DeseralizeIntoIsolate(v8::internal::Isolate*, v8::internal::ReadOnlyDeserializer*)+0x4f) [0x7fabe91e5a7d] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::internal::ReadOnlyHeap::SetUp(v8::internal::Isolate*, v8::internal::ReadOnlyDeserializer*)+0x66) [0x7fabe91e5a2a] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::internal::Isolate::Init(v8::internal::ReadOnlyDeserializer*, v8::internal::StartupDeserializer*)+0x70b) [0x7fabe90633bb] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::internal::Isolate::InitWithSnapshot(v8::internal::ReadOnlyDeserializer*, v8::internal::StartupDeserializer*)+0x7b) [0x7fabe906299f] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::internal::Snapshot::Initialize(v8::internal::Isolate*)+0x1e9) [0x7fabe978d941] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::Isolate::Initialize(v8::Isolate*, v8::Isolate::CreateParams const&)+0x33d) [0x7fabe8d999e3] /home/danielbevenius/work/google/v8_src/v8/out/x64.release_gcc/libv8.so(v8::Isolate::New(v8::Isolate::CreateParams const&)+0x28) [0x7fabe8d99b66] ./test/builtins_test() [0x4135a2] ./test/builtins_test() [0x43a1b7] ./test/builtins_test() [0x434c99] ./test/builtins_test() [0x41a3a7] ./test/builtins_test() [0x41aafb] ./test/builtins_test() [0x41b085] ./test/builtins_test() [0x4238e0] ./test/builtins_test() [0x43b1aa] ./test/builtins_test() [0x435773] ./test/builtins_test() [0x422836] ./test/builtins_test() [0x412ea4] ./test/builtins_test() [0x412e3d] /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fabe66b31a3] ./test/builtins_test() [0x412d5e] Illegal instruction (core dumped)  The issue here is that I'm including the header in the test, which means that code will be in the object code of the test, while the implementation part will be in the linked dynamic library which is why these are pointing to different areas in memory. The one retreived by the function call will use the ### Goma I've goma referenced in a number of places so just makeing a note of what it is here: Goma is googles internal distributed compile service. ### WebAssembly This section is going to take a closer look at how wasm works in V8. We can use a wasm module like this:  const buffer = fixtures.readSync('add.wasm'); const module = new WebAssembly.Module(buffer); const instance = new WebAssembly.Instance(module); instance.exports.add(3, 4);  Where is the WebAssembly object setup? We have sen previously that objects and function are added in src/init/bootstrapper.cc and for Wasm there is a function named Genisis::InstallSpecialObjects which calls:  WasmJs::Install(isolate, true);  This call will land in src/wasm/wasm-js.cc where we can find: void WasmJs::Install(Isolate* isolate, bool exposed_on_global_object) { ... Handle<String> name = v8_str(isolate, "WebAssembly") ... NewFunctionArgs args = NewFunctionArgs::ForFunctionWithoutCode( name, isolate->strict_function_map(), LanguageMode::kStrict); Handle<JSFunction> cons = factory->NewFunction(args); JSFunction::SetPrototype(cons, isolate->initial_object_prototype()); Handle<JSObject> webassembly = factory->NewJSObject(cons, AllocationType::kOld); JSObject::AddProperty(isolate, webassembly, factory->to_string_tag_symbol(), name, ro_attributes); InstallFunc(isolate, webassembly, "compile", WebAssemblyCompile, 1); InstallFunc(isolate, webassembly, "validate", WebAssemblyValidate, 1); InstallFunc(isolate, webassembly, "instantiate", WebAssemblyInstantiate, 1); ... Handle<JSFunction> module_constructor = InstallConstructorFunc(isolate, webassembly, "Module", WebAssemblyModule); ... }  And all the rest of the functions that are available on the WebAssembly object are setup in the same function. (lldb) br s -name Genesis::InstallSpecialObjects  Now, lets also set a break point in WebAssemblyModule: (lldb) br s -n WebAssemblyModule (lldb) r   v8::Isolate* isolate = args.GetIsolate(); i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate); if (i_isolate->wasm_module_callback()(args)) return;  Notice the wasm_module_callback() function which is a function that is setup on the internal Isolate in src/execution/isolate.h: #define ISOLATE_INIT_LIST(V) \ ... V(ExtensionCallback, wasm_module_callback, &NoExtension) \ V(ExtensionCallback, wasm_instance_callback, &NoExtension) \ V(WasmStreamingCallback, wasm_streaming_callback, nullptr) \ V(WasmThreadsEnabledCallback, wasm_threads_enabled_callback, nullptr) \ V(WasmLoadSourceMapCallback, wasm_load_source_map_callback, nullptr) #define GLOBAL_ACCESSOR(type, name, initialvalue) \ inline type name() const { \ DCHECK(OFFSET_OF(Isolate, name##_) == name##_debug_offset_); \ return name##_; \ } \ inline void set_##name(type value) { \ DCHECK(OFFSET_OF(Isolate, name##_) == name##_debug_offset_); \ name##_ = value; \ } ISOLATE_INIT_LIST(GLOBAL_ACCESSOR) #undef GLOBAL_ACCESSOR  So this would be expanded by the preprocessor into: inline ExtensionCallback wasm_module_callback() const { ((void) 0); return wasm_module_callback_; } inline void set_wasm_module_callback(ExtensionCallback value) { ((void) 0); wasm_module_callback_ = value; }  Also notice that if wasm_module_callback() return true the WebAssemblyModule fuction will return and no further processing of the instructions in that function will be done. NoExtension is a function that looks like this: bool NoExtension(const v8::FunctionCallbackInfo<v8::Value>&) { return false; }  And is set as the default function for module/instance callbacks. Looking a little further we can see checks for WASM Threads support (TODO: take a look at this). And then we have:  module_obj = i_isolate->wasm_engine()->SyncCompile( i_isolate, enabled_features, &thrower, bytes);  SyncCompile can be found in src/wasm/wasm-engine.cc and will call DecodeWasmModule which can be found in src/wasm/module-decoder.cc. ModuleResult result = DecodeWasmModule(enabled, bytes.start(), bytes.end(), false, kWasmOrigin, isolate->counters(), allocator());  ModuleResult DecodeWasmModule(const WasmFeatures& enabled, const byte* module_start, const byte* module_end, bool verify_functions, ModuleOrigin origin, Counters* counters, AccountingAllocator* allocator) { ... ModuleDecoderImpl decoder(enabled, module_start, module_end, origin); return decoder.DecodeModule(counters, allocator, verify_functions);  DecodeModuleHeader:  uint32_t magic_word = consume_u32("wasm magic");  This will land in src/wasm/decoder.h consume_little_endian(name):   A wasm module has the following preamble: magic nr: 0x6d736100 version: 0x1  These can be found as a constant in src/wasm/wasm-constants.h: constexpr uint32_t kWasmMagic = 0x6d736100; constexpr uint32_t kWasmVersion = 0x01;  After the DecodeModuleHeader the code will iterate of the sections (type, import, function, table, memory, global, export, start, element, code, data, custom). For each section DecodeSection will be called: DecodeSection(section_iter.section_code(), section_iter.payload(), offset, verify_functions);  There is an enum named SectionCode in src/wasm/wasm-constants.h which contains the various sections which is used in switch statement in DecodeSection . Depending on the section_code there are DecodeSection methods that will be called. In our case section_code is: (lldb) expr section_code (v8::internal::wasm::SectionCode)$5 = kTypeSectionCode


And this will match the kTypeSectionCode and DecodeTypeSection will be called.

ValueType can be found in src/wasm/value-type.h and there are types for each of the currently supported types:

constexpr ValueType kWasmI32 = ValueType(ValueType::kI32);
constexpr ValueType kWasmI64 = ValueType(ValueType::kI64);
constexpr ValueType kWasmF32 = ValueType(ValueType::kF32);
constexpr ValueType kWasmF64 = ValueType(ValueType::kF64);
constexpr ValueType kWasmAnyRef = ValueType(ValueType::kAnyRef);
constexpr ValueType kWasmExnRef = ValueType(ValueType::kExnRef);
constexpr ValueType kWasmFuncRef = ValueType(ValueType::kFuncRef);
constexpr ValueType kWasmNullRef = ValueType(ValueType::kNullRef);
constexpr ValueType kWasmS128 = ValueType(ValueType::kS128);
constexpr ValueType kWasmStmt = ValueType(ValueType::kStmt);
constexpr ValueType kWasmBottom = ValueType(ValueType::kBottom);


FunctionSig is declared with a using statement in value-type.h:

using FunctionSig = Signature<ValueType>;


We can find Signature in src/codegen/signature.h:

template <typename T>
class Signature : public ZoneObject {
public:
constexpr Signature(size_t return_count, size_t parameter_count,
const T* reps)
: return_count_(return_count),
parameter_count_(parameter_count),
reps_(reps) {}


The return count can be zero, one (or greater if multi-value return types are enabled). The parameter count also makes sense, but reps is not clear to me what that represents.

(lldb) fr v
(v8::internal::Signature<v8::internal::wasm::ValueType> *) this = 0x0000555555583950
(size_t) return_count = 1
(size_t) parameter_count = 2
(const v8::internal::wasm::ValueType *) reps = 0x0000555555583948


Before the call to Signatures construtor we have:

    // FunctionSig stores the return types first.
ValueType* buffer = zone->NewArray<ValueType>(param_count + return_count);
uint32_t b = 0;
for (uint32_t i = 0; i < return_count; ++i) buffer[b++] = returns[i];
for (uint32_t i = 0; i < param_count; ++i) buffer[b++] = params[i];

return new (zone) FunctionSig(return_count, param_count, buffer);


So reps_ contains the return (re?) and the params (ps?).

After the DecodeWasmModule has returned in SyncCompile we will have a ModuleResult. This will be compiled to NativeModule:

ModuleResult result =
DecodeWasmModule(enabled, bytes.start(), bytes.end(), false, kWasmOrigin,
isolate->counters(), allocator());
Handle<FixedArray> export_wrappers;
std::shared_ptr<NativeModule> native_module =
CompileToNativeModule(isolate, enabled, thrower,
std::move(result).value(), bytes, &export_wrappers);


CompileToNativeModule can be found in module-compiler.cc

TODO: CompileNativeModule...

There is an example in wasm_test.cc.

### ExtensionCallback

Is a typedef defined in include/v8.h:

typedef bool (*ExtensionCallback)(const FunctionCallbackInfo<Value>&);


### JSEntry

TODO: This section should describe the functions calls below.

 * frame #0: 0x00007ffff79a52e4 libv8.sov8::(anonymous namespace)::WebAssemblyModule(v8::FunctionCallbackInfo<v8::Value> const&) [inlined] v8::FunctionCallbackInfo<v8::Value>::GetIsolate(this=0x00007fffffffc9a0) const at v8.h:11204:40
frame #1: 0x00007ffff79a52e4 libv8.sov8::(anonymous namespace)::WebAssemblyModule(args=0x00007fffffffc9a0) at wasm-js.cc:638
frame #2: 0x00007ffff6fe9e92 libv8.sov8::internal::FunctionCallbackArguments::Call(this=0x00007fffffffca40, handler=CallHandlerInfo @ 0x00007fffffffc998) at api-arguments-inl.h:158:3
frame #3: 0x00007ffff6fe7c42 libv8.sov8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<true>(isolate=<unavailable>, function=Handle<v8::internal::HeapObject> @ 0x00007fffffffca20, new_target=<unavailable>, fun_data=<unavailable>, receiver=<unavailable>, args=BuiltinArguments @ 0x00007fffffffcae0) at builtins-api.cc:111:36
frame #4: 0x00007ffff6fe67d4 libv8.sov8::internal::Builtin_Impl_HandleApiCall(args=BuiltinArguments @ 0x00007fffffffcb20, isolate=0x00000f8700000000) at builtins-api.cc:137:5
frame #5: 0x00007ffff6fe6319 libv8.sov8::internal::Builtin_HandleApiCall(args_length=6, args_object=0x00007fffffffcc10, isolate=0x00000f8700000000) at builtins-api.cc:129:1
frame #6: 0x00007ffff6b2c23f libv8.soBuiltins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 63
frame #7: 0x00007ffff68fde25 libv8.soBuiltins_JSBuiltinsConstructStub + 101
frame #8: 0x00007ffff6daf46d libv8.soBuiltins_ConstructHandler + 1485
frame #9: 0x00007ffff690e1d5 libv8.soBuiltins_InterpreterEntryTrampoline + 213
frame #10: 0x00007ffff6904b5a libv8.soBuiltins_JSEntryTrampoline + 90
frame #11: 0x00007ffff6904938 libv8.soBuiltins_JSEntry + 120
frame #12: 0x00007ffff716ba0c libv8.sov8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) [inlined] v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**>::Call(this=<unavailable>, args=17072495001600, args=<unavailable>, args=17072631376141, args=17072630006049, args=<unavailable>, args=<unavailable>) at simulator.h:142:12
frame #13: 0x00007ffff716ba01 libv8.sov8::internal::(anonymous namespace)::Invoke(isolate=<unavailable>, params=0x00007fffffffcf50)::InvokeParams const&) at execution.cc:367
frame #14: 0x00007ffff716aa10 libv8.sov8::internal::Execution::Call(isolate=0x00000f8700000000, callable=<unavailable>, receiver=<unavailable>, argc=<unavailable>, argv=<unavailable>) at execution.cc:461:10


### CustomArguments

Subclasses of CustomArguments, like PropertyCallbackArguments and FunctionCallabackArguments are used for setting up and accessing values on the stack, and also the subclasses provide methods to call various things like CallNamedSetter for PropertyCallbackArguments and Call for FunctionCallbackArguments.

#### FunctionCallbackArguments

class FunctionCallbackArguments
: public CustomArguments<FunctionCallbackInfo<Value> > {
FunctionCallbackArguments(internal::Isolate* isolate, internal::Object data,
internal::HeapObject callee,
internal::Object holder,
internal::HeapObject new_target,


This class is in the namespace v8::internal so I'm curious why the explicit namespace is used here?

#### BuiltinArguments

This class extends JavaScriptArguments

class BuiltinArguments : public JavaScriptArguments {
public:
: Arguments(length, arguments) {

static constexpr int kNewTargetOffset = 0;
static constexpr int kTargetOffset = 1;
static constexpr int kArgcOffset = 2;
static constexpr int kPaddingOffset = 3;

static constexpr int kNumExtraArgs = 4;
static constexpr int kNumExtraArgsWithReceiver = 5;


JavaScriptArguments is declared in src/common/global.h:

using JavaScriptArguments = Arguments<ArgumentsType::kJS>;


Arguments can be found in src/execution/arguments.hand is templated with the a type of ArgumentsType (in src/common/globals.h):

enum class ArgumentsType {
kRuntime,
kJS,
};


An instance of Arguments only has a length which is the number of arguments, and an Address pointer which points to the first argument. The functions it provides allows for getting/setting specific arguments and handling various types (like Handle<S>, smi, etc). It also overloads the operator[] allowing to specify an index and getting back an Object to that argument. In BuiltinArguments the constants specify the index's and provides functions to get them:

  inline Handle<Object> receiver() const;
inline Handle<JSFunction> target() const;
inline Handle<HeapObject> new_target() const;


### NativeContext

Can be found in src/objects/contexts.h and has the following definition:

class NativeContext : public Context {
public:

inline OSROptimizedCodeCache GetOSROptimizedCodeCache();
void ResetErrorsThrown();
void IncrementErrorsThrown();
int GetErrorsThrown();


src/parsing/parser.h we can find:

class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
...
enum CompletionKind {
kNormalCompletion,
kThrowCompletion,
kAbruptCompletion
};
`

But I can't find any usages of this enum?

#### Internal fields/methods

When you see something like [[Notation]] you can think of this as a field in an object that is not exposed to JavaScript user code but internal to the JavaScript engine. These can also be used for internal methods.

Author: Danbev
Source Code: https://github.com/danbev/learning-v8