Search code examples
v8

Where is "instance size" stored?

According to the map layout, it seems to be the first byte of the next field of TaggedPointer to map. Even if I look at the address of the value output by DebugPrint in heap memory, I can't confirm "16" value.

var a = {message: "hello"};
%DebugPrint(a);

DebugPrint object a map

Solution

  • Have a look at the implementation:

    int Map::instance_size_in_words() const {
  return RELAXED_READ_BYTE_FIELD(*this, kInstanceSizeInWordsOffset);
}

int Map::instance_size() const {
  return instance_size_in_words() << kTaggedSizeLog2;
}

    So the instance size is stored as a number of words, not a number of bytes, and kInstanceSizeInWordsOffset is 4. So, in your output:

    0x...95D8:  61 00 00 00 04 03 ...
                        ^^

    That fifth byte 04 is the instance size (in words; each word is 4 bytes thanks to pointer compression).

    Since this field in the map is only one byte large, the maximum instance size that can be stored this way is 255 words (or 1020 bytes). Larger objects need to use a different mechanism, see SizeFromMap for the details.