My Favorite Bugs: Invalid Surrogate Pairs • George MandisIf you're in the business of building things that run on computers long enough, I think you will eventually acquire a favorite bug story. This is a short story about mine. I've also built an interactive tool where you can explore the concepts underpinning the heart of this bug.<br>The bug: two emoji enter, none leave<br>I was working on migrating a legacy editor to a more collaborative experience with my team. TipTap on top (itself a wrapper around ProseMirror), Yjs underneath handling the CRDT magic for real-time syncing. It worked well! Mostly.<br>In our alpha/early release days, when it was still mostly internal and/or early rollout users, sometimes the editor would just stop saving your content. Silently. You'd keep typing and everything looked fine, but your edits stopped syncing to the Yjs document. The next time you opened the page, everything you'd written after the failure point was gone.<br>It was utterly terrifying, very rare and almost impossible to diagnose because we could never recreate it. We really tried! My early suspicions generally revolved around shaky wifi connections and wonky websocket behaviors, but no amount of throttling or turning my wifi on and off seemed to recreate the issue. The experience was surprisingly resilient in those scenarios, in my memory. It felt like it happened randomly, never when anyone was looking. No obvious errors picked up in the console, no stack trace, no crash. Just... "Hey, I think my changes didn't save."<br>Then one day our product manager cracked it. This was not a trivial thing to find. He'd been experiencing it more than anyone else (probably because he was the best at dogfooding our product) and had been methodically narrowing it down.<br>"I feel like I'm going crazy, but I think it's when I type specific characters together, go back and insert a character between them..."<br>He'd been using 🟢 and 🔴 in his weekly project status emails to communicate general health. Green for on-track, red for at-risk. Every week the template he was using had both characters already present and he would simply remove the one he didn't need (Generally the red one, I am happy to say!).<br>On this occasion he'd copied the green circle and pasted it in front of the red one at some point, or maybe vice versa. That specific operation— inserting one multi-byte emoji adjacent to another— was triggering a splice in the underlying CRDT library, which split a surrogate pair down the middle.<br>I remember being on the call when he showed this to me and one of my direct reports who'd been toiling away at the collaborative editing transition. I must've gotten a little too excited—I live for esoteric bugs—"I feel like you got energized by this," he said. He wasn't wrong.<br>Adding to the fun, not every emoji triggered it. Only the ones above U+FFFF that required surrogate pairs. And not all edits resulted in the problem either—only the ones that caused a splice at exactly the wrong byte offset. It was a wild one to debug before we knew what was going on.<br>Code units, code points, and grapheme clusters<br>So what was going on? What does "ones above U+FFFF" in that last paragraph even mean? What byte offsets?<br>To understand this bug we need to introduce three pieces of vocabulary:<br>Code Units → Code Points → Grapheme Clusters<br>Code units are the raw 16-bit values that JavaScript uses to store strings internally (UTF-16). This is what .length counts. This is what .slice() and .charCodeAt() operate on as well. JavaScript operates at the code unit level by default<br>Code points are what Unicode actually defines as a single character. A code point like U+1F920 (🤠) is one character in Unicode's view, but it's too big to fit in a single 16-bit code unit. So UTF-16 splits it into two code units called a surrogate pair : a high surrogate and a low surrogate. Simple ASCII characters and a lot of common symbols fit in one code unit, so the distinction doesn't matter for them. Emoji, though? Almost always two.<br>Grapheme clusters are what a human perceives as "one character." The female astronaut 👩‍🚀 looks like one character but is actually three code points glued together: 👩 (woman) + a zero-width joiner + 🚀 (rocket). Five code units, three code points, one grapheme. The deceptively simple 👨‍👨‍👧‍👧 (Family: Man, Man, Girl, Girl) emoji is an impressive eleven! The enigmatic ☃ is 1.<br>Here's how those numbers diverge:<br>Code unitsCode pointsGraphemesA111🤠211👩‍🚀531👨‍👨‍👧‍👧1171I will pause to once again plugin the interactive surrogate explorer I alluded to at the top. You can type any emoji and see this breakdown yourself!

How .slice() breaks things<br>The cowboy 🤠 is one code point stored as two code units (a surrogate pair). If you slice between them:<br>"🤠".slice(0, 1); // → '\uD83E' (lone high surrogate)<br>"🤠".slice(1, 2); // → '\uDD20' (lone low surrogate)<br>Those fragments aren't valid characters. They're half a pair with no partner. On their own they render as...