On 05/02/2016 11:32 PM, Nicholas Nethercote wrote:
On Thu, Apr 28, 2016 at 10:35 PM, Nicolas B. Pierron
<nicolas.b.pier...@mozilla.com> wrote:
For the JIT, what would improve our life a lot, would be if we could dump
the code of the compiled function which is currently being executed. If we
have that, I think we can make a tool to reverse engineer the trace of
functions used to generate the assembly code, and potentially walk back to
the LIR / Inline Cache which produced the code.
Good idea. How hard would this be? Should I file a bug?
The idea I had was to have a compilation mode where we instrument the
assembler buffer to record the sequences of stack traces with the sequences
of pushed bytes. Then use this information to build a markov chain for each
stack frames which is still live on the stack.
This way, the reverse engineering would be like a GLR-parser on an island
grammar expressed by the markov chains. Thus producing as an AST the
potential compilation traces for the code which produced the assembly
buffer. The markov chain should provide the likelyhood of each AST, and
also potentially help us by highlighting corrupted bytes.
I think such tool can be made in matters of weeks.
The big unknown for me is where can we find the bytes which are surrounding
the pc. Jan told me that we are already doing so, but I have no access to
such pool of information to experiment with it.
I think this would be something we should consider doing if we are going to
rewrite the MIR representation / the compiler, as I expect to do as part of
THM as its internal representation should be easy {de,}serialize.
> […]
>
(BTW, what is "THM"?)
Three Headed Monkey, the project which should revolutionize the way we write
compiler, but on which I have effectively no time to work on yet.
--
Nicolas B. Pierron
_______________________________________________
dev-tech-js-engine-internals mailing list
dev-tech-js-engine-internals@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
