Re: [webkit-dev] Bytecode Sequence for function.apply()
How would I go about building jsc in debug mode? Is it possible to build a standalone jsc shell? I'm using Qt Webkit, with the bulld-webkit and run-webkit scripts. Thank you for your help, - Maxime Oliver Hunt-2 wrote: If you have a debug build of jsc, you can run 'jsc -d' and that will dump the generated bytecode --Oliver On May 20, 2010, at 8:42 AM, Nyx wrote: I've been working on a tool to generate a trace of JavaScript executions, built on JavaScriptCore. I'm trying to log calls to all functions and their arguments. To do this, I've instrumented the op_call and op_call_varargs bytecodes in Interpreter.cpp. The problem I'm having is that if someone calls a native/host function through apply, I don't see the call. For example, the call: string.fromCharCode.apply(null, [65, 66, 67]); Doesn't seem to correspond to an op_call or op_call_varargs, so I'm wondering how this is handled in JavaScriptCore, what kind of bytecodes generated, and if somebody has any idea what I could do to log the unseen calls to native functions, short of instrumenting every native function in WebKit. -- View this message in context: http://old.nabble.com/Bytecode-Sequence-for-function.apply%28%29-tp28623075p28623075.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev -- View this message in context: http://old.nabble.com/Bytecode-Sequence-for-function.apply%28%29-tp28623075p28673826.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Bytecode Sequence for function.apply()
Well, I ran build-webkit with the --debug option, and when I try to run WebKit/WebKitBuild/Debug/JavaScriptCore/jsc , I get a failed assertion: ASSERTION FAILED: !isHostFunctionNonInline() (../../../JavaScriptCore/runtime/Executable.h:349 JSC::FunctionExecutable* JSC::JSFunction::jsExecutable() const) Is there a C++ I can call directly to get a bytecode dump of a JS function? - Maxime Ariya Hidayat wrote: How would I go about building jsc in debug mode? Is it possible to build a standalone jsc shell? See https://lists.webkit.org/pipermail/webkit-qt/2010-January/89.html for details. -- View this message in context: http://old.nabble.com/Bytecode-Sequence-for-function.apply%28%29-tp28623075p28675341.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] Bytecode Sequence for function.apply()
I've been working on a tool to generate a trace of JavaScript executions, built on JavaScriptCore. I'm trying to log calls to all functions and their arguments. To do this, I've instrumented the op_call and op_call_varargs bytecodes in Interpreter.cpp. The problem I'm having is that if someone calls a native/host function through apply, I don't see the call. For example, the call: string.fromCharCode.apply(null, [65, 66, 67]); Doesn't seem to correspond to an op_call or op_call_varargs, so I'm wondering how this is handled in JavaScriptCore, what kind of bytecodes generated, and if somebody has any idea what I could do to log the unseen calls to native functions, short of instrumenting every native function in WebKit. -- View this message in context: http://old.nabble.com/Bytecode-Sequence-for-function.apply%28%29-tp28623075p28623075.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Function Property Names
I'm looking for a way to map the bytecodes that the interpreter is running back to source positions, not the machine code generated by the JIT. At the very least, I'd like to know if I can uniquely identify specific bytecode instructions by their offset and the source id of the code block they belong to. Can multiple code blocks have the same source id, and can there be multiple code blocks for the same source code? - Maxime Zoltan Herczeg wrote: Hi, https://bugs.webkit.org/show_bug.cgi?id=32561 Zoltan Is there any way to map specific bytecode instruction instances to the position in the source code of the JavaScript code they correspond to? -- View this message in context: http://old.nabble.com/Function---Property-Names-tp28394250p28429934.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev -- View this message in context: http://old.nabble.com/Function---Property-Names-tp28394250p28435520.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Function Property Names
Is there any way to get the number of parameters a function has declared from a JSFunction object? I'm asking because I want to get the argument values a function is receiving in an op_call (in the interpreter). I copied this snipper of code for the case where a host function is called: Register* thisRegister = callFrame-registers() - RegisterFile::CallFrameHeaderSize - argCount; ArgList args(thisRegister + 1, argCount - 1); The problem is that argCount is the number of arguments passed, and so, if the function takes 5 arguments and 3 are passed, I'm not getting the first 2, only the last 3, two of which show up as undefined. Hence I believe I would need the number of arguments the function declares takes to properly compute the register offset. -- View this message in context: http://old.nabble.com/Function---Property-Names-tp28394250p28442878.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Function Property Names
Is there any way to map specific bytecode instruction instances to the position in the source code of the JavaScript code they correspond to? -- View this message in context: http://old.nabble.com/Function---Property-Names-tp28394250p28429934.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Disabling the JIT
chinmaya sn (chins) wrote: Just curious, how would you verify if JavaScript in your browser has JIT support or not? I added this in the interpreter constructor: #if ENABLE(JIT) printf(JIT enabled\n); #else printf(JIT disabled\n); #endif As an update. Building with JAVASCRIPTCORE_JIT=no works if I start from a fresh SVN checkout that hasn't been built without that option before. -- View this message in context: http://old.nabble.com/Disabling-the-JIT-tp28378562p28401613.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Function Property Names
Kent Hansen-2 wrote:
Works for me.
You can pass callFrame to name() if you want, the result is the same.
What does your JavaScript look like?
E.g., if you're using a function expression
Foo.prototype.bar = function() { ... }
Then that function isn't going to have a name, e.g. your op_call code
will print an empty string if you do f = new Foo(); f.bar();.
You could partially name it by doing
Foo.prototype.bar = function bar() { ... }
For function definitions (e.g. function foo() { ... } in global code),
the function is named accordingly.
Ah! I assumed it didn't work because there were alot of empty strings and
strange two letter names. I didn't realize the JavaScript code for
google.com is actually obfuscated.
Now I just need a way to get variable and property names...
By the way, is there some interpreter function somewhere that gets called
when a new page is loaded? I'm assuming a page load causes all the current
code to be unloaded?
--
View this message in context:
http://old.nabble.com/Function---Property-Names-tp28394250p28401921.html
Sent from the Webkit mailing list archive at Nabble.com.
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] Function Property Names
I'm in the process of writing a program to analyze traces of JavaScript code. This involves logging events that occur in the interpreter. Currently, I'm trying to just log function calls and property accesses. However, I'm unsure exactly how to go about getting the names (identifiers) associated with functions (and properties). I wrote the following piece of code just to test things out, which I inserted in Interpreter.cpp, in the definition of the op_call opcode, after the vPC = newCodeBlock-instructions().begin(); line: JSGlobalObject* globalObject = callFrame-scopeChain()-globalObject; printf(Function call: %s\n, asFunction(v)-name(globalObject-globalExec()).ascii()); printf(%s\n, newCodeBlock-ownerExecutable()-sourceURL().ascii()); printf(%i\n, newCodeBlock-ownerExecutable()-lineNo()); My goal was to report the name of the function being called each time an op_call is executed. However, this does not report the function names correctly. My guess is that I'm passing the wrong value to InternalFunction::name(). Can anyone tell me what I'm doing wrong here? I'm rather unfamiliar with the WebKit code. -- View this message in context: http://old.nabble.com/Function---Property-Names-tp28394250p28394250.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Disabling the JIT
If you want to set the flags manually, you should write CXXFLAGS+=... instead of CXXFLAGS=. Thanks. I will be trying that. However, the first method what you tried is right, so if it is crashing then smg wrong with the JIT. What platform (Architecture, OS, qt-version) do you use? Ubuntu 9.10, x86 32 bit, qt package is libqt4-dev (4.5.3). I would assume the problem is in fact with the JIT, because it happens when I browse away from the blank page to google.com, which is when the JavaScript interpreter gets instantiated. By the way, I intend to be messing around with the interpreter a fair bit. Is running buld-webkit every time I make a change to the source really the way to go about this, or is there a more efficient way? -- View this message in context: http://old.nabble.com/Disabling-the-JIT-tp28378562p28379151.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Disabling the JIT
Another way would be to set export QMAKEARGS=$QMAKEARGS DEFINES+=ENABLE_JIT=0 before building. Will try it too. That is strange. Did you checkout the source from svn? Did you mess around in the code? Yes. I checked it out last night from the trunk. -- View this message in context: http://old.nabble.com/Disabling-the-JIT-tp28378562p28380211.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Disabling the JIT
Another way would be to set export QMAKEARGS=$QMAKEARGS DEFINES+=ENABLE_JIT=0 before building. Ok. I tried this approach. I have a build script that looks like this: QTDIR=/usr/share/qt4/ export QMAKEARGS=$QMAKEARGS DEFINES+=ENABLE_JIT=0 WebKit/WebKitTools/Scripts/build-webkit --qt It builds, but the JIT is not disabled. It seems that the new argument is simply ignored. I also tried adding #define ENABLE_JIT 0 at the top of the Interpreter.cpp file in JavaScriptCore. This builds, but produces a segmentation fault. I will try doing the WebKit/WebKitTools/Scripts/build-webkit --qt JAVASCRIPTCORE_JIT=no with a fresh SVN checkout... Is there any equivalent of make clean script, as a completment to build-webkit? -- View this message in context: http://old.nabble.com/Disabling-the-JIT-tp28378562p28382091.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
