Ah, looks like we can follow existing map transitions without entering
ic.cc code.
Adding --nolazy-feedback-allocation should disable that.
On Fri, Nov 11, 2022 at 9:02 PM Filip Petronijevic <
fpetronijevic661...@raf.rs> wrote:
> Thank you for the reply. I have one very weird problem (not sure if its a
> bug).
> I ran Chromium with arguments you told me and args.gn setup and when I
> run this code
>
> var obj143 = {};
> obj143["test"] = {test: 1, test2: 2, test3: 3};
>
> var obj221 = {};
> obj221["test"] = {test3: 14, test5: 23, test6: 322222};
>
> var obj343 = {};
> obj343["test"] = "test13"
>
> For some weird reason the third "test" never gets printed and it never
> enters StoreIC::Store() function nor Object::SetProperty. What is the
> reason for this? I print all keys that ever come in but third one never
> enters for some reason. I also hooked into SetProperty hoping it will go in
> there but it never does. Is there any other function I can hook where I can
> have a guarantee all property sets will go through?
>
> On Friday, November 11, 2022 at 2:49:09 PM UTC+1 Jakob Kummerow wrote:
>
>> On Fri, Nov 11, 2022 at 1:15 PM Filip Petronijevic <fpetronij...@raf.rs>
>> wrote:
>>
>>> I treced down 'job' macro from tools/gdbinit and I found out it calls in
>>> the end
>>> https://source.chromium.org/chromium/chromium/src/+/main:v8/src/objects/objects.h;drc=a0dedabb214a245c792009e64baf333c7e8d7357;l=679
>>>
>>> which is shortPrint. This still doesn't show me all level depths of an
>>> object but rather first levels of representation and their
>>> corresponding addresses.
>>>
>>
>> Yes.
>>
>>
>>> Do I have to manually go in these recursive depths or is there any
>>> better way like to Stringify it? I'm trying to Stringify this *value *object
>>> located in
>>> https://source.chromium.org/chromium/chromium/src/+/main:v8/src/ic/ic.cc;l=1847;bpv=1;bpt=0?q=ic.cc&ss=chromium%2Fchromium%2Fsrc:v8%2F
>>> but I have hard times converting it to a String
>>>
>>
>> I don't know of a JSON.stringify equivalent for use in GDB. As I said,
>> I'd inspect objects manually, level by level. If you find that you're
>> spending too much time doing that, you could build your own tooling, e.g. a
>> function that has a similar entry point as _v8_internal_Print_Object and
>> internally wraps JsonStringify() and printf()s the result to stdout.
>>
>>
>>> On Fri, Nov 11, 2022 at 12:26 PM Jakob Kummerow <jkum...@chromium.org>
>>> wrote:
>>>
>>>> Thanks! I found this StoreIC::Store() function just yesterday while
>>>>> debugging in D8 and it works even without (--nouse-ic flag), even though I
>>>>> have no clue what this flag does as I can't find it in docs. But this
>>>>> tracks all of the keys and objects created.
>>>>
>>>>
>>>> No, it won't catch all of them without the flag, but if it catches the
>>>> ones you care about, that's good enough.
>>>>
>>>>
>>>>> The main problem now is the following line of code in StoreIC::Store()
>>>>> function (
>>>>> https://source.chromium.org/chromium/chromium/src/+/main:v8/src/ic/ic.cc;l=1847;bpv=1;bpt=0?q=ic.cc&ss=chromium%2Fchromium%2Fsrc:v8%2F
>>>>> )
>>>>>
>>>>> When I cast this object (value) into JSObject and do shortPrint or
>>>>> PrintProperties() it doesn't take in account all properties if for example
>>>>> its recursive object like this test: {test1: { test2: "testhelloworld" } }
>>>>> but rather it prints just test and gives memory lolcation to test1. I can
>>>>> obviously recursively do this, but is there any prittier way of doing this
>>>>> like via some JSON stringify function?
>>>>>
>>>>
>>>> I'd just inspect objects manually, using the `job` macro from
>>>> tools/gdbinit.
>>>>
>>>>
>>>>> I found such JSON stringify function here
>>>>> https://source.chromium.org/chromium/chromium/src/+/main:v8/src/json/json-stringifier.h;bpv=1;bpt=0
>>>>> but I have very hard trouble in passing arguments to this function and
>>>>> printing String out of it as it return MaybeHandle object. Any help here
>>>>> would be appreciated.
>>>>>
>>>>
>>>> Appending `.ToHandleChecked()` may be of use here (if the
>>>> stringification doesn't throw), but yeah, invoking such functions in GDB
>>>> tends to not work.
>>>>
>>>>
>>>>> On Friday, November 11, 2022 at 11:47:33 AM UTC+1 Jakob Kummerow wrote:
>>>>>
>>>>>> Maps don't keep lists of the objects that use them. To find all
>>>>>> objects that use a given map, you'd have to walk the entire heap to find
>>>>>> all objects, and filter them by map.
>>>>>>
>>>>>> Considering your previous question, I'm not sure finding all objects
>>>>>> that use a given map will actually be helpful. A possible way to
>>>>>> intercept
>>>>>> creation of properties with a given name (e.g. "mainkey") would be to run
>>>>>> with `--nouse-ic` and put a breakpoint on StoreIC::Store(). This is
>>>>>> (obviously?) not an officially supported feature, and I haven't tried it,
>>>>>> so you may encounter obstacles or limitations of the approach, but it
>>>>>> might
>>>>>> at least get you a little further.
>>>>>>
>>>>>> I guess you'd need this in Chrome, not just d8, so the full workflow
>>>>>> is:
>>>>>> - build a Debug build of Chrome. Be sure to set v8_optimized_debug =
>>>>>> false in args.gn beforehand.
>>>>>> - run with each renderer in a debugger: out/debug/chrome
>>>>>> --no-sandbox --disable-hang-monitor --disable-extensions
>>>>>> --js-flags="--nouse-ic" --renderer-cmd-prefix="xterm -e gdb -args"
>>>>>> - bring a large amount of patience to both of these steps, and have
>>>>>> enough RAM in your machine (64GB is good, dunno if 32GB is enough)
>>>>>>
>>>>>> Good luck!
>>>>>>
>>>>>>
>>>>>> On Wed, Nov 9, 2022 at 3:19 PM Filip Petronijevic <
>>>>>> fpetronij...@raf.rs> wrote:
>>>>>>
>>>>>>> Ok, I'll explain what problem I have and if there is any way of
>>>>>>> solving it.
>>>>>>>
>>>>>>> Imagine I have following Javascript code:
>>>>>>>
>>>>>>> var obj1= {}
>>>>>>> obj1["mainkey"] = {canvasComputed: "oewrewqioewrerqewjoijiqerw",
>>>>>>> todata: "somerandomdata"}
>>>>>>>
>>>>>>> var obj2= {}
>>>>>>> obj2["mainkey"] = "some big string"
>>>>>>>
>>>>>>> var obj3 = {}
>>>>>>> obj3['mainkey'] = {test: {test1:"somestring"}, test2: 3432}
>>>>>>>
>>>>>>>
>>>>>>> I have 3 objects, they all share same Map. My question is if I know
>>>>>>> what memory space this Map has, If I can use that to recursively find
>>>>>>> all
>>>>>>> property values of all objects that share that same Map? In this case to
>>>>>>> list obj1's property values (canvasComputed, toData), obj2 property
>>>>>>> values
>>>>>>> (1 string) and obj3 property values(test object along with string
>>>>>>> test2)
>>>>>>> ?
>>>>>>>
>>>>>>> Or the only way I can list own properties of these objects is if I
>>>>>>> know exact memory location of each of them? Is there any way I could
>>>>>>> traverse from their Map or something they share in common (only mainkey
>>>>>>> key) and use this fact to find all property values that hold mainkey as
>>>>>>> a
>>>>>>> key?
>>>>>>>
>>>>>>>
>>>>>>> When I do %DebugPrint(obj1) I can see its property values and that
>>>>>>> this object shares same map as other objects, but I'm trying to find a
>>>>>>> way
>>>>>>> to generalize this by starting from some common memory slot they all
>>>>>>> share
>>>>>>> and traverse up recursively or whatever to get all property values?
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> --
>>>>>
>>>> --
> --
> v8-users mailing list
> v8-users@googlegroups.com
> http://groups.google.com/group/v8-users
> ---
> You received this message because you are subscribed to the Google Groups
> "v8-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to v8-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/v8-users/3eed0df2-3fb2-463a-8b44-24e219a58eb1n%40googlegroups.com
> <https://groups.google.com/d/msgid/v8-users/3eed0df2-3fb2-463a-8b44-24e219a58eb1n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-users/CAKSzg3Q4P2FtcXHLKO-EKySqAr30U-g%2BN0hUkJDi3Zg%3De9DqwA%40mail.gmail.com.
