当前位置: 文江博客话题详情

如何查看v8生成的机器码?

发布于 2024-07-08 19:35:06 字数 181 浏览 5 评论 0原文

有谁知道我如何查看 v8 从 Javascript 生成的实际机器代码? 我已经到达 src/api.cc 中的 Script::Compile() 但我不知道从那里去哪里。

原文

Does anybody know how I can see the actual machine code that v8 generates from Javascript? I've gotten as far as Script::Compile() in src/api.cc but I can't figure out where to go from there.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

谢绝鈎搭 2024-07-15 19:35:06

我不知道如何从 C++ 代码中调用反汇编程序,但是有一种快速而肮脏的方法可以从 shell 中获取反汇编结果。

首先,使用反汇编器支持编译 v8:

scons [your v8 build options here] disassembler=on sample=shell

现在您可以使用“--print_code”选项调用 shell:

./shell --print_code hello.js

这应该给您类似这样的结果:

--- Raw source ---
print("hello world");

--- Code ---
kind = FUNCTION
Instructions (size = 134)
0x2ad0a77ceea0     0  55             push rbp
0x2ad0a77ceea1     1  488bec         REX.W movq rbp,rsp
0x2ad0a77ceea4     4  56             push rsi
0x2ad0a77ceea5     5  57             push rdi
0x2ad0a77ceea6     6  49ba59c13da9d02a0000 REX.W movq r10,0x2ad0a93dc159    ;; object: 0xa93dc159 <undefined>
0x2ad0a77ceeb0    16  4952           REX.W push r10
0x2ad0a77ceeb2    18  49ba688b700000000000 REX.W movq r10,0x708b68
0x2ad0a77ceebc    28  493b22         REX.W cmpq rsp,[r10]
0x2ad0a77ceebf    31  0f824e000000   jc 115  (0x2ad0a77cef13)
0x2ad0a77ceec5    37  488b462f       REX.W movq rax,[rsi+0x2f]
0x2ad0a77ceec9    41  4883ec18       REX.W subq rsp,0xlx
0x2ad0a77ceecd    45  49ba094b3ea9d02a0000 REX.W movq r10,0x2ad0a93e4b09    ;; object: 0xa93e4b09 <String[5]: print>
0x2ad0a77ceed7    55  4c8955e0       REX.W movq [rbp-0x20],r10
0x2ad0a77ceedb    59  488945d8       REX.W movq [rbp-0x28],rax
0x2ad0a77ceedf    63  49ba014d3ea9d02a0000 REX.W movq r10,0x2ad0a93e4d01    ;; object: 0xa93e4d01 <String[11]: hello world>
0x2ad0a77ceee9    73  4c8955d0       REX.W movq [rbp-0x30],r10
0x2ad0a77ceeed    77  49baa06c7ba7d02a0000 REX.W movq r10,0x2ad0a77b6ca0    ;; debug: statement 0
                                 ;; code: contextual, CALL_IC, UNINITIALIZED, argc = 1
0x2ad0a77ceef7    87  49ffd2         REX.W call r10
0x2ad0a77ceefa    90  488b75f8       REX.W movq rsi,[rbp-0x8]
0x2ad0a77ceefe    94  4883c408       REX.W addq rsp,0xlx
0x2ad0a77cef02    98  488945e8       REX.W movq [rbp-0x18],rax
0x2ad0a77cef06   102  488be5         REX.W movq rsp,rbp      ;; js return
0x2ad0a77cef09   105  5d             pop rbp
0x2ad0a77cef0a   106  c20800         ret 0x8
0x2ad0a77cef0d   109  cc             int3
0x2ad0a77cef0e   110  cc             int3
0x2ad0a77cef0f   111  cc             int3
0x2ad0a77cef10   112  cc             int3
0x2ad0a77cef11   113  cc             int3
0x2ad0a77cef12   114  cc             int3
0x2ad0a77cef13   115  49ba60657ba7d02a0000 REX.W movq r10,0x2ad0a77b6560    ;; code: STUB, StackCheck, minor: 0
0x2ad0a77cef1d   125  49ffd2         REX.W call r10
0x2ad0a77cef20   128  488b7df0       REX.W movq rdi,[rbp-0x10]
0x2ad0a77cef24   132  eb9f           jmp 37  (0x2ad0a77ceec5)

RelocInfo (size = 10)
0x2ad0a77ceea8  embedded object  (0xa93dc159 <undefined>)
0x2ad0a77ceecf  embedded object  (0xa93e4b09 <String[5]: print>)
0x2ad0a77ceee1  embedded object  (0xa93e4d01 <String[11]: hello world>)
0x2ad0a77ceeed  statement position  (0)
0x2ad0a77ceeef  code target (context) (CALL_IC)  (0x2ad0a77b6ca0)
0x2ad0a77cef06  js return
0x2ad0a77cef15  code target (STUB)  (0x2ad0a77b6560)

hello world

当然,您的输出会有所不同。 以上来自为 Linux x64 编译的 v8 trunk。

I don't know how to invoke the disassembler from C++ code, but there is a quick-and-dirty way to get a disassembly from the shell.

First, compile v8 with disassembler support:

scons [your v8 build options here] disassembler=on sample=shell

Now you can invoke the shell with the "--print_code" option:

./shell --print_code hello.js

Which should give you something like this:

--- Raw source ---
print("hello world");

--- Code ---
kind = FUNCTION
Instructions (size = 134)
0x2ad0a77ceea0     0  55             push rbp
0x2ad0a77ceea1     1  488bec         REX.W movq rbp,rsp
0x2ad0a77ceea4     4  56             push rsi
0x2ad0a77ceea5     5  57             push rdi
0x2ad0a77ceea6     6  49ba59c13da9d02a0000 REX.W movq r10,0x2ad0a93dc159    ;; object: 0xa93dc159 <undefined>
0x2ad0a77ceeb0    16  4952           REX.W push r10
0x2ad0a77ceeb2    18  49ba688b700000000000 REX.W movq r10,0x708b68
0x2ad0a77ceebc    28  493b22         REX.W cmpq rsp,[r10]
0x2ad0a77ceebf    31  0f824e000000   jc 115  (0x2ad0a77cef13)
0x2ad0a77ceec5    37  488b462f       REX.W movq rax,[rsi+0x2f]
0x2ad0a77ceec9    41  4883ec18       REX.W subq rsp,0xlx
0x2ad0a77ceecd    45  49ba094b3ea9d02a0000 REX.W movq r10,0x2ad0a93e4b09    ;; object: 0xa93e4b09 <String[5]: print>
0x2ad0a77ceed7    55  4c8955e0       REX.W movq [rbp-0x20],r10
0x2ad0a77ceedb    59  488945d8       REX.W movq [rbp-0x28],rax
0x2ad0a77ceedf    63  49ba014d3ea9d02a0000 REX.W movq r10,0x2ad0a93e4d01    ;; object: 0xa93e4d01 <String[11]: hello world>
0x2ad0a77ceee9    73  4c8955d0       REX.W movq [rbp-0x30],r10
0x2ad0a77ceeed    77  49baa06c7ba7d02a0000 REX.W movq r10,0x2ad0a77b6ca0    ;; debug: statement 0
                                 ;; code: contextual, CALL_IC, UNINITIALIZED, argc = 1
0x2ad0a77ceef7    87  49ffd2         REX.W call r10
0x2ad0a77ceefa    90  488b75f8       REX.W movq rsi,[rbp-0x8]
0x2ad0a77ceefe    94  4883c408       REX.W addq rsp,0xlx
0x2ad0a77cef02    98  488945e8       REX.W movq [rbp-0x18],rax
0x2ad0a77cef06   102  488be5         REX.W movq rsp,rbp      ;; js return
0x2ad0a77cef09   105  5d             pop rbp
0x2ad0a77cef0a   106  c20800         ret 0x8
0x2ad0a77cef0d   109  cc             int3
0x2ad0a77cef0e   110  cc             int3
0x2ad0a77cef0f   111  cc             int3
0x2ad0a77cef10   112  cc             int3
0x2ad0a77cef11   113  cc             int3
0x2ad0a77cef12   114  cc             int3
0x2ad0a77cef13   115  49ba60657ba7d02a0000 REX.W movq r10,0x2ad0a77b6560    ;; code: STUB, StackCheck, minor: 0
0x2ad0a77cef1d   125  49ffd2         REX.W call r10
0x2ad0a77cef20   128  488b7df0       REX.W movq rdi,[rbp-0x10]
0x2ad0a77cef24   132  eb9f           jmp 37  (0x2ad0a77ceec5)

RelocInfo (size = 10)
0x2ad0a77ceea8  embedded object  (0xa93dc159 <undefined>)
0x2ad0a77ceecf  embedded object  (0xa93e4b09 <String[5]: print>)
0x2ad0a77ceee1  embedded object  (0xa93e4d01 <String[11]: hello world>)
0x2ad0a77ceeed  statement position  (0)
0x2ad0a77ceeef  code target (context) (CALL_IC)  (0x2ad0a77b6ca0)
0x2ad0a77cef06  js return
0x2ad0a77cef15  code target (STUB)  (0x2ad0a77b6560)

hello world

Your output will vary, of course. The above is from the v8 trunk compiled for Linux x64.

回复 原文
小巷里的女流氓 2024-07-15 19:35:06

尝试使用 NodeJS 或 Chrome:

  1. -print-opt-code:优化编译器生成的代码。
  2. -print-bytecode:解释器生成的字节码。
  3. -trace-opt-trace-deopt :哪些函数被优化(去)优化。

查看@Franziska Hinkelmann 的这篇文章:

https://medium.com/dailyjs/understanding- v8s-bytecode-317d46c94775

此外,您还可以尝试

D8:它将帮助您编译 V8 并查看 JavaScript 生成的汇编代码。

有关用法和详细信息:

http:// /www.mattzeunert.com/2015/08/19/viewing-assemble-code- generated-by-v8.html

Try with NodeJS or Chrome:

  1. -print-opt-code: Code generated by optimizing compiler.
  2. -print-bytecode: Byte code generated by interpreter.
  3. -trace-opt and -trace-deopt : which functions are (de)optimized.

Check this article by @Franziska Hinkelmann :

https://medium.com/dailyjs/understanding-v8s-bytecode-317d46c94775

Additionally you can also try

D8: It will help you compile V8 and view the assembly code generated from JavaScript.

For usage and details:

http://www.mattzeunert.com/2015/08/19/viewing-assembly-code-generated-by-v8.html

回复 原文
冰葑 2024-07-15 19:35:06

您需要构建带有反汇编程序支持的 v8。

下载 v8 源代码。

git clone https://chromium.googlesource.com/v8/v8.git

使用反汇编程序支持进行构建。

make dependencies
make ia32.release objectprint=on disassembler=on

根据您的需要,使用某些标志调用 d8 (v8 shell)。

out/ia32.release/d8 --code-comments --print-code <app.js>

供参考:

  • --code-comments:包括代码注释。
  • --print-code:将代码打印到stdout
  • --print-code-stubs:打印代码存根。
  • --print-opt-code:打印优化代码。
  • --trace-Hydrogen:将 IR(中间表示)代码打印到 Hydrogen.cfg。 该文件可以使用 Java 的 C1Visualizer 打开。

You need to build v8 with disassembler support.

Download v8 source code.

git clone https://chromium.googlesource.com/v8/v8.git

Build with disassembler support.

make dependencies
make ia32.release objectprint=on disassembler=on

Call d8 (v8 shell) using certain flags, depending on what you want.

out/ia32.release/d8 --code-comments --print-code <app.js>

For reference:

  • --code-comments: includes code comments.
  • --print-code: prints out code to stdout.
  • --print-code-stubs: prints code stubs.
  • --print-opt-code: prints optimized code.
  • --trace-hydrogen: prints IR (intermediate representation) code to hydrogen.cfg. This file can be opened with Java's C1Visualizer.
回复 原文
私藏温柔 2024-07-15 19:35:06

我认为你走在正确的道路上。

看起来您需要从 Script::Compile 转到 Compiler::Compile,这将引导您到达代码生成器(codegen*.cc 和 .h)。

所有这些都是为了说明,查看 codegen-ia32.cc,如果您定义 ENABLE_DISASSEMBLER
我认为,当你构建时,你的反汇编应该被打印出来。

当然,所有这些都只是快速浏览我这里的旧源代码副本,所以 YMMV,但我认为这应该可行。

(再次查看您的帖子,我发现您正在寻找机器语言,而不是汇编程序 - 我不确定,但如果您想要汇编代码输出而不是反汇编,您可能必须修改逻辑)

You're on the right track, I think.

It looks like you need to get from Script::Compile to Compiler::Compile, which will lead you to the code generators (codegen*.cc and .h).

All of this to say that, looking at codegen-ia32.cc, if you define ENABLE_DISASSEMBLER
when you build, your disassembly should get printed, I think.

Of course, all of this is just from a quick browse of an old copy of the source I have here, so YMMV, but I think this should work.

(Looking at your post again, I see you're looking for the machine language, not the assembler -- I'm not sure, but you might have to modify the logic if you want the assembled code output rather than its disassembly)

回复 原文
层林尽染 2024-07-15 19:35:06

看一下 v8_root/build/features.gypi,您会发现与反汇编程序相关的以及许多其他 V8 编译时功能开关。

Take a look at v8_root/build/features.gypi, and you will find disassembler related and many other compile time feature switches for V8.

回复 原文
~没有更多了~

关于作者

怪我鬧

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文