Re: [chromium-dev] How can i hook object creation in ignition interpreter?
31 views
Skip to first unread message
Jakob Kummerow
Sep 9, 2019, 1:26:14 PM9/9/19
to n0b0...@gmail.com, v8-users
[+v8-users, chromium-dev to BCC]
There is no single bottleneck for JS object allocation; objects are created all over the place. As a starting point, you can look at all CodeStubAssembler::AllocateJS* and Factory::NewJS* functions. I don't know whether that set spans all JS object allocations, but at least it covers a fair bunch of them. Turbofan is a separate story, but I assume you're turning that off for your experiment.
On Mon, Sep 9, 2019 at 6:27 PM L TY <n0b0...@gmail.com> wrote:
Hello guys, I'm trying to do taint analysis in v8 with its ignition interpreter. I want to be noticed whenever a JS object is allocated. However, I cannot find the object allocation code in the interpreter.Currently I have located the v8 bytecode generating process such as the code following:
RegisterAllocationScope register_scope(this);
DCHECK(globals_builder()->empty());
for (Declaration* decl : *declarations) {
RegisterAllocationScope register_scope(this);
Visit(decl);
}
if (globals_builder()->empty()) return;
globals_builder()->set_constant_pool_entry(
builder()->AllocateDeferredConstantPoolEntry());
int encoded_flags = DeclareGlobalsEvalFlag::encode(info()->is_eval());
// Emit code to declare globals.
RegisterList args = register_allocator()->NewRegisterList(3);
builder()
->LoadConstantPoolEntry(globals_builder()->constant_pool_entry())
.StoreAccumulatorInRegister(args[0])
.LoadLiteral(Smi::FromInt(encoded_flags))
.StoreAccumulatorInRegister(args[1])
.MoveRegister(Register::function_closure(), args[2])
.CallRuntime(Runtime::kDeclareGlobals, args);
// Push and reset globals builder.
global_declarations_.push_back(globals_builder());
globals_builder_ = new (zone()) GlobalDeclarationsBuilder(zone());
}But I cannot find the object allocation process. Can you guys give me some advice about it?
Reply all
Reply to author
Forward
0 new messages