Re: [v8-users] How does V8 compiles and executes JavaScript events?

[Jakob Kummerow]

A v8::Function maps to a v8::internal::JSFunction, which has a code()
property. That's either the existing compiled code, or a stub that will
trigger (re-)compilation based on the script() in the JSFunction's
shared_function_info(). It will be retrieved and called by the JSEntryStub.

You might want to put your instrumentation into Invoke(...) in execution.cc.

On Thu, Aug 31, 2017 at 11:56 AM, Hanyun Tao  wrote:

> Hi Jakob,
>
> Thank you for answering my questions!
>
> I would like to modify V8's internals to support such functionality. But
> before I start I would like to learn a little more about how chromium
> interact with V8 to process JavaScript event.
>
> By reading the source code, I believe that the WebKit rendering engine
> will call *v8::Function::Call* in api.cc, and after that the V8 engine
> will execute the Javascript code. Am I correct?
>
> If this is how things going to work, could you please point out where in
> this process, V8 compiles the code, or "read" the compiled code correspond
> to the JavaScript?
>
> Thank you!
>
> On Wednesday, August 30, 2017 at 8:39:00 PM UTC-4, Jakob Kummerow wrote:
>>
>> Object addresses are not exposed either. You would have to build such
>> instrumentation into V8's internals.
>>
>> On Tue, Aug 29, 2017 at 12:32 PM, Hanyun Tao  wrote:
>>
>>> Thank you Jakob!
>>>
>>> I can understand why it is hidden from external access. But would it be
>>> possible for the user to get access to the instruction addresses of the
>>> compiled code?
>>>
>>> We are studying the cache performance of JavaScript execution and we
>>> want to know if it is possible to prefetch the instructions in the next
>>> event handlers into the cache before it is executed based on the
>>> information collected in the v8 engine.
>>>
>>> Best regards,
>>>
>>> On Tuesday, August 29, 2017 at 12:29:33 PM UTC-4, Jakob Kummerow wrote:

 No, compiled code is an internal implementation detail and as such is
 hidden from JavaScript and other external access. If there ever is a way
 for users to get to compiled code, then it's a (probably severe security)
 bug and we would like to hear about it! :-)

 On Mon, Aug 28, 2017 at 9:03 PM, Hanyun Tao  wrote:

> Hi Jakob,
>
> Thanks again!
>
> According to what you have said, v8 compiles the event handlers are
> installed(compiled?) before it is executed. If it is true, then I believe
> v8 will store the compiled code somewhere in the system.
> Would it be possible for the user to get access to the compiled code?
>
> Best regards,
>
> On Monday, August 28, 2017 at 1:29:29 PM UTC-4, Jakob Kummerow wrote:
>>
>> The main API entry point for compilation is
>> v8::ScriptCompiler::Compile().
>>
>> I don't think event handling itself triggers compilation; but I'm not
>> an expert on that part of the system. AFAIK event handlers are installed
>> during page load (or more precisely: DOM element creation); they may 
>> still
>> be compiled on-demand on first use but that's not controlled via the V8 
>> API.
>>
>> On Mon, Aug 28, 2017 at 9:06 AM, Hanyun Tao 
>> wrote:
>>
>>> Hi Jakob,
>>>
>>> Thank you for replying!
>>>
>>> To be more specific, I'm looking for the point (function) that
>>> initiate the compilation process.
>>>
>>> In my understanding, when handling an "event", the renderer process
>>> in the browser will figure out the JavaScript related to the event, and 
>>> ask
>>> the V8 engine to execute it by calling some api function.
>>>
>>> Inside those api function, there should be a point where V8 initiate
>>> the compilation process, and that is what I'm looking for.
>>>
>>> Best regards,
>>>
>>>
>>>
>>> On Sunday, August 27, 2017 at 7:58:37 PM UTC-4, Jakob Kummerow wrote:

 Hi Hanyun,

 V8 is fairly complicated, and pretty much all it does is to compile
 and execute JavaScript. Do you have a more specific question?

 If you just want a starting point for reading code: maybe
 "CompileTopLevel" in src/compiler.cc would be a reasonable choice.

 On Sun, Aug 27, 2017 at 1:06 PM, Hanyun Tao 
 wrote:

> Hi all,
>
> I'm trying to understand how V8 engine compiles and execute
> JavaScript events. I used GDB to track the function call path when 
> handling
> an event and it look like this.
>
>
>
>  #0  v8::internal::Logger::TimerEvent (this=,
> se=, name=) at ../../v8/src/log.cc:866
>
>
>  #1  0x7f0cfcb23b39 in TimerEventScope (this=,
> isolate=) at ../../v8/src/log.h:354
>
>
>  #2  v8::Function::Call (this=, 

Re: [v8-users] How does V8 compiles and executes JavaScript events?

[Hanyun Tao]

Hi Jakob,

Thank you for answering my questions! 

I would like to modify V8's internals to support such functionality. But 
before I start I would like to learn a little more about how chromium 
interact with V8 to process JavaScript event.

By reading the source code, I believe that the WebKit rendering engine will 
call *v8::Function::Call* in api.cc, and after that the V8 engine will 
execute the Javascript code. Am I correct?

If this is how things going to work, could you please point out where in 
this process, V8 compiles the code, or "read" the compiled code correspond 
to the JavaScript?

Thank you!

On Wednesday, August 30, 2017 at 8:39:00 PM UTC-4, Jakob Kummerow wrote:
>
> Object addresses are not exposed either. You would have to build such 
> instrumentation into V8's internals.
>
> On Tue, Aug 29, 2017 at 12:32 PM, Hanyun Tao  > wrote:
>
>> Thank you Jakob!
>>
>> I can understand why it is hidden from external access. But would it be 
>> possible for the user to get access to the instruction addresses of the 
>> compiled code? 
>>
>> We are studying the cache performance of JavaScript execution and we want 
>> to know if it is possible to prefetch the instructions in the next event 
>> handlers into the cache before it is executed based on the information 
>> collected in the v8 engine.
>>
>> Best regards,
>>
>> On Tuesday, August 29, 2017 at 12:29:33 PM UTC-4, Jakob Kummerow wrote:
>>>
>>> No, compiled code is an internal implementation detail and as such is 
>>> hidden from JavaScript and other external access. If there ever is a way 
>>> for users to get to compiled code, then it's a (probably severe security) 
>>> bug and we would like to hear about it! :-)
>>>
>>> On Mon, Aug 28, 2017 at 9:03 PM, Hanyun Tao  wrote:
>>>
 Hi Jakob,

 Thanks again!

 According to what you have said, v8 compiles the event handlers are 
 installed(compiled?) before it is executed. If it is true, then I believe 
 v8 will store the compiled code somewhere in the system.
 Would it be possible for the user to get access to the compiled code? 

 Best regards,

 On Monday, August 28, 2017 at 1:29:29 PM UTC-4, Jakob Kummerow wrote:
>
> The main API entry point for compilation is 
> v8::ScriptCompiler::Compile().
>
> I don't think event handling itself triggers compilation; but I'm not 
> an expert on that part of the system. AFAIK event handlers are installed 
> during page load (or more precisely: DOM element creation); they may 
> still 
> be compiled on-demand on first use but that's not controlled via the V8 
> API.
>
> On Mon, Aug 28, 2017 at 9:06 AM, Hanyun Tao  
> wrote:
>
>> Hi Jakob,
>>
>> Thank you for replying!
>>
>> To be more specific, I'm looking for the point (function) that 
>> initiate the compilation process.
>>
>> In my understanding, when handling an "event", the renderer process 
>> in the browser will figure out the JavaScript related to the event, and 
>> ask 
>> the V8 engine to execute it by calling some api function.
>>
>> Inside those api function, there should be a point where V8 initiate 
>> the compilation process, and that is what I'm looking for.
>>
>> Best regards,
>>
>>
>>
>> On Sunday, August 27, 2017 at 7:58:37 PM UTC-4, Jakob Kummerow wrote:
>>>
>>> Hi Hanyun,
>>>
>>> V8 is fairly complicated, and pretty much all it does is to compile 
>>> and execute JavaScript. Do you have a more specific question? 
>>>
>>> If you just want a starting point for reading code: maybe 
>>> "CompileTopLevel" in src/compiler.cc would be a reasonable choice.
>>>
>>> On Sun, Aug 27, 2017 at 1:06 PM, Hanyun Tao  
>>> wrote:
>>>
 Hi all,

 I'm trying to understand how V8 engine compiles and execute 
 JavaScript events. I used GDB to track the function call path when 
 handling 
 an event and it look like this.



  #0  v8::internal::Logger::TimerEvent (this=, 
 se=, name=) at ../../v8/src/log.cc:866


  #1  0x7f0cfcb23b39 in TimerEventScope (this=, 
 isolate=) at ../../v8/src/log.h:354


  #2  v8::Function::Call (this=, context=..., 
 recv=..., argc=, argv=) at 
 ../../v8/src/api.cc:5094


  #3  0x7f0cf18daa0b in blink::V8ScriptRunner::callFunction 
 (function=..., context=0x201b099829d0, receiver=..., argc=1, 
 args=0x7fffe9e1cea0, 
 isolate=0x2def318c6020) at ../../third_party/WebKit/Source/
 bindings/core/v8/V8ScriptRunner.cpp:658


  #4  0x7f0cf18a1c26 in 
 blink::V8EventListener::callListenerFunction (this=0xe9381bfbea0, 

[v8-users] Re: Inspector commonly crashes after TerminateExecution()?

[Yang Guo]

Does this fix solve your 
problem? https://chromium-review.googlesource.com/c/v8/v8/+/645127

On Thursday, August 31, 2017 at 3:13:12 AM UTC+2, Kenton Varda wrote:
>
> Hi v8-users,
>
> I have an application in which I use TerminateExecution() from another 
> thread to kill off scripts that run for too long.
>
> Normally this works great, but when I have a v8 inspector session 
> attached, it seems very unhappy with this situation. In particular, the 
> process commonly aborts with:
>
> #
> # Fatal error in ../../src/builtins/builtins-console.cc, line 53
> # Check failed: !isolate->has_scheduled_exception().
> #
>
> It looks like the first console.log() after the inspector connects can in 
> fact take tens of milliseconds (at least in debug mode), frequently 
> triggering timeouts.
>
> This is unfortunate as it makes it pretty easy for a malicious script to 
> take down the process -- something that my TerminateExecution() was 
> explicitly trying to defend against.
>
> Is this:
> a) A bug in the inspector?
> b) An unsupported use case?
> c) Me doing something wrong in my setup?
>
> Thanks,
> -Kenton
>

-- 
-- 
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
--- 
You received this message because you are subscribed to the Google Groups 
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.