[+v8-users, chromium-dev to BCC] There is no single bottleneck for JS object allocation; objects are created all over the place. As a starting point, you can look at all CodeStubAssembler::AllocateJS* and Factory::NewJS* functions. I don't know whether that set spans all JS object allocations, but at least it covers a fair bunch of them. Turbofan is a separate story, but I assume you're turning that off for your experiment.
On Mon, Sep 9, 2019 at 6:27 PM L TY <n0b0dy...@gmail.com> wrote: > Hello guys, I'm trying to do taint analysis in v8 with its ignition > interpreter. I want to be noticed whenever a JS object is allocated. > However, I cannot find the object allocation code in the interpreter. > > Currently I have located the v8 bytecode generating process such as the > code following: > > void BytecodeGenerator > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=32&ct=xref_jump_to_def&gsn=BytecodeGenerator>::VisitDeclarations > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1466&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523P5FSO7mrsdfZYIjAqLPKt_CmBkat5yCXPcFLX1SqQJE&gsn=VisitDeclarations&ct=xref_usages>(Declaration > > <https://cs.chromium.org/chromium/src/v8/src/ast/ast.h?l=433&ct=xref_jump_to_def&gsn=Declaration>::List > > <https://cs.chromium.org/chromium/src/v8/src/ast/ast.h?l=435&ct=xref_jump_to_def&gsn=List>* > declarations > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1466&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523WM8jje9_OZGREFVXG4hf0IpD58ex-uoFv1m-bGQHJ4I&gsn=declarations&ct=xref_usages>) > { > RegisterAllocationScope > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=554&ct=xref_jump_to_def&gsn=RegisterAllocationScope> > register_scope > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1467&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523qUiRb6k8cuPegbelxQ5PlNzmnM2GNOMRU_JyMjYzFlo&gsn=register_scope&ct=xref_usages>(this); > DCHECK > <https://cs.chromium.org/chromium/src/v8/src/base/logging.h?l=93&ct=xref_jump_to_def&gsn=DCHECK>(globals_builder > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=464&ct=xref_jump_to_def&gsn=globals_builder>()->empty > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=793&ct=xref_jump_to_def&gsn=empty>()); > for (Declaration > <https://cs.chromium.org/chromium/src/v8/src/ast/ast.h?l=433&ct=xref_jump_to_def&gsn=Declaration>* > decl > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1469&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523yarGfNOEsIE3jzyylaoF607ViOYxJEbH2n_M15sdDgA&gsn=decl&ct=xref_usages> > : > <https://cs.chromium.org/chromium/src/v8/src/base/threaded-list.h?l=130&ct=xref_jump_to_def&gsn=:> > * > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1469&gs=kythe%253A%253Flang%253Dc%25252B%25252B%2523f0GaZvzYUIhYZNEwI3CSsdSOJlQntzZvgWNH3y70ub8&gsn=*&ct=xref_usages>declarations > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1466&ct=xref_jump_to_def&gsn=declarations>) > { > RegisterAllocationScope > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=554&ct=xref_jump_to_def&gsn=RegisterAllocationScope> > register_scope > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1470&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523eVaKCzpR00P-EqMmRz8Xq-cqN7oD0kvEHqhZNdTAAdE&gsn=register_scope&ct=xref_usages>(this); > Visit > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=164&ct=xref_jump_to_def&gsn=Visit>(decl > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1469&ct=xref_jump_to_def&gsn=decl>); > } > if (globals_builder > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=464&ct=xref_jump_to_def&gsn=globals_builder>()->empty > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=793&ct=xref_jump_to_def&gsn=empty>()) > return; > > globals_builder > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=464&ct=xref_jump_to_def&gsn=globals_builder>()->set_constant_pool_entry > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=786&ct=xref_jump_to_def&gsn=set_constant_pool_entry>( > builder > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=437&ct=xref_jump_to_def&gsn=builder>()->AllocateDeferredConstantPoolEntry > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=1541&ct=xref_jump_to_def&gsn=AllocateDeferredConstantPoolEntry>()); > int encoded_flags > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1477&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523Z4LoK_1Qtq7_W-a-qGEfMs8aQMtg4PJoDu2vT0LMuBQ&gsn=encoded_flags&ct=xref_usages> > = DeclareGlobalsEvalFlag > <https://cs.chromium.org/chromium/src/v8/src/runtime/runtime.h?l=781&ct=xref_jump_to_def&gsn=DeclareGlobalsEvalFlag>::encode > > <https://cs.chromium.org/chromium/src/v8/src/utils/utils.h?l=344&ct=xref_jump_to_def&gsn=encode>(info > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=440&ct=xref_jump_to_def&gsn=info>()->is_eval > > <https://cs.chromium.org/chromium/src/v8/src/codegen/unoptimized-compilation-info.h?l=41&ct=xref_jump_to_def&gsn=is_eval>()); > > // Emit code to declare globals. > RegisterList > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register.h?l=99&ct=xref_jump_to_def&gsn=RegisterList> > args > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1480&gs=kythe%253A%252F%252Fchromium.googlesource.com%252Fchromium%252Fsrc%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fv8%252Fsrc%252Finterpreter%252Fbytecode-generator.cc%2523FWbt9eYQwC-lmzdlml1fpqXkWMENcyjgDr6amZ8WPL8&gsn=args&ct=xref_usages> > = register_allocator > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=460&ct=xref_jump_to_def&gsn=register_allocator>()->NewRegisterList > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register-allocator.h?l=45&ct=xref_jump_to_def&gsn=NewRegisterList>(3); > builder > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=437&ct=xref_jump_to_def&gsn=builder>() > ->LoadConstantPoolEntry > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=583&ct=xref_jump_to_def&gsn=LoadConstantPoolEntry>(globals_builder > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=464&ct=xref_jump_to_def&gsn=globals_builder>()->constant_pool_entry > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=781&ct=xref_jump_to_def&gsn=constant_pool_entry>()) > .StoreAccumulatorInRegister > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=678&ct=xref_jump_to_def&gsn=StoreAccumulatorInRegister>(args > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1480&ct=xref_jump_to_def&gsn=args>[ > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register.h?l=114&ct=xref_jump_to_def&gsn=%5B>0]) > .LoadLiteral > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=589&ct=xref_jump_to_def&gsn=LoadLiteral>(Smi > > <https://cs.chromium.org/chromium/src/v8/src/objects/smi.h?l=23&ct=xref_jump_to_def&gsn=Smi>::FromInt > > <https://cs.chromium.org/chromium/src/v8/src/objects/smi.h?l=49&ct=xref_jump_to_def&gsn=FromInt>(encoded_flags > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1477&ct=xref_jump_to_def&gsn=encoded_flags>)) > .StoreAccumulatorInRegister > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=678&ct=xref_jump_to_def&gsn=StoreAccumulatorInRegister>(args > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1480&ct=xref_jump_to_def&gsn=args>[ > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register.h?l=114&ct=xref_jump_to_def&gsn=%5B>1]) > .MoveRegister > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=691&ct=xref_jump_to_def&gsn=MoveRegister>(Register > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register.h?l=21&ct=xref_jump_to_def&gsn=Register>::function_closure > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register.cc?l=49&ct=xref_jump_to_def&gsn=function_closure>(), > args > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1480&ct=xref_jump_to_def&gsn=args>[ > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-register.h?l=114&ct=xref_jump_to_def&gsn=%5B>2]) > .CallRuntime > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-builder.cc?l=1446&ct=xref_jump_to_def&gsn=CallRuntime>(Runtime > > <https://cs.chromium.org/chromium/src/v8/src/runtime/runtime.h?l=649&ct=xref_jump_to_def&gsn=Runtime>::kDeclareGlobals > > <https://cs.chromium.org/chromium/src/v8/src/runtime/runtime.h?l=654&ct=xref_jump_to_def&gsn=kDeclareGlobals>, > args > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=1480&ct=xref_jump_to_def&gsn=args>); > > // Push and reset globals builder. > global_declarations_ > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=498&ct=xref_jump_to_def&gsn=global_declarations_>.push_back > > <https://cs.chromium.org/chromium/src/buildtools/third_party/libc%2B%2B/trunk/include/vector?l=1651&ct=xref_jump_to_def&gsn=push_back>(globals_builder > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=464&ct=xref_jump_to_def&gsn=globals_builder>()); > globals_builder_ > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=496&ct=xref_jump_to_def&gsn=globals_builder_> > = new > <https://cs.chromium.org/chromium/src/v8/src/zone/zone.h?l=143&ct=xref_jump_to_def&gsn=new> > (zone > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=438&ct=xref_jump_to_def&gsn=zone>()) > GlobalDeclarationsBuilder > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.cc?l=730&ct=xref_jump_to_def&gsn=GlobalDeclarationsBuilder>(zone > > <https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-generator.h?l=438&ct=xref_jump_to_def&gsn=zone>()); > } > > > But I cannot find the object allocation process. Can you guys give me some > advice about it? > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-users/CAKSzg3QXUB7D9xUipbJpZQDELiCLYfjCBhY%3DZ4K0juGyjFxYyg%40mail.gmail.com.
