Chakracore: View of the generated assembly code

Created on 29 Jun 2018  路  6Comments  路  Source: chakra-core/ChakraCore

ChakraCore will output target backend assembly representation using "-dump:backend" option, but these dumped instruction are represented as kind of ChakraCore's code form.

for example, these look like.
s394(r7)[LikelyCanBeTaggedValue_Int].var = MOV s102(r6)[LikelyCanBeTaggedValue_Int].var
s395(r11).i64 = MOV s394(r7)[LikelyCanBeTaggedValue_Int].var
s395(r11).i64 = UBFX s395(r11).i64, 1048624 (0x100030).i64

Can I dump the JITed code as the pure native assembly? like mov r7, r6

Answered Question

Most helpful comment

You can always see the assembly in a debugger.
If you know which function you are interested in, you can use on:debug:<script id>.<func id> e.g.: -on:debug:1.32. The id is printed at the top of the dump from -dump:backend
That will insert an int 3(breakpoint) at the beginning of the function and you can use your favorite debugger to inspect the assembly.

All 6 comments

I think there are other -dump:* modes that will output something closer to native assembly (although probably still annotated). @Penguinwizzard @Cellule ?

Not really - we don't have a reason to do so, so we don't have the functionality for that. Since we don't use an external assembler, we don't need to change the instructions in the IR from our normal, annotated form.

If you'd like to get a presentation in the form expected by any other assembler, you can change how IR::Instr::Dump presents the information. Could we have some more information about your use case? There's a good chance that you'll be better served consuming our data structures than trying to parse debug output, if it's for some sort of analysis.

You can always see the assembly in a debugger.
If you know which function you are interested in, you can use on:debug:<script id>.<func id> e.g.: -on:debug:1.32. The id is printed at the top of the dump from -dump:backend
That will insert an int 3(breakpoint) at the beginning of the function and you can use your favorite debugger to inspect the assembly.

I'd like to understand the code generation of JITed code in ChakraCore, investigate if there is an optimization opportunity in that level, also hope to compare the corresponding native code come from other JS engines.

The target instruction in ChakraCore's annotated form has better type and source-level information, in the other hand, it isn't easy to do instruction comparison directly, and for example, since the immediate and address is invisible in that form, is it kind of inconvenient to debug the generated code?

I understand that for analysis using the debugger is not very practical.
Having a dumper that is machine dependent to dump the asm code would be nice, however we rarely have the need for it since we are usually using a debugger when that happens.

I believe @Penguinwizzard added a -dump mode that mostly addresses the ask here.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

aneeshdk picture aneeshdk  路  4Comments

tommyZZM picture tommyZZM  路  5Comments

kunalspathak picture kunalspathak  路  4Comments

crdumoul picture crdumoul  路  4Comments

ross-weir picture ross-weir  路  4Comments