V8 Javascript堆转储模式

V8 Javascript Heap Dump Schema

本文关键字:模式 转储 Javascript V8      更新时间:2023-09-26

我正在尝试理解由googlechrome工具生成的堆转储的内容。我知道已经有了浏览器中的堆转储检查器,但我有兴趣编写一个解析JS堆转储的CLI作为练习。我在堆转储中找不到任何关于内容结构的文档。它们是人类可读的,但从检查文件来看,格式不是很清楚

这是一个随机片段:

"HTMLOptionElement",
"XMLHttpRequestEventTarget",
"about:blank",
"clearModifier",
"resetModifiers",
"/devtools/docs/demos/memory/example1",
"HTMLIFrameElement",
"https://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22search%22%2C%22version%22%3A%221.0%22%2C%22callback%22%3A%22__gcse.scb%22%2C%22style%22%3A%22https%3A%2F%2Fwww.google.com%2Fcse%2Fstyle%2Flook%2Fv2%2Fdefault.css%22%2C%22language%22%3A%22en%22%7D%5D%7D",
"HTMLLinkElement",
"HTMLContentElement",
"window.__SSR = {c: 1.2808007E7 ,si:1,su:1,e:'richard@example.com',dn:'Richard Schneeman',a:'bubble',at:'AZW7SXV+1uUcQX+2WIzyelLB5UgBepsr1''/RV+URJxwIT6BmLmrrThMH0ckzB7mLeFn1SFRtxm''/1SD16uNnjb0qZxXct8''x3d',ld:[,[0,12808007,[]'n,1,70]'n]'n,r:'https:''/''/developer.chrome.com''/devtools''/docs''/demos''/memory''/example1',s:'widget',annd: 2.0 ,bp: {}, id:'http:''/''/www.google.com''/chrome'}; document.addEventListener && document.addEventListener('DOMContentLoaded', function () {gapi.inline.tick('wdc', new Date().getTime());}, false);",
"onLoaded",
"HTMLAllCollection",
"onDocumentKeyDown",

是否存在关于chrome堆转储结构的文档?是否有标准的javascript堆转储格式,或者每个引擎都有自己的专有标准?

不幸的是,没有标准的JS堆格式。快速谷歌搜索";v8堆转储格式";给出了几个结果,没有一个是非常详细的。有node.js堆快照解析器扩展,v8源代码包含最新信息:v8 profiler.h

花了几天时间在Go中为V8堆快照JSON文件编写解析器后,我学到了以下内容:

  • heapsnapshot文件是一个JSON文件,它表示所有堆分配的值以及它们之间的边。

  • JSON格式使用字典编码来紧凑地表示图的节点和边。

heapsnapshot文件的注释顶层结构如下所示:

{
    "snapshot": {
        "meta": {
            "node_fields": ["type", "name", "id", "self_size", "edge_count", "trace_node_id", "detachedness"],
            "node_types": [
                ["hidden", "array", "string", "object", "code", "closure", "regexp", "number", "native", "synthetic", "concatenated string", "sliced string", "symbol", "bigint", "object shape"],
                "string",
                "number",
                "number",
                "number",
                "number",
                "number"
            ],
            "edge_fields": ["type", "name_or_index", "to_node"],
            "edge_types": [
                ["context", "element", "property", "internal", "hidden", "shortcut", "weak"],
                "string_or_number",
                "node"
            ]
        }
    },
    "nodes": [
      // Each node is represented by 7 numbers, matching the length of node_fields.
      // Each number corresponds to the index of the value in the node_types array.
      1,0,66,16,10,0,0, // type=array  name=alpha id=66 self_size=16 edge_count=10 trace_node_id=0 detachedness=0
      2,1,77,16, 1,0,0  // type=string name=bravo id=77 self_size=16 edge_count=1  trace_node_id=0 detachedness=0
    ],
    "edges": [
      // Each edge is represented by 3 numbers, matching the length of edge_fields.
      1,1,0 // type=element name_or_index=1(bravo) to_node=0
    ],
    "trace_function_infos": [],
    "trace_tree": [],
    "samples": [],
    "locations": [],
    "strings": [
      "alpha",
      "bravo",
      "charlie"
    ]
}

其他注意事项:

  • 要比较不同的堆快照,请使用nodes.id。id在快照之间是一致的,这意味着同一对象在不同的快照中具有相同的id
  • Chromium HeapSnapshotLoader为节点和边数组使用自定义解析器,因为它始终是uint32的数组,并且堆快照可能非常大(GiB)

参考文献:

  • Microsoft Edge文档:堆快照文件格式:极好的、可接近的堆快照格式概述
  • Chromium来源:HeapSnapshotLoader.ts:Chrmium如何解析heapsnapshot文件格式
  • Chromium来源:堆快照生成器。h:Chromium如何生成堆快照文件格式
相关文章: