Using --js-flags in Google Chrome to get --trace output

Question

I've looked through various sources online and done a number of Google searches, but I can't seem to find any specific instructions as to how to work with the V8 --trace-* flags in Google Chrome. I've seen a few "You can do this as well in Chrome", but I haven't been able to find what I'm looking for, which is output like this: (snippets are near the near bottom of the post) Optomizing for V8.

I found reference that the data is logged to a file: Profiling Chromium with V8 and I've found that the file is likely named v8.log: (Lost that link) but I haven't found any clues as to how to generate that file, or where it is located. It didn't appear to be in the chrome directory or the user directory.

Apparently I need to enable .map files for chrome.dll as well, but I wasn't able to find anything to help me with that.

The reason I would prefer to use Chrome's V8 for this as opposed to building V8 and using a shell is because the JavaScript I would like to test makes use of DOM, which I do not believe would be included in the V8 shell. However if it is, that would be great to know, then I can rewrite the code to work sans-html file and test. But my guess is that V8 by itself is sans-DOM access, like node.js

So to sum things up;

• Running Google Chrome Canary on Windows 7 ultimate x64
• Shortcut target is "C:\Users\ArkahnX\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --no-sandbox --js-flags="--trace-opt --trace-bailout --trace-deop" --user-data-dir=C:\chromeDebugProfile
• Looking for whether this type of output can be logged from chrome
  • If so, where would the log be?
  • If not, what sort of output should I expect, and again, where could I find it?

Thank you for any assistance!

Amending with how I got the answer to work for me

Using the below answer, I installed python to it's default directory, and modified the script so it had the full path to chrome. From there I set file type associations to .py files to python and executed the script. Now every time I open Chrome Canary it will run that python script (at least until I restart my pc, then I'll have to run that script again)

The result is exactly what I was looking for!

Answer 1

On Windows stdout output is suppressed by the fact that chrome.exe is a GUI application. You need to flip Subsystem field in the PE header from IMAGE_SUBSYSTEM_WINDOWS_GUI to WINDOWS_SUBSYSTEM_WINDOWS_CUI to see what V8 outputs to stdout.

You can do it with the following (somewhat hackish) Python script:

import mmap
import ctypes

GUI = 2
CUI = 3

with open("chrome.exe", "r+b") as f:
   map = mmap.mmap(f.fileno(), 1024, None, mmap.ACCESS_WRITE)
   e_lfanew = (ctypes.c_uint.from_buffer(map, 30 * 2).value)
   subsystem = ctypes.c_ushort.from_buffer(map, e_lfanew + 4 + 20 + (17 * 4))
   if subsystem.value == GUI:
       subsystem.value = CUI
       print "patched: gui -> cui"
   elif subsystem.value == CUI:
       subsystem.value = GUI
       print "patched: cui -> gui"
   else:
       print "unknown subsystem: %x" % (subsystem.value)

Close all Chrome instances and execute this script. When you restart chrome.exe you should see console window appear and you should be able to redirect stdout via >.

Answer 2

If your not keen on hacking the PE entry of chrome then there is alternative for windows.

Because the chrome app doesn't create a console stdout on windows all tracing in v8 (also d8 compiler) is sent to the OutputDebugString instead. The OutputDebugString writes to a shared memory object that can be read by any other application.

Microsoft has a tool called DebugView which monitors and if required also stream to a log file.

DebugView is free and downloadable from microsoft: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx