VisibleV8
Overview
strace for the web
VisibleV8 (VV8) is a custom variant of the V8 JavaScript engine at the heart of the Chromium browser, the Node.js application runtime, and probably other titans of the modern software world. Maintained and distributed as a minimally-invasive and maintainable patchset, VV8 captures and logs the following activities in plaintext logs:
- All JS function calls that cross the JS/hosting-application boundary (i.e., calls to what V8 internally dubs “API” functions, like
window.alert
in a browser) - Named (e.g.,
foo.bar
) or keyed (e.g.,foo["bar"]
) property lookups for which the receiver (e.g.,foo
) refers to an object defined by the hosting application or the global object - Assignments to named or keyed property expressions involving receiver objects defined by the hosting application (or the global object)
Reflect.get
andReflect.set
API access to properties on hosting application-defined objects
Log records directly or indirectly include the following context:
- Source code of the immediately active/invoking script
- Simple provenance details of active script (i.e., source URL or
eval
-ing script) - Character offset of function call/property access within active script
- Receiver type information (i.e., constructor/prototype function name)
- Property/function name
- Value (for primitive values) or type information (for objects) passed to function calls as arguments or as the new property value for property assignments
Papers
Availability
The VV8 patches, tests, build scripts, and documentation are all available on GitHub.