Wei Wu / @lazyparser

Welcome to my website

Download as .zip Download as .tar.gz View on GitHub

最简单的方法是用SpiderMonkey[4]自带的jsshell[1]工具。使用debug模式编译之后,通过“-D”参数就可以获得JavaScript脚本对应的bytecode了。示例(假设你编译的目录是build-debug):

cd mozilla-central/js/src ./build-debug/js -D tests/js1_8_5/shell.js

得到的结果如下:

-– SCRIPT tests/js1_8_5/shell.js:1 — 00000: 10 getgname “version” {“interp”: 1} 00005: 10 typeof {“interp”: 1} 00006: 10 string “undefined” {“interp”: 1} 00011: 10 ne {“interp”: 1} 00012: 10 ifeq 32 (+20) {} 00017: 12 callgname “version” {“interp”: 1} 00022: 12 undefined {“interp”: 1} 00023: 12 notearg {“interp”: 1} 00024: 12 uint16 185 {“interp”: 1} 00027: 12 notearg {“interp”: 1} 00028: 12 call 1 {“interp”: 1} 00031: 12 pop {“interp”: 1} 00032: 12 stop {“interp”: 1} — END SCRIPT tests/js1_8_5/shell.js:1 —

注意只有debug模式才会输出,release/optimize模式的jsshell会忽略该选项。

可以通过Mozilla的wiki学习如何下载[2]和编译[3]源代码。

[1]: Introduction_to_the_JavaScript_shell

[2]: Getting_SpiderMonkey_source_code

[3]: SpiderMonkey/Build_Documentation

[4]: JavaScript:New_to_SpiderMonkey