The main problem was due to the following: after Erik had fixed the logger to report library addresses, tickprocessor started to add to the code map entries that covered almost entire memory. This happened because tickprocessor contains a heuristic to bias addresses of functions from dynamic libraries:
if (funcInfo.start < libStart && funcInfo.start < libEnd - libStart) {
funcInfo.start += libStart;
}
And, as tickprocessor tried to process all symbols from the library, including data entries, which can be outside reported library addresses range, the second condition failed, and funcInfo.start remained unbiased.
Review URL: http://codereview.chromium.org/125192
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2194 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
To profile running the JavaScript file test.js using the V8 release mode shell (assuming it is build passing prof=oprofile to the SCons build). The following commands can be used:
$ tools/oprofile/start
$ tools/oprofile/run test.js
$ tools/oprofile/report | less
$ tools/oprofile/annotate | less
$ tools/oprofile/shutdown
Here is a summary of the commands.
For all the commands taking an executable the executable is expected to be a binary using V8. If no executable is specified the release mode V8 shell is assumed.
By default the --session-dir=/tmp/oprofv8 is passed to all oprofile commands. This walue can be changed by setting environment variable OPROFILE_SESSION_DIR.
When using the defaulf executable (V8 shell in release mode) it is assumed to be located in ../.. relative from the oprofile utility scripts. This default location can be overridden using the V8_SHELL_DIR environment variable.
start
-----
Start the oprofiling daemon.
run [executable] [parameters]
-----------------------------
Profile a V8 executable. Running this will reset oprofile samples, run the command and do an oprofile dump to flush samples and write ELF binaries for the generated code. The parameters are passed to the executable together with the --oprofile option.
report [executable] [parameters]
--------------------------------
Print the report for a profile run. The parameters are passed to opreport. E.g report --callgraph.
annotate [executable] [parameters]
----------------------------------
Print annotated assembly for a profile run. The parameters are passed to opannotate. E.g annotate -threshold 1.
reset
-----
Reset oprofile samples.
dump
----
Flush oprofile samples and write ELF binaries for the generated code.
shutdown
--------
Shutdown oprofile daemon.
Added a warning which is printed if option --oprofile is passed to a V8 which has not been compiled with oprofile support.
Review URL: http://codereview.chromium.org/125181
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2186 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Only send the inscructions part of a code object to oprofile when reporting dynamically generated code. Before the code object header was also reported to oprofile as code which caused strange disassembly output when using opannotate.
Review URL: http://codereview.chromium.org/125126
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2174 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
It seems that when calling a method that has two overloaded versions like this:
f(char* format, ...)
f(char* format, va_list args)
with a second pointer argument: f("format", pointer), the second version is picked up.
I've found a description of a similar issue here: http://bugs.gentoo.org/63112
So, to resolve this ambiguity, I've named such LogMessageBuilder's Append functions differently.
Review URL: http://codereview.chromium.org/125125
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2172 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Because of varying floating-point precision, the slow case is hard to
test with explicit values. Instead, we check that sine and cosine do
not return the same value (the regression was that the slow case of
cosine accidentally did sine instead of cosine).
Review URL: http://codereview.chromium.org/126123
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2169 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Code addresses are now written as an offset from the previous address for ticks, code move and delete events. Employed backreference and RLE compression for code move and delete events. This gives additional 30% log size reduction for benchmarks run w/o snapshot.
Overall compression results (compared with the revision of V8 having no compression):
- V8: 70% size reduction for benchmarks run w/o snapshot (for reference, gzip gives 87%)
- Chromium: 65% size reduction for public html version of benchmarks (v4) (for reference, gzip gives 90%)
The one obvious opportunity for improving compression results in Chromium is to compress URLs of scripts.
Review URL: http://codereview.chromium.org/125114
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2162 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Marsaglia's multiply-with-carry instead of mixing the
bits obtained from calling the system random() twice.
This seems to be a bit faster and gives a better
distribution than the system random() in particular on
Windows.
Review URL: http://codereview.chromium.org/126113
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2159 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For each frame it is now possible to request information on the scope chain. Each scope in the chain can have one of the types local, global, with and closure. For scopes of type global and with the mirror for the actual global or with object is available. For scopes of type local and closure a plain JavaScript object with the materialized content of the scope is created and its mirror is returned. Depending on the level of possible optimization the content of the materialized local and closure scopes might only contain the names which are actually used.
To iterate the scope chain an iterator ScopeIterator have been added which can provide the type of each scope for each part of the chain. This iterator creates an artificial local scope whenever that is present as the context chain does not include the local scope.
To avoid caching the mirror objects for the materialized the local and closure scopes transient mirrors have been added. They have negative handles and cannot be retrieved by subsequent lookup calls. Their content is part of a single response.
For debugging purposes an additional runtime function DebugPrintScopes is been added.
Added commands 'scopes' and 'scope' to the developer shell and fixed the dir command.
BUG=none
TEST=test/mjsunit/debug-scopes.js
Review URL: http://codereview.chromium.org/123021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Two techniques are involved:
- compress repeated line ends (common stack beginnings) by using back references;
- do RLE compression of repeated tick events.
This gives only 5% size reduction on benchmarks run, but this is because tick events are only comprise 10% of file size. Under Chromium winnings are bigger because long repeated samples of idleness are now compressed into a single line.
Tickprocessor will be updated in the next patch.
Review URL: http://codereview.chromium.org/123012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2147 ce2b1a6d-e550-0410-aec6-3dcde31c8c00