Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/KDE/heaptrack
Heaptrack traces all memory allocations and annotates these events with stack traces. Dedicated analysis tools then allow you to interpret the heap memory profile to:
The recommended way is to launch your application and start tracing from the beginning:
heaptrack <your application and its parameters>
heaptrack output will be written to "/tmp/heaptrack.APP.PID.gz"
starting application, this might take some time...
...
heaptrack stats:
allocations: 65
leaked allocations: 60
temporary allocations: 1
Heaptrack finished! Now run the following to investigate the data:
heaptrack_gui "/tmp/heaptrack.APP.PID.gz"
Alternatively, you can attach to an already running process:
heaptrack --pid $(pidof <your application>)
heaptrack output will be written to "/tmp/heaptrack.APP.PID.gz"
injecting heaptrack into application via GDB, this might take some time...
injection finished
...
Heaptrack finished! Now run the following to investigate the data:
heaptrack_gui "/tmp/heaptrack.APP.PID.gz"
Heaptrack is split into two parts: The data collector, i.e. heaptrack
itself, and the
analyzer GUI called heaptrack_gui
. The following summarizes the dependencies for these
two parts as they can be build independently. You will find corresponding development
packages on all major distributions for these dependencies.
On an embedded device or older Linux distribution, you will only want to build heaptrack
.
The data can then be analyzed on a different machine with a more modern Linux distribution
that has access to the required GUI dependencies.
If you need help with building, deploying or using heaptrack, you can contact KDAB for commercial support: https://www.kdab.com/software-services/workshops/profiling-workshops/
Both parts require the following tools and libraries:
heaptrack
dependenciesThe heaptrack data collector and the simplistic heaptrack_print
analyzer depend on the
following libraries:
For runtime-attaching, you will need gdb
installed.
heaptrack_gui
dependenciesThe graphical user interface to interpret and analyze the data collected by heaptrack depends on Qt 5 and some KDE libraries:
When any of these dependencies is missing, heaptrack_gui
will not be build.
Optionally, install the following dependencies to get additional features in
the GUI:
Run the following commands to compile heaptrack. Do pay attention to the output of the CMake command, as it will tell you about missing dependencies!
cd heaptrack # i.e. the source folder
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release .. # look for messages about missing dependencies!
make -j$(nproc)
heaptrack_gui
on macOS using homebrewheaptrack_print
and heaptrack_gui
can be built on platforms other than Linux, using the dependencies mentioned above.
On macOS the dependencies can be installed easily using homebrew and the KDE homebrew tap.
brew install qt@5
# prepare tap
brew tap kde-mac/kde https://invent.kde.org/packaging/homebrew-kde.git
"$(brew --repo kde-mac/kde)/tools/do-caveats.sh"
# install dependencies
brew install kde-mac/kde/kf5-kcoreaddons kde-mac/kde/kf5-kitemmodels kde-mac/kde/kf5-kconfigwidgets \
kde-mac/kde/kf5-kio kde-mac/kde/kdiagram \
extra-cmake-modules ki18n threadweaver \
boost zstd gettext
# run manual steps as printed by brew
ln -sfv "$(brew --prefix)/share/kf5" "$HOME/Library/Application Support"
ln -sfv "$(brew --prefix)/share/knotifications5" "$HOME/Library/Application Support"
ln -sfv "$(brew --prefix)/share/kservices5" "$HOME/Library/Application Support"
ln -sfv "$(brew --prefix)/share/kservicetypes5" "$HOME/Library/Application Support"
To compile make sure to use Qt from homebrew and to have gettext in the path:
cd heaptrack # i.e. the source folder
mkdir build
cd build
CMAKE_PREFIX_PATH=/opt/homebrew/opt/qt@5 PATH=$PATH:/opt/homebrew/opt/gettext/bin cmake ..
cmake -DCMAKE_BUILD_TYPE=Release .. # look for messages about missing dependencies!
make heaptrack_gui heaptrack_print
Heaptrack generates data files that are impossible to analyze for a human. Instead, you need
to use either heaptrack_print
or heaptrack_gui
to interpret the results.
The highly recommended way to analyze a heap profile is by using the heaptrack_gui
tool.
It depends on Qt 5 and KF 5 to graphically visualize the recorded data. It features:
The heaptrack_print
tool is a command line application with minimal dependencies. It takes
the heap profile, analyzes it, and prints the results in ASCII format to the command line.
In its most simple form, you can use it like this:
heaptrack_print heaptrack.APP.PID.gz | less
By default, the report will contain three sections:
MOST CALLS TO ALLOCATION FUNCTIONS
PEAK MEMORY CONSUMERS
MOST TEMPORARY ALLOCATIONS
Each section then lists the top ten hotspots, i.e. code locations that triggered e.g. the most memory allocations.
Have a look at heaptrack_print --help
for changing the output format and other options.
Note that you can use this tool to convert a heaptrack data file to the Massif data format.
You can generate a collapsed stack report for consumption by flamegraph.pl
.
The idea to build heaptrack was born out of the pain in working with Valgrind's massif. Valgrind comes with a huge overhead in both memory and time, which sometimes prevent you from running it on larger real-world applications. Most of what Valgrind does is not needed for a simple heap profiler.
speed and memory overhead
Multi-threaded applications are not serialized when you trace them with heaptrack and even for single-threaded applications the overhead in both time and memory is significantly lower. Most notably, you only pay a price when you allocate memory -- time-intensive CPU calculations are not slowed down at all, contrary to what happens in Valgrind.
more data
Valgrind's massif aggregates data before writing the report. This step loses a lot of useful information. Most notably, you are not longer able to find out how often memory was allocated, or where temporary allocations are triggered. Heaptrack does not aggregate the data until you interpret it, which allows for more useful insights into your allocation patterns.
ability to profile page allocations as heap
This allows you to heap-profile applications that use pool allocators that circumvent malloc & friends. Heaptrack can in principle also profile such applications, but it requires code changes to annotate the memory pool implementation.
ability to profile stack allocations
This is inherently impossible to implement efficiently in heaptrack as far as I know.
As a FOSS project, we welcome contributions of any form. You can help improve the project by:
When submitting bug reports, you can anonymize your data with the tools/anonymize
script:
tools/anonymize heaptrack.APP.PID.gz heaptrack.bug_report_data.gz
Libunwind may produce bogus backtraces when unwinding from code linked with old versions of the gold linker. In such cases, recording with heaptrack seems to work and produces data files. But parsing these data files with heaptrack_gui will often lead to out-of-memory crashes. Looking at the data with heaptrack_print, one will see garbage backtraces that are completely broken.
If you encounter such issues, try to relink your application and also libunwind with ld.bfd
instead of ld.gold
.
You can see if you are affected by running the libunwind unit tests via make check
. But do note that you
need to relink your application too, not only libunwind.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.