v8-mat
v1.0.3
Published
Eclipse Memory Analyzer port for V8 heap snapshots
Downloads
21
Readme
Automatic leak detection for V8 heap snapshots
This project implements the algorithm used by the Eclipse Memory Analyzer on V8 heap snapshots to automatically detect leak suspects in JavaScript processes. It analyzes a heap snapshot to find:
- Leak suspect: an object that retains a big chunk of memory in the heap. Due to the nature of JavaScript applications this tend to be a context object of a closure.
- Accumulation point: an object retained by the leak suspect where the majority of the memory retained by that suspect is accumulated.
The leak identified by this tool can be fixed by breaking the reference somewhere in the path from the leak suspect to the accumulation point, or stop the accumulation point from accumulating memory.
Usage
npm install -g v8-mat
v8-mat path/to.heapsnapshot [path/to/result.json]Example
The following Node.js script leaks memory by adding listeners that retain large strings to an emitter. It then create a snapshot before exiting.
'use strict';
const inspector = require('inspector');
const fs = require('fs');
const EventEmitter = require('events');
const session = new inspector.Session();
session.connect();
const TIME = parseInt(process.argv[2] || 10);
function randomString() {
return Math.random().toFixed(16).slice(2);
}
function run() {
function closureFactory() {
const hugeString = 'x'.repeat(1e6);
function unused() {
return hugeString;
}
return function createdClosure() {
// This is a bug of the VM
return 'I retain the hugeString even though I do not reference it';
};
}
const emitter = new EventEmitter();
for (let i = 0; i < 5e3; ++i) {
emitter.on(randomString(), closureFactory());
}
return Promise.resolve({
emitter
});
}
function teardown({ emitter }) {
console.log(emitter.eventNames().length);
}
run().then(function onFullFilled(result) {
setTimeout(() => {
let buf = '';
session.on('HeapProfiler.addHeapSnapshotChunk', function(res) {
buf += res.params.chunk;
});
session.post('HeapProfiler.takeHeapSnapshot', () => {
const file = './event-emitter.heapsnapshot';
fs.writeFileSync(file, buf);
console.log(`Written snapshot to ${file}`);
teardown(result);
});
}, TIME * 1000);
});Running v8-mat on the generated event-emitter.heapsnapshot:
> v8-mat event-emitter.heapsnapshot
Total Heap Size: 9817128
=============== Suspect ========
Name : system / Context
Class Name : system / Context
Edges Count : 5
Retained Size: 5401160
Self Size : 56
ID : 897
=============== Accumulation Point ========
Name : Object
Class Name : Object
Edges Count : 5003
Retained Size: 5397616
Self Size : 24
ID : 17507
=============== Retaining Path ========
5.1509MB system / Context@897
(context of onFullFilled() /Users/joyee/projects/v8-mat/test/fixtures/event-emitter.js) <--- Suspect
|
| ->result
v
5.1482MB Object(Object) @311289
|
| .emitter
v
5.1481MB EventEmitter(EventEmitter) @17505
|
| ._events
v
5.1476MB Object(Object) @17507 <--- Accumulation Point
|
| {properties}
v
192.0547KB (object properties)((array)) @29667
............Explanation:
- The leak suspect is the context of
onFullFilled(), where the result ofrun()is passed into the scope as a variable namedresult. Obviously ifonFullFilled()does not put theresultinto the scope, the leak will not exist since theresultwill not be referenced and can be garbage-collected.- Notice in the output of v8-mat, the annotation beside the first arrow (edge)
displays the variable name
resultin the context. - v8-mat also tries to extract the function and the file where the closure context is created and display it in its output.
- Notice in the output of v8-mat, the annotation beside the first arrow (edge)
displays the variable name
resulthas a member.emitterwhich is assigned at the end ofrun.result.emitterhas an internal member._eventswhere Node.js stores the listeners.
Looking up the suspect and following the retaining path from the suspect to the accumulation point in the DevTools:
