I'm toying around with the idea of implementing something that profiles code on the production server and wanted some best-practice advice. Obviously it's a bad idea to profile ALL requests because of the added overhead so I was looking into some techniques that will randomly invoke the profiler per request. Something like 1 profile per every 10,000 requests. I know there is a way to achieve such a task with Facebook's XHProf Profiler but was hoping for a similar solution using xdebug. So my questions are (assuming xdebug is the profiler): <ol> <li>Is this kind of feature even advisable? I'd like to get some real world data from the production environment but not if it means destroying the user experience due to overhead.</li> <li>Does installing xdebug on production open the server up to attackers/exploiters in any way (assuming the debugger is not enabled)? Is there a boiler-plate config for this type of setup?</li> <li>What's the best way to trigger the profiler for an appropriate sample size? </li> </ol> Any other insight into the matter would be much appreciated.

Don't reinvent the wheel. XHProf Profiler is definitely the best tool for the job when it comes to profiling code within a production environment. Your options for enabling profiling within xdebug are limited to either having profiling always on via a php.ini file or .htaccess file via <code>xdebug.profiler_enable = 1</code> or selectively turning on profiling via <code>xdebug.profiler_enable_trigger = 1</code>. In the latter case you must have an <code>XDEBUG_PROFILE</code> GET or POST parameter set or send a cookie with the name <code>XDEBUG_PROFILE</code>. This means that should someone mischievous want to, they could slow your server to a crawl by simply appending that GET parameter to a bunch of requests. The only option I could see that would profile a relatively random sample of requests is to have a cron script place an .htaccess file in the appropriate directory, periodically, and then move it out of the directory. Still, that is less than desirable. If you do decide to go with XHProf take a look at XHGUI. http://phpadvent.org/2010/profiling-with-xhgui-by-paul-reinheimer

Profiling Code on Production

Tags:

php

profiling

xdebug

xhprof

I'm toying around with the idea of implementing something that profiles code on the production server and wanted some best-practice advice. Obviously it's a bad idea to profile ALL requests because of the added overhead so I was looking into some techniques that will randomly invoke the profiler per request. Something like 1 profile per every 10,000 requests.

I know there is a way to achieve such a task with Facebook's XHProf Profiler but was hoping for a similar solution using xdebug.

So my questions are (assuming xdebug is the profiler):

Is this kind of feature even advisable? I'd like to get some real world data from the production environment but not if it means destroying the user experience due to overhead.
Does installing xdebug on production open the server up to attackers/exploiters in any way (assuming the debugger is not enabled)? Is there a boiler-plate config for this type of setup?
What's the best way to trigger the profiler for an appropriate sample size?

Any other insight into the matter would be much appreciated.

574

asked Dec 06 '10 20:12

Mike B

1 Answers

Don't reinvent the wheel. XHProf Profiler is definitely the best tool for the job when it comes to profiling code within a production environment.

Your options for enabling profiling within xdebug are limited to either having profiling always on via a php.ini file or .htaccess file via xdebug.profiler_enable = 1 or selectively turning on profiling via xdebug.profiler_enable_trigger = 1. In the latter case you must have an XDEBUG_PROFILE GET or POST parameter set or send a cookie with the name XDEBUG_PROFILE. This means that should someone mischievous want to, they could slow your server to a crawl by simply appending that GET parameter to a bunch of requests.

The only option I could see that would profile a relatively random sample of requests is to have a cron script place an .htaccess file in the appropriate directory, periodically, and then move it out of the directory. Still, that is less than desirable.

If you do decide to go with XHProf take a look at XHGUI.

http://phpadvent.org/2010/profiling-with-xhgui-by-paul-reinheimer

139

answered Nov 05 '22 20:11

John Kramlich

Related questions
                            
                                How to control the language of the paypal checkout page?
                            
                                Laravel 5.1 to 5.2 composer update error
                            
                                How to inject an env variable just for certain testsuite using phpunit?
                            
                                Laravel sort collection by date
                            
                                How to ignore question mark as placeholder when using PDO with PostgreSQL
                            
                                Trying to shift the Validation from Controller to Request Class in Laravel 5.2.15
                            
                                SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect integer value: 'column_name' in Laravel
                            
                                PHP Nested JSON from flat JSON
                            
                                PHPExcel Cells over lapping each other >setRowHeight(-1) auto cell height not working
                            
                                Why is validate() method accessible via request()?
                            
                                Reasons for not having a compact structure of an MVC application?
                            
                                How to fetch (join) two records from database using doctrine/symfony4
                            
                                How do you connect to MySQL using PHP's mysqli when using sha256_password (access denied)
                            
                                Adding UTF-8 support to JS/PHP script [duplicate]
                            
                                Accessing a CONST attribute of series of Classes
                            
                                Best way to send anonymous email like craigslist
                            
                                Opensource Voting System [closed]
                            
                                How to debug php scripts at server side? In a situation client page doesn't show response
                            
                                PHPUnit and DBUnit - getting started [closed]
                            
                                unset a element of an array via reference

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With