I'm toying around with the idea of implementing something that profiles code on the production server and wanted some best-practice advice. Obviously it's a bad idea to profile ALL requests because of the added overhead so I was looking into some techniques that will randomly invoke the profiler per request. Something like 1 profile per every 10,000 requests. I know there is a way to achieve such a task with Facebook's XHProf Profiler but was hoping for a similar solution using xdebug. So my questions are (assuming xdebug is the profiler): <ol> <li>Is this kind of feature even advisable? I'd like to get some real world data from the production environment but not if it means destroying the user experience due to overhead.</li> <li>Does installing xdebug on production open the server up to attackers/exploiters in any way (assuming the debugger is not enabled)? Is there a boiler-plate config for this type of setup?</li> <li>What's the best way to trigger the profiler for an appropriate sample size? </li> </ol> Any other insight into the matter would be much appreciated.

Don't reinvent the wheel. XHProf Profiler is definitely the best tool for the job when it comes to profiling code within a production environment. Your options for enabling profiling within xdebug are limited to either having profiling always on via a php.ini file or .htaccess file via <code>xdebug.profiler_enable = 1</code> or selectively turning on profiling via <code>xdebug.profiler_enable_trigger = 1</code>. In the latter case you must have an <code>XDEBUG_PROFILE</code> GET or POST parameter set or send a cookie with the name <code>XDEBUG_PROFILE</code>. This means that should someone mischievous want to, they could slow your server to a crawl by simply appending that GET parameter to a bunch of requests. The only option I could see that would profile a relatively random sample of requests is to have a cron script place an .htaccess file in the appropriate directory, periodically, and then move it out of the directory. Still, that is less than desirable. If you do decide to go with XHProf take a look at XHGUI. http://phpadvent.org/2010/profiling-with-xhgui-by-paul-reinheimer

Profiling Code on Production

I'm toying around with the idea of implementing something that profiles code on the production server and wanted some best-practice advice. Obviously it's a bad idea to profile ALL requests because of the added overhead so I was looking into some techniques that will randomly invoke the profiler per request. Something like 1 profile per every 10,000 requests.

I know there is a way to achieve such a task with Facebook's XHProf Profiler but was hoping for a similar solution using xdebug.

So my questions are (assuming xdebug is the profiler):

Is this kind of feature even advisable? I'd like to get some real world data from the production environment but not if it means destroying the user experience due to overhead.
Does installing xdebug on production open the server up to attackers/exploiters in any way (assuming the debugger is not enabled)? Is there a boiler-plate config for this type of setup?
What's the best way to trigger the profiler for an appropriate sample size?

Any other insight into the matter would be much appreciated.

What is production profiling?

Production profiling is a way to view and understand code-level performance to identify bottlenecks and map optimization opportunities.

What does profiling your code means?

What is code profiling? Code profiling examines the application code to ensure it is optimized, resulting in high application performance. It analyzes the memory, CPU, and network utilized by each software component or routine.

What is profiling in performance?

Performance profilers are software development tools designed to help you analyze the performance of your applications and improve poorly performing sections of code.

Don't reinvent the wheel. XHProf Profiler is definitely the best tool for the job when it comes to profiling code within a production environment.

Your options for enabling profiling within xdebug are limited to either having profiling always on via a php.ini file or .htaccess file via xdebug.profiler_enable = 1 or selectively turning on profiling via xdebug.profiler_enable_trigger = 1. In the latter case you must have an XDEBUG_PROFILE GET or POST parameter set or send a cookie with the name XDEBUG_PROFILE. This means that should someone mischievous want to, they could slow your server to a crawl by simply appending that GET parameter to a bunch of requests.

The only option I could see that would profile a relatively random sample of requests is to have a cron script place an .htaccess file in the appropriate directory, periodically, and then move it out of the directory. Still, that is less than desirable.

If you do decide to go with XHProf take a look at XHGUI.

http://phpadvent.org/2010/profiling-with-xhgui-by-paul-reinheimer

Profiling Code on Production

Tags:

php

profiling

xdebug

xhprof

Mike B

People also ask

1 Answers

John Kramlich

Recent Activity

Donate For Us

Profiling Code on Production

Tags:

php

profiling

xdebug

xhprof

Mike B

People also ask

1 Answers

John Kramlich

Related questions

Recent Activity

Donate For Us