乐趣区

关于.net:记一次-NET-某招聘网后端服务-内存暴涨分析

一:背景

1. 讲故事

前段时间有位敌人 wx 找到我,说他的程序存在内存阶段性暴涨,寻求如何解决,和敌人沟通下来,他的内存平时大略是5G 左右,在某些时点左近会暴涨到 10G+, 画个图大略就是这样。

所以接下来就是想方法给他找到那莫名微妙的 5-6G 是个啥,上 windbg 谈话。

二:Windbg 剖析

1. 判断托管还是非托管

从形容上看大概率是托管层面的问题,但为了文章的完整性,咱们还是用 !address -summary!eeheap -gc 来看一下。


0:000> !address -summary

--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
Free                                   1164      7f5`58f12000 (7.958 TB)           99.48%
<unknown>                              6924        a`6de84000 (41.717 GB)  97.90%    0.51%
Stack                                  1123        0`16340000 (355.250 MB)   0.81%    0.00%
Image                                  4063        0`1607d000 (352.488 MB)   0.81%    0.00%
Heap                                     71        0`0c9ea000 (201.914 MB)   0.46%    0.00%
TEB                                     374        0`002ec000 (2.922 MB)   0.01%    0.00%
Other                                    13        0`001c6000 (1.773 MB)   0.00%    0.00%
PEB                                       1        0`00001000 (4.000 kB)   0.00%    0.00%

--- Type Summary (for busy) ------ RgnCount ----------- Total Size -------- %ofBusy %ofTotal
MEM_PRIVATE                            5423        a`87200000 (42.111 GB)  98.83%    0.51%
MEM_IMAGE                              7033        0`1e5d6000 (485.836 MB)   1.11%    0.01%
MEM_MAPPED                              113        0`01908000 (25.031 MB)   0.06%    0.00%

--- State Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
MEM_FREE                               1164      7f5`58f12000 (7.958 TB)           99.48%
MEM_RESERVE                            4165        8`1b873000 (32.430 GB)  76.11%    0.40%
MEM_COMMIT                             8404        2`8b86b000 (10.180 GB)  23.89%    0.12%


0:000> !eeheap -gc
Number of GC Heaps: 32
------------------------------
Heap 0 (00000000004106d0)
generation 0 starts at 0x0000000082eb0e58
generation 1 starts at 0x0000000082d79b20
generation 2 starts at 0x000000007fff1000
ephemeral segment allocation context: none
         segment             begin         allocated              size
000000007fff0000  000000007fff1000  0000000083f80128  0x3f8f128(66646312)
Large object heap starts at 0x000000087fff1000
         segment             begin         allocated              size
000000087fff0000  000000087fff1000  0000000883fe4190  0x3ff3190(67056016)
0000000927ff0000  0000000927ff1000  000000092bfe2430  0x3ff1430(67048496)
0000000a81c50000  0000000a81c51000  0000000a8221c858  0x5cb858(6076504)
Heap Size:               Size: 0xc53ef40 (206827328) bytes.
------------------------------
...
Heap 31 (0000000019c84130)
generation 0 starts at 0x0000000844fc5170
generation 1 starts at 0x0000000844f851f8
generation 2 starts at 0x000000083fff1000
ephemeral segment allocation context: none
         segment             begin         allocated              size
000000083fff0000  000000083fff1000  0000000845171ca0  0x5180ca0(85462176)
Large object heap starts at 0x00000008fbff1000
         segment             begin         allocated              size
00000008fbff0000  00000008fbff1000  00000008fffe2290  0x3ff1290(67048080)
000000094bff0000  000000094bff1000  000000094ea2ebb8  0x2a3dbb8(44293048)
000000096bff0000  000000096bff1000  000000096dbdec00  0x1bedc00(29285376)
Heap Size:               Size: 0xd79d6e8 (226088680) bytes.
------------------------------
GC Heap Size:            Size: 0x1f1986a88 (8348265096) bytes.

从卦中得悉,10G的内存,托管堆吃掉了 8.3G,很显著托管层问题,晓得大方向后,接下来就能够到托管堆看一看,依据过往教训程序必定是生成了大量的类对象所致,上命令 !dumpheap -stat


0:000> !dumpheap -stat
Statistics:
              MT    Count    TotalSize Class Name
...
000007fe9ddd5fc0   341280     30032640 System.ServiceModel.Description.MessagePartDescription
000007fe9c4865a0   866349     41584752 System.Xml.XmlDictionaryString
000007fe9defb098   937801     45014448 System.Xml.XmlDictionaryString
000007fe9c66bd28   105052     45086880 System.Collections.Generic.Dictionary`2+Entry[[System.String, mscorlib],[System.Xml.XmlDictionaryString, System.Runtime.Serialization]][]
000007fe9e0f4d20   113299     49050864 System.Collections.Generic.Dictionary`2+Entry[[System.String, mscorlib],[System.Xml.XmlDictionaryString, System.Runtime.Serialization]][]
00000000003c9190    44573    618414438      Free
000007fef8f6c168   428410   1209974642 System.Char[]
000007fef8f4f1b8  2849758   1246912848 System.Object[]
000007fef8f6f058   531963   1670620873 System.Byte[]
000007fef8f6aee0  2368431   2382587716 System.String

真是皂滑弄人,并没有命中过往教训,能够看出占用最大的都是些 Byte,String,Char,Object 根底类型,其实这些根底类型排查起来很难搞,要么一直的用 -min, -max 去筛选,要么就写一个脚本对它进行分组排序,糟糕脚本如下:


"use strict";

/*
   按 mt 对托管堆类型的 size 进行分组
*/

let platform = 64
let mtlist = ["000007fef8f4f1b8"];
let maxlimit = 100;

function initializeScript() { return [new host.apiVersionSupport(1, 7)]; }
function log(str) {host.diagnostics.debugLog(str + "\n"); }
function exec(str) {log("\n" + str); return host.namespace.Debugger.Utility.Control.ExecuteCommand(str); }
function invokeScript() { for (var mt of mtlist) {groupby_mtsize_inheap(mt); } }

// 对某个类型依照 size 进行分组
function groupby_mtsize_inheap(mt) {var size_group = {};
    var commandText = "!dumpheap -mt" + mt;
    var output = exec(commandText);
    for (var line of output) {if (line == ""|| line.indexOf("Address") > -1) continue;
        if (line.indexOf("Statistics") > -1) break;
        var size = parseInt(line.substring(Math.ceil(platform / 2) + 1).trim());

        if (!size_group[size]) size_group[size] = 0;

        size_group[size]++;
    }
    show_top10_format(mt, size_group);
}

function show_top10_format(mt, size_group) {var maparr = [];

    // 转数组
    for (var size in size_group) {maparr.push({ "size": size, "count": size_group[size], "totalsize": (size * size_group[size]) });
    }

    maparr.sort(function (a, b) {return b.totalsize - a.totalsize});

    var topTotalSize = 0;

    // 按 size 输入
    for (var i = 0; i < Math.min(maparr.length, maxlimit); i++) {var size = maparr[i].size;
        var count = maparr[i].count;
        var totalsize = Math.round(maparr[i].totalsize / 1024 / 1024, 2);

        topTotalSize += totalsize

        log("size=" + size + ",count=" + count + ",totalsize=" + totalsize + "M");
    }

    log("Total:" + topTotalSize + "M");

    //show max
    if (maparr.length > 0) {var size = maparr[0].size;
        var totalsize = Math.round(maparr[0].totalsize / 1024 / 1024, 2) + "M";
        var output = exec("!dumpheap -mt" + mt + "-min 0n" + size + "-max 0n" + size + "-short").Take(maxlimit);
        for (var line of output) {log(line);
        }
    }
}

接下来把 string 的办法表地址传下去看看排序后果,简化输入如下:


!dumpheap -mt 000007fef8f6aee0
size=29285946,count=2,totalsize=56M
size=29285540,count=2,totalsize=56M
size=29285502,count=2,totalsize=56M
size=29285348,count=2,totalsize=56M
size=27455186,count=2,totalsize=52M
size=31116504,count=1,totalsize=30M
size=31116490,count=1,totalsize=30M
size=31116306,count=1,totalsize=30M
size=31115934,count=1,totalsize=30M
size=31115920,count=1,totalsize=30M
size=31115718,count=1,totalsize=30M
size=29286342,count=1,totalsize=28M
size=29285898,count=1,totalsize=28M
...
Total:1198M

能够看到,有不少大 size 的 string,那这些 string 到底是个啥,这里我轻易抽几个导出到 txt 看看。


0:000> !dumpheap -mt 000007fef8f6aee0 -min 0n31116490 -max 0n31116490 -short 
0000000a61c51000
0:000> !do 0000000a61c51000 
Name:        System.String
MethodTable: 000007fef8f6aee0
EEClass:     000007fef88d3720
Size:        31116490(0x1daccca) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:      <String is invalid or too large to print>

Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fef8f6dc90  40000aa        8         System.Int32  1 instance         15558232 m_stringLength
000007fef8f6c1c8  40000ab        c          System.Char  1 instance               50 m_firstChar
000007fef8f6aee0  40000ac       18        System.String  0   shared           static Empty
                                 >> Domain:Value  00000000003fb620:NotInit  000000001ca30bd0:NotInit  000000001f7b21a0:NotInit  000000001f8940c0:NotInit  0000000027dc46b0:NotInit  00000000281bd720:NotInit  00000000282b7ee0:NotInit  <<

0:000> .writemem D:\dumps\xxxx\string.txt 0000000a61c51000 L?0x1daccca
Writing 1daccca bytes..........

从内容看其实就是 pdf 的 base64 编码,以同样的形式调研 char[]byte[] 类型,发现大多也都是 pdf,猜想程序在解决 pdf 的过程中,进行了 byte[],char[],string 之间的切换,所以这些对象实践上大多属于无根对象,其实通过 !heapstat -iu 也能看到那大概 5.5G 的无根对象正等待 GC 回收。


0:000> !heapstat -iu                                        
Heap             Gen0         Gen1         Gen2          LOH                                        
Heap0        17625808      1274680     47745824    140181016                                        
...                                    
Total       357486256     28100616   2229673376   5733004848                                        
                                        
Free space:                                                 Percentage                                        
Heap0         3962240           24     11211224       298616SOH: 22% LOH:  0%                                        
Heap1         5625856          144      9857168       302152SOH: 27% LOH:  0%                                        
...                                    
Heap31        1448576           24     19957312       218024SOH: 25% LOH:  0%                                        
Total       181492784         1136    431825856      5183128                                        
                                        
Unrooted objects:                                           Percentage                                        
Heap0        12163928       243584        42872    137153536SOH: 18% LOH: 97%                                        
...                                    
Heap31         236832       239272      1435840    139770656SOH:  2% LOH: 99%                                        
Total       164954952      7948448     29066480   5530423784                                        

三:总结

本次内存阶段性暴涨的事变,次要还是程序接管了上游过多的 pdf 文件,毕竟这些都是大对象,还进行了 char[],string,byte[] 的切换,造成短时间内过大的内存占用。

最初就是我集体的解决倡议:

  1. 针对大量的 pdf,是否借用第三方的 oss 软件来躲避一些不必要的内存占用。
  2. 荡涤服务是否能够做些限流或者应用服务均摊的形式。

起初听敌人说,他做了 筛选过滤 以及一些 业务流程优化 解决了这个问题,我想事实中必定有很多敌人遇到过这类问题,欢送大家留言补充您的解决方案。

退出移动版