11

I'm toying around with the idea of implementing something that profiles code on the production server and wanted some best-practice advice. Obviously it's a bad idea to profile ALL requests because of the added overhead so I was looking into some techniques that will randomly invoke the profiler per request. Something like 1 profile per every 10,000 requests.

I know there is a way to achieve such a task with Facebook's XHProf Profiler but was hoping for a similar solution using xdebug.

So my questions are (assuming xdebug is the profiler):

  1. Is this kind of feature even advisable? I'd like to get some real world data from the production environment but not if it means destroying the user experience due to overhead.
  2. Does installing xdebug on production open the server up to attackers/exploiters in any way (assuming the debugger is not enabled)? Is there a boiler-plate config for this type of setup?
  3. What's the best way to trigger the profiler for an appropriate sample size?

Any other insight into the matter would be much appreciated.

Mike B
  • 31,886
  • 13
  • 87
  • 111

1 Answers1

9

Don't reinvent the wheel. XHProf Profiler is definitely the best tool for the job when it comes to profiling code within a production environment.

Your options for enabling profiling within xdebug are limited to either having profiling always on via a php.ini file or .htaccess file via xdebug.profiler_enable = 1 or selectively turning on profiling via xdebug.profiler_enable_trigger = 1. In the latter case you must have an XDEBUG_PROFILE GET or POST parameter set or send a cookie with the name XDEBUG_PROFILE. This means that should someone mischievous want to, they could slow your server to a crawl by simply appending that GET parameter to a bunch of requests.

The only option I could see that would profile a relatively random sample of requests is to have a cron script place an .htaccess file in the appropriate directory, periodically, and then move it out of the directory. Still, that is less than desirable.

If you do decide to go with XHProf take a look at XHGUI.

http://phpadvent.org/2010/profiling-with-xhgui-by-paul-reinheimer

John Kramlich
  • 2,220
  • 17
  • 18
  • Thanks for the suggestion John. I'll read up more on xhprof and give it some more consideration. – Mike B Dec 07 '10 at 13:29