Build your own .NET memory profiler in C# — call stacks (2/2–2)
In the past two episodes of this series I have explained how to get a sampling of .NET application allocations and one way to get the call stack corresponding to the allocations; all with CLR events. In this last episode, I will detail how to transform addresses from the stack into methods name and possibly signature.
From managed address to method signature
In order to transform an address on the stack into a managed method name, you need to know where in memory (i.e. at which address) is stored the method JITted assembly code and what is its size:
For each JITted method, the MethodLoadVerbose/MethodDCStartVerboseV2 events are providing this information in addition to 3 properties to rebuild the full method name and signature (more on this later). I’m storing each method description as a MethodInfo into a MethodStore per process.
The only interesting part of the MethodInfo class is the computation of the full method name stored in the _fullName field:
The ComputeFullName helper merges together the 3 properties given by the MethodxxxVerbose events including special processing for constructors:
Only the parameters (not the return type) are extracted from the “return type SPACE SPACE (parameters)” signature format:
With the starting address and the size of each JITted methods, it is easy to find the one corresponding to a given address on the stack: look for the MethodInfo where this address could be between the start address and the start address + the code size:
For performance sake, the _cache dictionary property speeds up the process by keeping track of the address/full name mappings.
It is now time to look at the details of the GetNativeMethodName helper that takes care of the native functions scenario.
The native part of the symbols story
Unlike for JITted methods, the CLR does not send events to describe native functions even for the CLR itself. Instead, you need to find a way to map a call stack address to a native function by yourself. Unlike Perfview, I will be using the dbghelp native API instead of DIA mostly because my scenario is to get the stacks while the applications are still running:
After reading the march 2002 MSDN article about DBGHELP by Matt Pietrek, the updated symbols related Microsoft Docs and the dbghelp.h include a file from the Windows SDK, I wrote a C# wrapper around the dbghelp function needed to get a method name from an address in a process address space:
Note that you will need to download the dbghelp.dll (SymSrv.dll if needed) from the Windows SDK and copy it next to your memory profiler binaries.
The usage of the dbghelp API is straightforward. First, for each new process, call SymSetOptions/SymInitialize with a handle of the process:
In the case of protected processes, Process.GetProcessById might throw an exception. The _hProcess field storing the process handle will be cleaned up in the IDisposible.Dispose implementation of the MethodStore:
After a process has been bound, each time one of its modules is loaded, SymLoadModule64 must be called. You can be notified of such a loaded module by enabling the Kernel provider with the ImageLoad keyword.
The handler attached to the ImageLoaded event will be called each time a dll gets loaded.
Now everything is in place to get a native function name from an address on the stack:
Note that I needed to remove some unexpected $## strings are the end of some symbols.
This is the last episode of the series about building your own memory profiler in C#. In case you missed the first episodes, check them out on Medium:
Resources
- Source code available on Github.
- Download Debugging Tools for Windows for dbghelp.dll and SymSrv.dll
- Matt Pietrek article in MSDN Magazine about DBGHELP
- Dbghelp samples -http://www.debuginfo.com/examples/dbghelpexamples.html
