Académique Documents
Professionnel Documents
Culture Documents
joe damato
@joedamato
timetobleed.com
About Joe Damato
amd64 Intel64
• alignment
• calling conventions
• object file and library formats
• syscalls (how they work, where they live)
WTF is an ABI?
System V ABI (271 pages)
System V ABI AMD64 Architecture Processor
Supplement (128 pages)
System V ABI Intel386 Architecture Processor
Supplement (377 pages)
0000000000491270 T Init_Array
0000000000497520 T Init_Bignum
000000000041dc80 T Init_Binding
symbol symbol names
“value” 000000000049d9b0 T Init_Comparable
000000000049de30 T Init_Dir
00000000004a1080 T Init_Enumerable
00000000004a3720 T Init_Enumerator
00000000004a4f30 T Init_Exception
000000000042c2d0 T Init_File
0000000000434b90 T Init_GC
objdump
% objdump -D /usr/bin/ruby
.got.plt entry
Initially, the .got.plt entry contains
the address of the instruction after
the jmp. 0x7ffff7afd6e6
How the plt works
.got.plt entry
An ID is stored and the rtld is
invoked.
0x7ffff7afd6e6
How the plt works
.got.plt entry
rtld writes the address of
rb_newobj to the .got.plt entry.
0x7ffff7b34ac0
How the plt works
.got.plt entry
rtld writes the address of
rb_newobj to the .got.plt entry.
0x7ffff7b34ac0
calls to the PLT entry jump
immediately to rb_newobj now
that .got.plt is filled in.
Hook the GOT
require 'memprof'
Or just track a block Memprof.start
Memprof.track(‘/tmp/file’) {
do_something
}
require 'memprof'
Memprof.start
Or dump the entire heap as JSON do_stuff
Memprof.dump_all(‘/tmp/file’)
Middleware
• Use memprof as middleware
• Get per-request object count information
rails 3, environment.rb:
require 'memprof/middleware'
MyApp::Application.configure do
config.middleware.use Memprof::Middleware
end
569 lib/ruby/1.8/yaml.rb:133:String
528 gems/sequel-3.9.0/lib/sequel/model/base.rb:393:__node__
522 gems/haml-2.2.20/lib/haml/precompiler.rb:545:String
522 gems/haml-2.2.20/lib/haml/helpers.rb:135:String
522 gems/haml-2.2.20/lib/haml/helpers.rb:135:ActiveSupport::SafeBuffer
507 gems/haml-2.2.20/lib/haml/precompiler.rb:317:String
488 gems/sequel-3.9.0/lib/sequel/adapters/mysql.rb:410:String
445 lib/ruby/1.8/yaml.rb:133:YAML::Syck::Node
432 gems/haml-2.2.20/lib/haml/precompiler.rb:566:String
406 gems/sequel-3.9.0/lib/sequel/model/base.rb:392:__node__
memprof.com
memprof limitations
• only works on amd64 linux and snow leopard
• only works with MRI and REE 1.8
• only works on binaries that are NOT STRIPPED.
• OSX System Ruby is NOT supported (yet).
• support for EY rubies is forthcoming - you will
have to install -dbg packages, though.
More evil is brewing
• We have some crazy, scary, stupid ideas that
we think you’ll love.
• Stay tuned to find out what they are.
• 1.9 support is one of the ideas.
Use RVM.
This would have been really hard to test on
all the different Ruby binaries without RVM.
Use it. Donate money. (Not my project).
http://rvm.beginrescueend.com/
Get memprof
• This talk was about the memprof Ruby gem
which is free and provides text output.
• github.com/ice799/memprof
• gem install memprof
• #memprof on irc.freenode.net
• memprof.com is separate and visualizes the
output from the memprof gem.
• memprof.com is in alpha.
Special Thanks
• Aman Gupta (@tmm1) - web ui, json output, and
much more
• Jake Douglas (@jakedouglas) - mach-o layer, bugfixes,
and more.
• Brian Lopez (@brianmario) - because he’s cool.
• Brian Mitchell (@binary42) - for convincing me to do
this by telling me I wouldn’t and was too scared.
Questions ?
@joedamato
timetobleed.com
github.com/ice799