For finding memory leaks or generally analyzing native heap usage of Chrome, external off-the-shelf tools such asheaptrack can sometimes be useful to complement the built-inMemoryInfra heap profiler. E.g., heaptrack has a convenient view for finding temporary allocations, and produces a nice flamegraph of the call stacks of all allocation sites. Alternatively, thetcmalloc allocator as part ofgperftools can produce heap dumps at arbitrary points in time, which can be visualized and zoomed in, filtered, etc. withpprof.
This requires hooking into or replacing the allocator used by Chrome (typically PartitionAlloc). In this guide, we describe how to do this on Linux. (It might work similarly on other systems, feel free to extend this document with instructions for macOS and Windows.)
Note that not all memory usage comes from the allocator or the hooking into it may be incomplete, so this may underreport allocations as described inthe blindspots here.
args.gn:forward_through_malloc = true # so that all C++ allocations go to mallocsymbol_level = 2 # for stacktracesis_component_build = true # so that the allocation functions are dl-exported # and can be intercepted
SincePartitionAlloc Everywhere, you should additionally disable PartitionAlloc and use the system allocator instead so that more allocations are captured in heaptrack. (Note that PartitionAlloc is still used in Blink, just not formalloc in other places anymore.) Add these build flags additionally:
use_partition_alloc_as_malloc = falseenable_backup_ref_ptr_support = false
chrome --no-sandbox --renderer-cmd-prefix='heaptrack --record-only' <other args...>. The sandbox needs to be disabled such that the heap dump can be written to disk. The other argument is for attaching heaptrack to each new renderer process (which also disables theZygote). This will write (several) heapdump file(s) such asheaptrack.chrome.$pid.zst. (Check the Chrome task manager for which tab corresponds to which process ID.)heaptrack --analyze heaptrack.chrome.$pid.zst.Motivation: An alternative to heaptrack is to use theheap profiler which is part of the tcmalloc allocator. This has the advantage of allowing to take heapdumps at different triggers (e.g., every N seconds, every N new bytes allocated, if in-use memory increases by N bytes, or manually triggered via a signal) and that its dumps can be visualized and analyzed withpprof.
git clone https://github.com/gperftools/gperftoolscd gperftools./autogen.sh./configuremake
heapdump-renderer.sh script andchmod +x it. ItLD_PRELOADs the tcmalloc allocator into every spawned renderer processes in Chrome:#!/bin/shecho"Renderer $$ starting..."LD_PRELOAD=path/to/gperftools/.libs/libtcmalloc_and_profiler.so MALLOCSTATS=1 HEAPPROFILE=tcmalloc.renderer$$ HEAPPROFILESIGNAL=12 exec $*
HEAP_PROFILE_ALLOCATION_INTERVAL=... instead ofHEAPPROFILESIGNAL, see thegperftools documentation.chrome --no-sandbox --renderer-cmd-prefix=./heapdump-renderer.sh <other args...>.kill -n 12 $pid. (Find the process ID in the Chrome task manager or check the console output.) This produces atcmalloc.renderer$pid.heap file.pprof -flame tcmalloc.renderer$pid.heap (Googlers-only) orpprof -http tcmalloc.renderer$pid.heap. Note that you can switch themetric/Sample betweenalloc_objects,alloc_space,inuse_objects, andinuse_space.