Tracing VirtualAlloc With Xperf

Tracing calls to VirtualAlloc can sometimes help track down address space fragmentation or suspicious memory allocations.

Note: xperf was the previous name for this toolset. Microsoft has revamped the tool and split it into the Windows Performance Recorder (WPR) and the Windows Performance Analyzer (WPA), together forming the Windows Performance Toolkit (WPT). The new tools are much easier to use. These instructions will refer to WPT but the page title says xperf to preserve links.

Prerequisites

• Windows 7 or higher
• Administrator access to machine
• Willingness to share a system-wide log with the bug investigator. WPR records information about all processes running during the trace. These files can be large (hundreds of MB compressed).

Installing WPT

WPT is included in the Windows Assessment and Deployment Kit from Microsoft.

• Download from http://www.microsoft.com/en-US/download/details.aspx?id=39982
  • Note: These instructions are for the 8.1 SDK. There is a newer version available with some improvements, though you may need to adjust some of the steps: https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk
• Run the installer, select only "Windows Performance Toolkit"
• After the installer finishes, WPT will be installed here:
  • On 32-bit Windows: C:\Program Files\Windows Kits\8.1\Windows Performance Toolkit
    
  • On 64-bit Windows: C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit

Setup for 64-bit Windows

You can skip this on 32-bit Windows. Stack walking on 64-bit Windows requires a registry key. After tracing you can safely leave this key or remove it.

• Open an administrator command prompt
• Run this command:

REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" -v DisablePagingExecutive -d 0x1 -t REG_DWORD -f 

• Reboot the machine

Collect a trace

1. From the WPT install location, run WPRUI.exe
2. Select "More options"
3. Check the boxes for "First level Triage" and "VirtualAlloc usage" (under Resource Analysis)
4. Click "Start"
5. Launch Firefox and use it like normal. Try to reproduce your bug (crash, etc.)
6. To stop tracing, go back to the WPR window and click "Save"
7. Enter a file name for the trace file and a description of the bug
8. Compress (zip) the trace file. This is important because traces can be large.
9. Send the compressed file to the bug investigator. You may be able to attach small files in Bugzilla. For larger files you may need to use a dropbox or similar service.

Please take note of the privacy message from WPR:
This recording may contain personally identifiable or security related information, including but not necessarily limited to paths to files accessed, paths to registry access and process names. Exact information depends on the events that were logged. Please be aware of this when sharing out this trace with other people.

Troubleshooting

While tracing is enabled, the WPR window will show the status of the trace buffers. If the buffers get close to 100%, or there are any "Events dropped", then the trace file will be missing some information. In this case please try to record a shorter trace.

See also

https://wiki.mozilla.org/Using_XPerf (mostly for SpiderMonkey)