Profiling S2E

This page explains how to profile memory and CPU performance.

Profiling memory usage

We are going to use heaptrack. Its main advantage over competing profilers is that it is possible to inject it in a running S2E process. Others require using LD_PRELOAD, which interferes with libs2e.so and causes crashes. The disadvantage is that you cannot inject it before S2E starts.

  1. Build heaptrack from source. Avoid using the one that ships with Ubuntu 18.04, it may not be as reliable.

  2. Start S2E

  3. Inject heaptrack into the running S2E instance:

    $ ps aux | grep qemu
    ubuntu    31044 96.7  4.7 3487216 1191460 pts/8 Sl   13:54   0:03 /home/ubuntu/s2e/env/install/bin/qemu-system-i386 -drive file=/home/ubuntu/s2e/env/images/debian-9.2.1-i386/image.raw.s2e,format=s2e,cache=writeback -k en-us -nographic -monitor null -m 256M -enable-kvm -serial file:serial.txt -net none -net nic,model=e1000 -loadvm ready
    
    $ heaptrack -p 31044
    heaptrack output will be written to "/home/ubuntu/heaptrack/build/heaptrack.qemu-system-i38.31044.gz"
    injecting heaptrack into application via GDB, this might take some time...
    injection finished
    ...
    
  4. Wait for S2E to terminate or kill it manually. You will see the following output:

    heaptrack stats:
            allocations:            6836389
            leaked allocations:     46722
            temporary allocations:  1249045
    removing heaptrack injection via GDB, this might take some time...
    ptrace: No such process.
    No symbol table is loaded.  Use the "file" command.
    The program is not being run.
    Heaptrack finished! Now run the following to investigate the data:
    
      heaptrack --analyze "/home/ubuntu/heaptrack/build/heaptrack.qemu-system-i38.31044.gz"
    
  5. Open the resulting file in the heaptrack GUI

    $ heaptrack_gui "/home/ubuntu/heaptrack/build/heaptrack.qemu-system-i38.31044.gz"
    
../_images/heaptrack.png

Profiling CPU performance

We are going to use hotspot. It is a convenient GUI wrapper around the Linux perf tool.

  1. Build hotspot from source

  2. Start hotspot

    $ hotspot
    
../_images/hotspot1.png
  1. Start S2E

  2. Start profiling

    • Click on Record Data
    • Select Attach To Process(es)
    • Select the S2E instance you want to profile
    • Click Start Recording
  3. Stop recording and view results

../_images/hotspot2.png