Debugging memory usage in managed code using Windbg - Kristoffer's tidbits - Site Home

Windbg, is there anything it can't do?

CLR Profiler is great for getting an overview of memory allocations and usage for managed applications but it doesn't work for very large applications and can't be attached after the application has been running for a while to determine why after 12 hours memory use spikes. Windbg can be an acceptable alternative when you find yourself looking at an unexpected memory spike and you're curious where all that memory is being allocated.

Start Windbg, attach to the process, and load the sos dll (see previous post).

We start out by getting a summary of our memory allocations with !dumpheap

0:004> !dumpheap -stat total 8952 objects Statistics:
       MT    Count    TotalSize Class Name 
7b4779b8        1           12 System.Windows.Forms.OSFeature 
7b475ca8        1           12 System.Windows.Forms.FormCollection 
7b474f8c        1           12 System.Windows.Forms.Layout.DefaultLayout 
7b4749e0        1           12 System.Windows.Forms.ClientUtils+WeakRefCollection 
79128f18        1           12 System.Collections.Generic.GenericEqualityComparer`1[[System.Int16, mscorlib]] 
79128b94        1           12 System.Collections.Generic.ObjectEqualityComparer`1[[System.IntPtr, mscorlib]] 
79127ae4        1           12 System.Collections.Generic.ObjectEqualityComparer`1[[System.Object, mscorlib]] 
79114408        1           12 System.Security.Permissions.ReflectionPermission 
791142e8        1           12 System.Security.Permissions.FileDialogPermission 
----------------- snip ---------------------- 
790fd4ec       82         1968 System.Version 
7ae76b24      208         2496 System.Drawing.KnownColor 
791242ec       20         2952 System.Collections.Hashtable+bucket[] 
79114bf0      181         5068 System.Security.SecurityElement 
791036b0      229         5496 System.Collections.ArrayList 
00155a48       50        23424      Free 
79124228      306        47780 System.Object[] 
790fa3e0     6662       379600 System.String 
79124418        9      3156304 System.Byte[] Total 8952 objects

We've got about 3 megs worth of System.Byte[] allocated so let's focus in on this to see why these objects exist.

0:004> !dumpheap -type System.Byte[] 
 Address       MT     Size 
01241e5c 79124418       12      
0124aaf4 79124418       28      
0124ab48 79124418      140      
01251178 79124418      172      
0125129c 79124418       28      
01254f7c 79124418    10148      
02246da8 79124418  1048592      
02346db8 79124418  1048592      
02446dc8 79124418  1048592      
total 9 objects 
Statistics:       MT    Count    TotalSize Class Name 
79124418        9      3156304 System.Byte[] 
Total 9 objects

A few small Byte arrays but 3 of them are a meg each so let's find out why the first object is still alive (or if it is alive at all, a GC might not have happened to collect it yet).

0:004> !gcroot 02246da8 
Note: Roots found on stacks may be false positives. Run "!help gcroot" for more info. 
ebx:Root:012525d8(System.Windows.Forms.Application+ThreadContext)-> 
01251d58(WindbgDemo.Form1)-> 
01251edc(System.Collections.ArrayList)-> 
0125c278(System.Object[])-> 
02246da8(System.Byte[]) 
Scan Thread 0 OSTHread 1194 
Scan Thread 2 OSTHread 1720

The application has a reference to Form1 which has a reference to an ArrayList which has a reference to my Byte array. If a GC were to happen right now this object would be kept alive.

Instead of checking each Byte array by address individually we can use the .foreach token.

0:004> .foreach (obj {!dumpheap -type System.Byte[] -short}) {.echo obj;!gcroot obj} 
01241e5c 
Note: Roots found on stacks may be false positives. Run "!help gcroot" for more info. 
Scan Thread 0 OSTHread 1194 
Scan Thread 2 OSTHread 1720 
DOMAIN(00149768):HANDLE(Pinned):3e13fc:Root:02241010(System.Object[])-> 
01241e5c(System.Byte[]) 
0124aaf4 
Note: Roots found on stacks may be false positives. Run "!help gcroot" for more info. 
Scan Thread 0 OSTHread 1194 
Scan Thread 2 OSTHread 1720 
DOMAIN(00149768):HANDLE(Pinned):3e13fc:Root:02241010(System.Object[])-> 
0124a1c4(System.Environment+ResourceHelper)-> 
0124a358(System.Resources.ResourceManager)-> 
0124a3a0(System.Collections.Hashtable)-> 
0124a3d8(System.Collections.Hashtable+bucket[])-> 
0124a9f8(System.Resources.RuntimeResourceSet)-> 
0124aa5c(System.Resources.ResourceReader)-> 
0124aaac(System.IO.BinaryReader)-> 
0124aaf4(System.Byte[]) 
0124ab48 
Note: Roots found on stacks may be false positives. Run "!help gcroot" for more info. 
Scan Thread 0 OSTHread 1194 
Scan Thread 2 OSTHread 1720 
DOMAIN(00149768):HANDLE(Pinned):3e13fc:Root:02241010(System.Object[])-> 
0124a1c4(System.Environment+ResourceHelper)-> 
0124a358(System.Resources.ResourceManager)-> 
0124a3a0(System.Collections.Hashtable)-> 
0124a3d8(System.Collections.Hashtable+bucket[])-> 
0124a9f8(System.Resources.RuntimeResourceSet)-> 
0124aa5c(System.Resources.ResourceReader)-> 
0124aaac(System.IO.BinaryReader)-> 
0124ab48(System.Byte[]) 
--------------- remainder of output snipped --------------

By using the /ps parameter to .foreach (see Windbg help file for details) you can run gcroot on every nth item to get a sample of objects.