MAT Java 内存分析工具

当前 MAT 可以分析 HPROF 二进制(produced by Sun, HP, SAP, etc… JVMs) 和 IBM system dumps (after preprocessing them), 以及 IBM portable heap dumps (PHD) .

  • find the biggest objects, as MAT provides reasonable accumulated size (retained size)
  • explore the object graph, both inbound and outbound references
  • compute paths from the garbage collector roots to interesting objects
  • find memory waste, like redundant String objects, empty collection objects, etc...

如何获得 heap dump

note: 从JDK 6 update 14 and above, HPROF 里面也包含所有线程的 callstatck.
参考: Heap Dump Analysis with Memory Analyzer, Part 1: Heap Dumps

Java 常见的三种 dump 文件: Core Dump, heap dump, thread dump

  1. core dump: 有时又被称作 crash dump, 它是某个进程在某个时间点的内存镜像. 它既可以在系统发生致命错误或无法处理的错误时候自动产生, 也可以通过命令工具产生. 但是 core dump 一遍并不能包含所有的内存页,但至少包含 heap 和 stack 的内存信息. core dump 默认放在当前进程的工作文件夹,并以 命名. 使用 jmap 转换 core dump 为 HPROF 文件或使用 Java VisualVM 来分析都可以.
  2. heap dump: 内存某个时间点镜像, 有ASCII 或 binary 格式,不同格式可能包含的信息不一样. 但一般包含 heap 里的类和对象实例信息. 但不包含 when & where 对象产生.
  3. thread dump: The thread dump consists of the thread stack, including thread state, for all Java threads in the virtual machine. The thread dump does not terminate the application: it continues after the thread information is printed.

如何使用 Java VisualVM 来分析 core dump
转换 core dump 为 HPROF 文件

_$jmap -dump:format=b,file=dump.hprof /usr/bin/java core.1234  //这个 java 是你 core dump 运行的 java
  • 如何产生 core dump
  • 如何产生 heap dump or 这里 or 这里
    -- 应用启动时: _$ java -agentlib:hprof=file=snapshot.hprof,format=b application
    -- 应用启动时: _$ java -XX:+HeapDumpOnOutOfMemoryError application
    -- _$ jcmd <process id/main class> GC.heap_dump filename=Myheapdump
    -- _$ jmap -dump:format=b,file=snapshot.jmap pid
    -- 使用 JConsole 工具
  • 如何产生 thread dump
    -- _$ jstack -f 5824
    -- use VisualVM

Java heap dump OQL samples - where

where 可以包含:

=, <=, >, <, [ NOT ] LIKE, [ NOT ] IN, IMPLEMENTS (relational operations)
AND OR != , =
字段可以 [. ] . .

  • SELECT * FROM u where u.port = 443
  • SELECT * FROM u where toString( = ""
  • SELECT * FROM u where u.@displayName like ""
  • SELECT * FROM "com.tianxiaohui." u where toString(u) like ".Metrics.*" //正则

ss linux command

The ss command is capable of showing more information than the netstat and is faster. The netstat command reads various /proc files to gather information. However this approach falls weak when there are lots of connections to display. This makes it slower. The ss command gets its information directly from kernel space.

ss -l
ss -t
ss -u
ss -nt
ss -ltp
ss -nt '( dst :443 or dst :80 )'

netstat 命令参数

This program is obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is ip maddr.

netstat -t -l 查看监听的 tcp
netstat -t --wide
netstat -an |grep :8080 端口8080 上的连接 (有些外部的)

只针对 linux, Mac 和 win 有些不一样.

  • a all
  • r 显示路由表
  • s statistics
  • n 不做主机和端口转换, 数字形式 number
  • c continuous print
  • e extend 多显示 owner
  • p 显示 program
  • l listening
    --wide 不截取

The socket has an established connection.
The socket is actively attempting to establish a connection.
A connection request has been received from the network.
The socket is closed, and the connection is shutting down.
Connection is closed, and the socket is waiting for a shutdown from the remote end.
The socket is waiting after close to handle packets still in the network.
The socket is not being used.
The remote end has shut down, waiting for the socket to close.
The remote end has shut down, and the socket is closed. Waiting for acknowledgement.
The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option.
Both sockets are shut down but we still don't have all our data sent.
The state of the socket is unknown.