Tales from a Trading Desk

Noise from an Investment Bank

Umdh.exe - A Relatively Unknown Tool

Most investment bank software engineers don't know about Microsoft's Umdh.exe.  UMDH is included with the Debugging Tools for Windows product, and provides Windows heap analysis - very useful for looking for memory leaks.  We found UMDH particularly useful in tracking down a memory leak in a trading application that used Visual C++ (managed/unmanaged) code and C#.

Prior to running Umdh.exe on a Windows process, ensure the environment variable _NT_SYMBOL_PATH is set.  Also, turn on stack tracing using: 'gflags -i <AppName> +ust' to get output like this:

000002E8 bytes by: BackTrace11817
        ntdll!RtlDebugAllocateHeap+000000E1
        ntdll!RtlAllocateHeapSlowly+00000041
        ntdll!RtlAllocateHeap+00000E44
        KERNEL32!LocalAlloc+00000058
        mscorwks!operator new+00000017
        mscorwks!Thread::RedirectThreadAtHandledJITCase+0000001B
        mscorwks!Thread::SysSuspendForGC+000000E4
        mscorwks!GCHeap::SuspendEE+000000CF
        mscorwks!GCHeap::GarbageCollectGeneration+00000103
        mscorwks!gc_heap::allocate_more_space+0000013A
        mscorwks!GCHeap::Alloc+00000064
        mscorwks!Alloc+0000003A
        mscorwks!FastAllocatePrimitiveArray+00000045
        mscorwks!JIT_NewArr1+000000BB
        system.xml!??? @ 7BD760DD

UMDH allows log file comparison, allowing easy identification of what memory allocations occurred between two points in time:

//                                                                         
// Each log entry has the following syntax:                                
//                                                                         
// + BYTES_DELTA (NEW_BYTES - OLD_BYTES) NEW_COUNT allocs BackTrace TRACEID
// + COUNT_DELTA (NEW_COUNT - OLD_COUNT) BackTrace TRACEID allocations     
//     ... stack trace ...                                                 
//                                                                         
// where:                                                                  
//                                                                         
//     BYTES_DELTA - increase in bytes between before and after log        
//     NEW_BYTES - bytes in after log                                      
//     OLD_BYTES - bytes in before log                                     
//     COUNT_DELTA - increase in allocations between before and after log  
//     NEW_COUNT - number of allocations in after log                      
//     OLD_COUNT - number of allocations in before log                     
//     TRACEID - decimal index of the stack trace in the trace database    
//         (can be used to search for allocation instances in the original 
//         UMDH logs).                                                     
//                                                                         

+     5d0 (   8b8 -   2e8)      3 allocs BackTrace11817
+     2e8 (   5d0 -   2e8)      2 allocs BackTrace11819

I'm unsure if this was an issue with my install, but whenever System.xml appeared in the stack trace, there was always a ???? for the function name (possibly due to the call being managed code):

VaDump is another utility that appears useful.  Does anyone have any experience of VaDump?

Posted: Mar 09 2004, 03:22 PM by mdavey | with 5 comment(s)

Comments

Pavel Lebedinsky said:

The problem with umdh is that it doesn't handle FPO optimized functions (like msvcrt!malloc) or caching allocators like SysAllocString. In these cases you either get a truncated stack trace that doesn't tell you anything useful (FPO) or get a stack that seems to make sense but is wrong (BSTRs).

There are various workarounds for this (you can disable BSTR cache for example). Another alternative is to use LeakDiag (ftp://ftp.microsoft.com/PSS/Tools/Developer%20Support%20Tools/LeakDiag).

Vadump is a nice tool but usually when I need a high level view of virtual memory usage, I use !address debugger extension. If you get the latest version of debuggers from http://www.microsoft.com/whdc/ddk/debugging/default.mspx you can use it like this:

c:\debuggers> cdb notepad
0:000> !address
...
-------------------- SUMMARY --------------------------
TotSize Pct Usage
001c8000 : 00% : RegionUsageIsVAD
7ef4f000 : 99% : RegionUsageFree
00d75000 : 00% : RegionUsageImage
00040000 : 00% : RegionUsageStack
00001000 : 00% : RegionUsageTeb
00120000 : 00% : RegionUsageHeap
00000000 : 00% : RegionUsagePageHeap
00001000 : 00% : RegionUsagePeb
00001000 : 00% : RegionUsageProcessParametrs
00001000 : 00% : RegionUsageEnvironmentBlock

Largest free region: Base 01013000 - Size 6fa5d000

The summary feature is very cool. Quite often people start troubleshooting a memory leak using umdh only to discover (sometimes after wasting many hours) that the leaked memory is not in any of the heaps (it could be mapped or VirtualAlloc'ed for example) and so umdh can't track it. With !address you can see immediately what type of memory is leaking.
# March 10, 2004 3:55 AM

Maurice Flanagan said:

I was trying an old trick from my days on the RPC dev team - setting stack traces using pageheap /enable notepad.exe /full.

Then, I launched notepad with cdb and tried "!avrf" and got:

0:001> !avrf
No type information found for `ntdll!_RTL_STACK_TRACE_ENTRY'.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for `ntdll.dll'.

Do I really nead private ntdll.dll symbols to get heap stack traces working? !Avrf is fully documented in the public debugging tools help so I am surprised it would require private ntdll symbols (which, as I understand it, are not avaliable to the public).
# April 29, 2004 7:23 PM

poori said:

I want to start programming, and I want to jump on the iphone/touch marked, but I don't know which books I should buy. I am looking for a book that's easy to learn from and covers everything. I am new to the whole programming thing, so a book that explains the basics would be fine.

________________

<a href="www.youtube.com/watch iphone 3gs</a>

# October 14, 2009 10:25 AM

poori said:

how do i foword text messegess cos sum 1 sent me a text and i wanted to sent that text to sum1 else but i dont know how to do it so can u help me?and my phone is a  <a href="unlockiphone22.com/.../a>

# November 17, 2009 3:41 AM

ahmed said:

j'ai besoin de cet utilitaire pour les vidages memoire

# November 22, 2009 7:19 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)