
Profiling Go - rayascott
http://www.integralist.co.uk/posts/profiling-go/
======
d99kris
Slightly off-topic, but the web-based visualization tool - Chromium Catapult's
Trace-viewer [0] - used to present the profiling data here is pretty nice I
think.

The input JSON data format for Trace-viewer is also simple, so it's easy to to
leverage it when creating a profiling tool. As a simple example I built a
POSIX function call tracer for Linux - cpuusage [1] - which uses it.

[0]: [https://github.com/catapult-
project/catapult/blob/master/tra...](https://github.com/catapult-
project/catapult/blob/master/tracing/README.md)

[1]:
[https://github.com/d99kris/cpuusage](https://github.com/d99kris/cpuusage)

------
eljimmy
On the same topic, I found this presentation by Brad Fitzpatrick very useful:
[https://www.youtube.com/watch?v=xxDZuPEgbBU](https://www.youtube.com/watch?v=xxDZuPEgbBU)

------
jadeklerk
I found the original golang blog to be a fantastic resource on the topic:
[https://blog.golang.org/profiling-go-
programs](https://blog.golang.org/profiling-go-programs)

------
comex
I wonder how many sites have left the /debug/pprof endpoint enabled in
production. Sounds like something pentesters should keep in mind.

~~~
jerf
[http://mmcloughlin.com/posts/your-pprof-is-
showing](http://mmcloughlin.com/posts/your-pprof-is-showing) \- "Golang’s
net/http/pprof package is incredibly powerful: it’s trivial to debug a running
production server. In the process it’s equally easy to accidentally expose
your debugging information to the world. In this post we use the zmap project
to show this is a real problem in the wild, and explain preventative measures
you can take."

~~~
rqs
However it's not very hard to wrap pprof's HTTP handlers with your own one, so
you can add a layer of protection for it.

------
thibran
justforfunc - www.youtube.com/watch?v=ySy3sR1LFCQ

