Forest header image

Symfony Finland
Random things on PHP, Symfony and web development

Using Blackfire for debugging production environments

Blackfire is a product that helps developers profile their applications. It is a combination of various tools. It is similar to, Xdebug a PHP extension which provides debugging and profiling capabilities, but the major difference being that you can run it in production without significant overhead.

Blackfire is not a single piece of software running on your server or browser. It consists of five parts:

  • the Probe is a PHP extension that gathers the raw performance profiles
  • the Agent is a server-side daemon that aggregates and forwards profiles to blackfire.io
  • the Companion is a web browser extension used mainly to trigger profiling from your browser
  • the Client is the command line equivalent of the Companion, it can be used from anywhere even if it is packaged with the Agent by default
  • the Website is used to visualize the profiles

So as you can read the data is collected from your servers and analysed via an online SaaS tool. Initialising a request for a view to be debugged is done using a browser extension or a command line tool. The final profiling data is shown on a separate web application.

The above process gives you a convenient way to get insight into how the application at hand is functioning in production and spotting bottlenecks. You can also compare two created profiles to see which parts of the application have been improved or degraded.

Learn how to get started and how to analyse your first profile at blackfire.io.

Pro-tip: If you're running Varnish in front of your application, a practical method for debugging that application is opening up an SSH pipe directly to the underlying web server such as H2O, Apache or Nginx.

Pricing, dependency and privacy concerns

As you might expect, the product uses a freemium model and on the free SaaS subscription level you get full profiling capabilities for Web Pages, CLI Scripts and API Calls. Limitations kick in when you want to create teams, use test assertions or hold your test profile for a long period of time (free tier caps this at one day). Read more about the pricing of Blackfire.

Creating a hard dependency to a tool in the daily life of a companies activities such as Slack for communities is a thing to consider for businesses. An absolute dependency to Blackfire is impossible as it is only an additional tool for developers to use. You are of course, free to keep using competing products such as Tideways, Xdebug or xhprof.

As with all subscription service software, pricing may shoot up to a level where it no longer makes sense at a large scale. The trend of developers buying their own software (Buy Your Own Software, BYOS) in companies that are so entrenched in Open Source that they do not want to pay for software, might make Blackfire and other tools common place even if the company does not purchase subscriptions.

Another valid concern is Data Privacy. If you're giving out application data from production enviromnents, what is the guarantee of not sending over sensitive data such as Credit Cards information? The Blackfire team has considered:

When the data are ready, the agent send them back to Blackfire servers. So, what are we getting on our side? Function call names, times, memory, anonymized SQL queries and HTTP calls (only for the Enterprise Edition), and some metadata like the full HTTP request (URL and headers) for web profiles, or the CLI command for console apps. Nothing that could potentially be used to harm you.

Read more about data privacy and inspecting sent traffic on the Blackfire Blog: Data Privacy and Blackfire

Beyond PHP

Blackfire is currently a PHP only products, which is a clear choice since PHP powers vast parts of the web with tools such as Symfony, Drupal and WordPress:

Blackfire is a product from SensioLabs, a company tightly linked with Symfony and PHP, it is worth mentioning that Blackfire is not limited to PHP, but will be usable with Python and JavaScript in the near future. The platform itself is written in Go, PHP and JavaScript.

Blackfire is also able to process profiles generated with XHProf, Xdebug and Google Chrome CPU, making it a universal data processing tool instead of a PHP debugger. It won't replace things such as React Developer Toolbar, but it does open up interesting prospects in lower lever profiling such as Visualizing Google Chrome JavaScript CPU profiles.

Written by Jani Tarvainen on Saturday September 12, 2015
Permalink - Tags: php, blackfire, debug, symfony, python, javascript

« Improve Quality with Software Components - Dear PHP, the times are a-changin' »