From 1712f6883f9d57a8c6e01e7a08bba6203b7649c3 Mon Sep 17 00:00:00 2001
From: Florian Engelhardt <florian.engelhardt@datadoghq.com>
Date: Tue, 3 Feb 2026 22:31:53 +0100
Subject: [PATCH 1/3] feat(profiling): add heap-live profiling for memory leak
 detection

Track allocations that survive across profile exports using heap-live-samples
and heap-live-size sample types. Samples are emitted in batches at export time.

Enabled via DD_PROFILING_HEAP_LIVE_ENABLED when allocation profiling is active.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 Cargo.lock                                    |  15 ++
 profiling/Cargo.toml                          |   1 +
 profiling/src/allocation/allocation_ge84.rs   |  24 ++-
 profiling/src/allocation/allocation_le83.rs   |  24 ++-
 profiling/src/allocation/mod.rs               |  16 +-
 profiling/src/config.rs                       |  29 +++
 profiling/src/lib.rs                          |  13 ++
 profiling/src/profiling/backtrace.rs          |   2 +-
 profiling/src/profiling/mod.rs                | 199 ++++++++++++++++--
 profiling/src/profiling/sample_type_filter.rs | 107 +++++++++-
 profiling/src/profiling/stack_walking.rs      |   2 +-
 profiling/tests/phpt/heap_live_01.phpt        |  32 +++
 profiling/tests/phpt/heap_live_02.phpt        |  40 ++++
 .../tests/phpt/heap_live_phpinfo_01.phpt      |  55 +++++
 .../tests/phpt/heap_live_phpinfo_02.phpt      |  55 +++++
 15 files changed, 579 insertions(+), 35 deletions(-)
 create mode 100644 profiling/tests/phpt/heap_live_01.phpt
 create mode 100644 profiling/tests/phpt/heap_live_02.phpt
 create mode 100644 profiling/tests/phpt/heap_live_phpinfo_01.phpt
 create mode 100644 profiling/tests/phpt/heap_live_phpinfo_02.phpt

diff --git a/Cargo.lock b/Cargo.lock
index c270d3c3db0..73f686164ad 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1199,6 +1199,20 @@ dependencies = [
  "syn 2.0.96",
 ]
 
+[[package]]
+name = "dashmap"
+version = "6.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
 [[package]]
 name = "datadog-ipc"
 version = "0.1.0"
@@ -1292,6 +1306,7 @@ dependencies = [
  "criterion",
  "criterion-perf-events",
  "crossbeam-channel",
+ "dashmap",
  "datadog-php-profiling",
  "env_logger 0.11.6",
  "http",
diff --git a/profiling/Cargo.toml b/profiling/Cargo.toml
index b1869fd0635..ae9369dd8b0 100644
--- a/profiling/Cargo.toml
+++ b/profiling/Cargo.toml
@@ -22,6 +22,7 @@ cfg-if = { version = "1.0" }
 cpu-time = { version = "1.0" }
 chrono = { version = "0.4" }
 crossbeam-channel = { version = "0.5", default-features = false, features = ["std"] }
+dashmap = { version = "6.1" }
 http = { version = "1.4" }
 libdd-alloc = {  git = "https://github.com/DataDog/libdatadog", tag = "v27.0.0" }
 libdd-profiling = {  git = "https://github.com/DataDog/libdatadog", tag = "v27.0.0" }
diff --git a/profiling/src/allocation/allocation_ge84.rs b/profiling/src/allocation/allocation_ge84.rs
index b73fae86272..e290649440d 100644
--- a/profiling/src/allocation/allocation_ge84.rs
+++ b/profiling/src/allocation/allocation_ge84.rs
@@ -1,4 +1,4 @@
-use crate::allocation::{allocation_profiling_stats_should_collect, collect_allocation};
+use crate::allocation::{allocation_profiling_stats_should_collect, collect_allocation, free_allocation};
 use crate::bindings as zend;
 use crate::PROFILER_NAME;
 use core::ptr;
@@ -286,7 +286,7 @@ unsafe extern "C" fn alloc_prof_malloc(len: size_t) -> *mut c_void {
     }
 
     if allocation_profiling_stats_should_collect(len) {
-        collect_allocation(len);
+        collect_allocation(ptr, len);
     }
 
     ptr
@@ -316,6 +316,11 @@ unsafe fn alloc_prof_orig_alloc(len: size_t) -> *mut c_void {
 /// custom handlers won't be installed. We cannot just point to the original
 /// `zend::_zend_mm_free()` as the function definitions differ.
 unsafe extern "C" fn alloc_prof_free(ptr: *mut c_void) {
+    // Check if this was a tracked allocation (before freeing!)
+    if !ptr.is_null() {
+        free_allocation(ptr);
+    }
+
     tls_zend_mm_state_get!(free)(ptr);
 }
 
@@ -348,12 +353,21 @@ unsafe extern "C" fn alloc_prof_realloc(prev_ptr: *mut c_void, len: size_t) -> *
 
     // during startup, minit, rinit, ... current_execute_data is null
     // we are only interested in allocations during userland operations
-    if zend::ddog_php_prof_get_current_execute_data().is_null() || ptr::eq(ptr, prev_ptr) {
+    if zend::ddog_php_prof_get_current_execute_data().is_null() {
         return ptr;
     }
 
-    if allocation_profiling_stats_should_collect(len) {
-        collect_allocation(len);
+    // If pointer changed, treat as free(old) + alloc(new)
+    if !ptr::eq(ptr, prev_ptr) {
+        // Untrack the old allocation if it was tracked
+        if !prev_ptr.is_null() {
+            free_allocation(prev_ptr);
+        }
+
+        // Sample the new allocation
+        if allocation_profiling_stats_should_collect(len) {
+            collect_allocation(ptr, len);
+        }
     }
 
     ptr
diff --git a/profiling/src/allocation/allocation_le83.rs b/profiling/src/allocation/allocation_le83.rs
index 9f13b0a42d9..8739ddb5388 100644
--- a/profiling/src/allocation/allocation_le83.rs
+++ b/profiling/src/allocation/allocation_le83.rs
@@ -1,4 +1,4 @@
-use crate::allocation::{allocation_profiling_stats_should_collect, collect_allocation};
+use crate::allocation::{allocation_profiling_stats_should_collect, collect_allocation, free_allocation};
 use crate::bindings::{
     self as zend, datadog_php_install_handler, datadog_php_zif_handler,
     ddog_php_prof_copy_long_into_zval,
@@ -300,7 +300,7 @@ unsafe extern "C" fn alloc_prof_malloc(len: size_t) -> *mut c_void {
     }
 
     if allocation_profiling_stats_should_collect(len) {
-        collect_allocation(len);
+        collect_allocation(ptr, len);
     }
 
     ptr
@@ -330,6 +330,11 @@ unsafe fn alloc_prof_orig_alloc(len: size_t) -> *mut c_void {
 /// custom handlers won't be installed. We cannot just point to the original
 /// `zend::_zend_mm_free()` as the function definitions differ.
 unsafe extern "C" fn alloc_prof_free(ptr: *mut c_void) {
+    // Check if this was a tracked allocation (before freeing!)
+    if !ptr.is_null() {
+        free_allocation(ptr);
+    }
+
     tls_zend_mm_state_get!(free)(ptr);
 }
 
@@ -358,12 +363,21 @@ unsafe extern "C" fn alloc_prof_realloc(prev_ptr: *mut c_void, len: size_t) -> *
 
     // during startup, minit, rinit, ... current_execute_data is null
     // we are only interested in allocations during userland operations
-    if zend::ddog_php_prof_get_current_execute_data().is_null() || ptr::eq(ptr, prev_ptr) {
+    if zend::ddog_php_prof_get_current_execute_data().is_null() {
         return ptr;
     }
 
-    if allocation_profiling_stats_should_collect(len) {
-        collect_allocation(len);
+    // If pointer changed, treat as free(old) + alloc(new)
+    if !ptr::eq(ptr, prev_ptr) {
+        // Untrack the old allocation if it was tracked
+        if !prev_ptr.is_null() {
+            free_allocation(prev_ptr);
+        }
+
+        // Sample the new allocation
+        if allocation_profiling_stats_should_collect(len) {
+            collect_allocation(ptr, len);
+        }
     }
 
     ptr
diff --git a/profiling/src/allocation/mod.rs b/profiling/src/allocation/mod.rs
index 5dd94e2cb48..6c508b5d2f2 100644
--- a/profiling/src/allocation/mod.rs
+++ b/profiling/src/allocation/mod.rs
@@ -135,8 +135,13 @@ impl AllocationProfilingStats {
     }
 }
 
+/// Collect an allocation sample and optionally track it for live heap profiling.
+///
+/// # Arguments
+/// * `ptr` - The pointer returned by the allocator (used for live heap tracking)
+/// * `len` - The size of the allocation in bytes
 #[cold]
-pub fn collect_allocation(len: size_t) {
+pub fn collect_allocation(ptr: *mut c_void, len: size_t) {
     if let Some(profiler) = Profiler::get() {
         // Check if there's a pending time interrupt that we can handle now
         // instead of waiting for an interrupt handler. This is slightly more
@@ -150,6 +155,7 @@ pub fn collect_allocation(len: size_t) {
         unsafe {
             profiler.collect_allocations(
                 zend::ddog_php_prof_get_current_execute_data(),
+                ptr,
                 1_i64,
                 len as i64,
                 (interrupt_count > 0).then_some(interrupt_count),
@@ -158,6 +164,14 @@ pub fn collect_allocation(len: size_t) {
     }
 }
 
+/// Called when memory is freed. If this pointer was tracked for live heap,
+/// sends the deallocation sample to cancel out the original allocation.
+pub fn free_allocation(ptr: *mut c_void) {
+    if let Some(profiler) = Profiler::get() {
+        profiler.free_allocation(ptr);
+    }
+}
+
 #[cfg(not(php_zend_mm_set_custom_handlers_ex))]
 pub fn alloc_prof_startup() {
     allocation_le83::alloc_prof_startup();
diff --git a/profiling/src/config.rs b/profiling/src/config.rs
index 3ddbb4abdc7..a71079e1fc8 100644
--- a/profiling/src/config.rs
+++ b/profiling/src/config.rs
@@ -45,6 +45,7 @@ pub struct SystemSettings {
     pub profiling_experimental_cpu_time_enabled: bool,
     pub profiling_allocation_enabled: bool,
     pub profiling_allocation_sampling_distance: NonZeroU32,
+    pub profiling_heap_live_enabled: bool,
     pub profiling_timeline_enabled: bool,
     pub profiling_exception_enabled: bool,
     pub profiling_exception_message_enabled: bool,
@@ -69,6 +70,7 @@ impl SystemSettings {
             profiling_experimental_cpu_time_enabled: false,
             profiling_allocation_enabled: false,
             profiling_allocation_sampling_distance: NonZeroU32::MAX,
+            profiling_heap_live_enabled: false,
             profiling_timeline_enabled: false,
             profiling_exception_enabled: false,
             profiling_exception_message_enabled: false,
@@ -98,6 +100,7 @@ impl SystemSettings {
             profiling_experimental_cpu_time_enabled: profiling_experimental_cpu_time_enabled(),
             profiling_allocation_enabled: profiling_allocation_enabled(),
             profiling_allocation_sampling_distance: profiling_allocation_sampling_distance(),
+            profiling_heap_live_enabled: profiling_heap_live_enabled(),
             profiling_timeline_enabled: profiling_timeline_enabled(),
             profiling_exception_enabled: profiling_exception_enabled(),
             profiling_exception_message_enabled: profiling_exception_message_enabled(),
@@ -405,6 +408,7 @@ pub(crate) enum ConfigId {
     ProfilingExperimentalCpuTimeEnabled,
     ProfilingAllocationEnabled,
     ProfilingAllocationSamplingDistance,
+    ProfilingHeapLiveEnabled,
     ProfilingTimelineEnabled,
     ProfilingExceptionEnabled,
     ProfilingExceptionMessageEnabled,
@@ -437,6 +441,7 @@ impl ConfigId {
             ProfilingExperimentalCpuTimeEnabled => b"DD_PROFILING_EXPERIMENTAL_CPU_TIME_ENABLED\0",
             ProfilingAllocationEnabled => b"DD_PROFILING_ALLOCATION_ENABLED\0",
             ProfilingAllocationSamplingDistance => b"DD_PROFILING_ALLOCATION_SAMPLING_DISTANCE\0",
+            ProfilingHeapLiveEnabled => b"DD_PROFILING_HEAP_LIVE_ENABLED\0",
             ProfilingTimelineEnabled => b"DD_PROFILING_TIMELINE_ENABLED\0",
             ProfilingExceptionEnabled => b"DD_PROFILING_EXCEPTION_ENABLED\0",
             ProfilingExceptionMessageEnabled => b"DD_PROFILING_EXCEPTION_MESSAGE_ENABLED\0",
@@ -475,6 +480,7 @@ static DEFAULT_SYSTEM_SETTINGS: SystemSettings = SystemSettings {
     profiling_allocation_enabled: true,
     // SAFETY: value is > 0.
     profiling_allocation_sampling_distance: unsafe { NonZeroU32::new_unchecked(1024 * 4096) },
+    profiling_heap_live_enabled: false,
     profiling_timeline_enabled: true,
     profiling_exception_enabled: true,
     profiling_exception_message_enabled: false,
@@ -553,6 +559,17 @@ unsafe fn profiling_allocation_sampling_distance() -> NonZeroU32 {
     unsafe { NonZeroU32::new_unchecked(int) }
 }
 
+/// # Safety
+/// This function must only be called after config has been initialized in
+/// rinit, and before it is uninitialized in mshutdown.
+unsafe fn profiling_heap_live_enabled() -> bool {
+    profiling_allocation_enabled()
+        && get_system_bool(
+            ProfilingHeapLiveEnabled,
+            DEFAULT_SYSTEM_SETTINGS.profiling_heap_live_enabled,
+        )
+}
+
 /// # Safety
 /// This function must only be called after config has been initialized in
 /// rinit, and before it is uninitialized in mshutdown.
@@ -1014,6 +1031,18 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     displayer: None,
                     env_config_fallback: None,
                 },
+                zai_config_entry {
+                    id: transmute::<ConfigId, u16>(ProfilingHeapLiveEnabled),
+                    name: ProfilingHeapLiveEnabled.env_var_name(),
+                    type_: ZAI_CONFIG_TYPE_BOOL,
+                    default_encoded_value: ZaiStr::literal(b"0\0"),
+                    aliases: ptr::null_mut(),
+                    aliases_count: 0,
+                    ini_change: Some(zai_config_system_ini_change),
+                    parser: None,
+                    displayer: None,
+                    env_config_fallback: None,
+                },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingTimelineEnabled),
                     name: ProfilingTimelineEnabled.env_var_name(),
diff --git a/profiling/src/lib.rs b/profiling/src/lib.rs
index 76049aafd92..aeb1093393a 100644
--- a/profiling/src/lib.rs
+++ b/profiling/src/lib.rs
@@ -860,6 +860,19 @@ unsafe extern "C" fn minfo(module_ptr: *mut zend::ModuleEntry) {
                         no_all
                     }
                 );
+                zend::php_info_print_table_row(
+                    2,
+                    c"Heap Live Profiling Enabled".as_ptr(),
+                    if system_settings.profiling_heap_live_enabled {
+                        yes
+                    } else if !system_settings.profiling_allocation_enabled {
+                        c"false (requires allocation profiling)".as_ptr()
+                    } else if system_settings.profiling_enabled {
+                        no
+                    } else {
+                        no_all
+                    },
+                );
                 zend::php_info_print_table_row(
                     2,
                     c"Timeline Enabled".as_ptr(),
diff --git a/profiling/src/profiling/backtrace.rs b/profiling/src/profiling/backtrace.rs
index 9dfcc359d96..4897a318228 100644
--- a/profiling/src/profiling/backtrace.rs
+++ b/profiling/src/profiling/backtrace.rs
@@ -1,7 +1,7 @@
 use crate::profiling::stack_walking::ZendFrame;
 use core::ops::Deref;
 
-#[derive(Debug)]
+#[derive(Clone, Debug)]
 pub struct Backtrace {
     frames: Vec<ZendFrame>,
 }
diff --git a/profiling/src/profiling/mod.rs b/profiling/src/profiling/mod.rs
index 4c7546d6e1d..1e893a6cefa 100644
--- a/profiling/src/profiling/mod.rs
+++ b/profiling/src/profiling/mod.rs
@@ -27,6 +27,7 @@ use core::mem::forget;
 use core::{ptr, str};
 use cpu_time::ThreadTime;
 use crossbeam_channel::{Receiver, Sender, TrySendError};
+use dashmap::DashMap;
 use libdd_profiling::api::{
     Function, Label as ApiLabel, Location, Period, Sample, SampleType as ApiSampleType,
     UpscalingInfo, ValueType as ApiValueType,
@@ -93,13 +94,15 @@ pub(crate) fn update_cpu_time_counter(last: &mut Option<ThreadTime>, counter: &A
 ///  1. Always enabled types.
 ///  2. On by default types.
 ///  3. Off by default types.
-#[derive(Default, Debug)]
+#[derive(Clone, Default, Debug)]
 pub struct SampleValues {
     interrupt_count: i64,
     wall_time: i64,
     cpu_time: i64,
     alloc_samples: i64,
     alloc_size: i64,
+    heap_live_samples: i64,
+    heap_live_size: i64,
     timeline: i64,
     exception: i64,
     socket_read_time: i64,
@@ -228,6 +231,28 @@ pub enum ProfilerMessage {
     Wake,
 }
 
+/// A complete sample stored for live heap tracking. Contains everything needed
+/// to send an identical deallocation sample (with negated heap-live-* values).
+#[derive(Clone, Debug)]
+/// Tracked allocation for batched heap-live sample emission.
+/// Unlike the .NET profiler which tracks CLR objects via weak handles,
+/// we track raw allocation pointers. Samples are emitted in batches
+/// at profile export time, not on each allocation/free.
+pub struct LiveHeapSample {
+    /// The profile index (sample_types + tags) for adding to correct profile
+    pub key: ProfileIndex,
+    /// The captured stack trace at allocation time
+    pub frames: Backtrace,
+    /// The labels at allocation time (thread id, span id, etc.)
+    pub labels: Vec<Label>,
+    /// The size of the allocation in bytes
+    pub allocation_size: i64,
+}
+
+/// Maximum number of allocations to track for live heap profiling.
+/// This bounds memory usage. When full, new allocations are not tracked.
+pub const LIVE_HEAP_TRACKER_MAX_SIZE: usize = 4096;
+
 pub struct Globals {
     pub interrupt_count: AtomicU32,
     pub last_interrupt: SystemTime,
@@ -257,6 +282,11 @@ pub struct Profiler {
     /// need the atomicity specifically. Don't modify the SystemSettings
     /// through this pointer.
     system_settings: AtomicPtr<SystemSettings>,
+
+    /// Tracks sampled allocations for live heap profiling.
+    /// Maps allocation pointer -> sample data for batched emission at export time.
+    /// Wrapped in Arc to share with TimeCollector for batched sample emission.
+    live_heap_tracker: Arc<DashMap<usize, LiveHeapSample>>,
 }
 
 struct TimeCollector {
@@ -265,14 +295,63 @@ struct TimeCollector {
     message_receiver: Receiver<ProfilerMessage>,
     upload_sender: Sender<UploadMessage>,
     upload_period: Duration,
+    /// Shared tracker for batched heap-live sample emission at export time.
+    live_heap_tracker: Arc<DashMap<usize, LiveHeapSample>>,
 }
 
 impl TimeCollector {
+    /// Collects batched heap-live samples from the tracker and adds them to profiles.
+    /// This should be called before exporting profiles to ensure heap-live data is included.
+    fn collect_batched_heap_live_samples(
+        &self,
+        profiles: &mut HashMap<ProfileIndex, InternalProfile>,
+        started_at: &WallTime,
+    ) {
+        let tracker_len = self.live_heap_tracker.len();
+        if tracker_len == 0 {
+            return;
+        }
+
+        trace!("Collecting {tracker_len} batched heap-live samples");
+
+        for entry in self.live_heap_tracker.iter() {
+            let tracked = entry.value();
+
+            // Build sample_values with only heap-live-samples and heap-live-size set
+            let mut sample_values = vec![0i64; tracked.key.sample_types.len()];
+            for (i, st) in tracked.key.sample_types.iter().enumerate() {
+                if st.r#type == "heap-live-samples" {
+                    sample_values[i] = 1;
+                } else if st.r#type == "heap-live-size" {
+                    sample_values[i] = tracked.allocation_size;
+                }
+            }
+
+            // Create the sample message
+            let message = SampleMessage {
+                key: tracked.key.clone(),
+                value: SampleData {
+                    frames: tracked.frames.clone(),
+                    labels: tracked.labels.clone(),
+                    sample_values,
+                    timestamp: NO_TIMESTAMP,
+                },
+            };
+
+            Self::handle_sample_message(message, profiles, started_at);
+        }
+
+        trace!("Finished collecting batched heap-live samples");
+    }
+
     fn handle_timeout(
         &self,
         profiles: &mut HashMap<ProfileIndex, InternalProfile>,
         last_export: &WallTime,
     ) -> WallTime {
+        // Collect batched heap-live samples before export
+        self.collect_batched_heap_live_samples(profiles, last_export);
+
         let wall_export = WallTime::now();
         if profiles.is_empty() {
             info!("No profiles to upload.");
@@ -710,12 +789,14 @@ impl Profiler {
         let interrupt_manager = Arc::new(InterruptManager::new());
         let (message_sender, message_receiver) = crossbeam_channel::bounded(100);
         let (upload_sender, upload_receiver) = crossbeam_channel::bounded(UPLOAD_CHANNEL_CAPACITY);
+        let live_heap_tracker = Arc::new(DashMap::new());
         let time_collector = TimeCollector {
             fork_barrier: fork_barrier.clone(),
             interrupt_manager: interrupt_manager.clone(),
             message_receiver,
             upload_sender: upload_sender.clone(),
             upload_period: UPLOAD_PERIOD,
+            live_heap_tracker: live_heap_tracker.clone(),
         };
 
         let uploader = Uploader::new(
@@ -743,6 +824,7 @@ impl Profiler {
             should_join: AtomicBool::new(true),
             sample_types_filter,
             system_settings: AtomicPtr::new(system_settings as *const _ as *mut _),
+            live_heap_tracker,
         }
     }
 
@@ -796,6 +878,33 @@ impl Profiler {
         self.fork_barrier.wait();
     }
 
+    /// Track an allocation for live heap profiling.
+    /// Returns true if tracked, false if tracking is disabled or limit reached.
+    pub fn track_allocation(&self, ptr: usize, sample: LiveHeapSample) -> bool {
+        // Check if we're under the tracking limit
+        if self.live_heap_tracker.len() >= LIVE_HEAP_TRACKER_MAX_SIZE {
+            return false;
+        }
+
+        self.live_heap_tracker.insert(ptr, sample);
+        true
+    }
+
+    /// Untrack an allocation. Returns the sample if it was tracked.
+    pub fn untrack_allocation(&self, ptr: usize) -> Option<LiveHeapSample> {
+        self.live_heap_tracker.remove(&ptr).map(|(_, sample)| sample)
+    }
+
+    /// Clear all tracked allocations (used after fork in child process)
+    pub fn clear_live_heap_tracker(&self) {
+        self.live_heap_tracker.clear();
+    }
+
+    /// Get the number of currently tracked allocations
+    pub fn live_heap_tracker_len(&self) -> usize {
+        self.live_heap_tracker.len()
+    }
+
     pub fn send_sample(
         &self,
         message: SampleMessage,
@@ -918,6 +1027,9 @@ impl Profiler {
             profiler.message_sender = crossbeam_channel::bounded(0).0;
             profiler.upload_sender = crossbeam_channel::bounded(0).0;
 
+            // Clear live heap tracker to avoid stale entries from parent process
+            profiler.live_heap_tracker.clear();
+
             // But we're not 100% sure everything is safe to drop, notably the
             // join handles, so we leak the rest.
             forget(profiler)
@@ -951,6 +1063,14 @@ impl Profiler {
         result
     }
 
+    /// Returns true if heap live profiling is enabled.
+    #[inline]
+    fn is_heap_live_enabled(&self) -> bool {
+        let system_settings = self.system_settings.load(Ordering::Relaxed);
+        // SAFETY: system settings are valid while the Profiler is alive.
+        unsafe { (*system_settings).profiling_heap_live_enabled }
+    }
+
     /// Collect a stack sample with elapsed wall time. Collects CPU time if
     /// it's enabled and available.
     #[cfg_attr(feature = "tracing", tracing::instrument(skip_all, level = "debug"))]
@@ -997,10 +1117,14 @@ impl Profiler {
     ///
     /// When `interrupt_count` is provided, this piggybacks time sampling onto
     /// allocation sampling to avoid redundant stack walks.
+    ///
+    /// If heap live profiling is enabled, the allocation is tracked for later
+    /// cancellation when freed.
     #[cfg_attr(feature = "tracing", tracing::instrument(skip_all))]
     pub fn collect_allocations(
         &self,
         execute_data: *mut zend_execute_data,
+        ptr: *mut std::ffi::c_void,
         alloc_samples: i64,
         alloc_size: i64,
         interrupt_count: Option<u32>,
@@ -1023,19 +1147,52 @@ impl Profiler {
                 let labels = Profiler::common_labels(0);
                 let n_labels = labels.len();
 
-                match self.prepare_and_send_message(
-                    frames,
-                    SampleValues {
-                        interrupt_count,
-                        wall_time,
-                        cpu_time,
-                        alloc_samples,
-                        alloc_size,
-                        ..Default::default()
+                // Note: heap_live_samples/heap_live_size are NOT included here.
+                // They are emitted in batches at profile export time (like .NET profiler).
+                let sample_values = SampleValues {
+                    interrupt_count,
+                    wall_time,
+                    cpu_time,
+                    alloc_samples,
+                    alloc_size,
+                    ..Default::default()
+                };
+
+                // Track allocation for heap live profiling if enabled.
+                // Samples will be emitted in batch at profile export time.
+                // Fetch sample_types and tags once, reuse for both tracking and sending.
+                let sample_types = self.sample_types_filter.sample_types();
+                let tags = TAGS.with_borrow(Arc::clone);
+                let key = ProfileIndex { sample_types, tags };
+
+                if self.is_heap_live_enabled() {
+                    let tracked = LiveHeapSample {
+                        key: key.clone(),
+                        frames: frames.clone(),
+                        labels: labels.clone(),
+                        allocation_size: alloc_size,
+                    };
+                    if self.track_allocation(ptr as usize, tracked) {
+                        trace!(
+                            "Tracked allocation at {:#x} ({} bytes) for batched heap-live emission",
+                            ptr as usize,
+                            alloc_size
+                        );
+                    }
+                }
+
+                let sample_values = self.sample_types_filter.filter(sample_values);
+                let message = SampleMessage {
+                    key,
+                    value: SampleData {
+                        frames,
+                        labels,
+                        sample_values,
+                        timestamp,
                     },
-                    labels,
-                    timestamp,
-                ) {
+                };
+
+                match self.message_sender.try_send(ProfilerMessage::Sample(message)) {
                     Ok(_) => trace!(
                         "Sent stack sample of {depth} frames, {n_labels} labels, {alloc_size} bytes allocated, {alloc_samples} allocations, and {interrupt_count} time interrupts to profiler."
                     ),
@@ -1050,6 +1207,19 @@ impl Profiler {
         }
     }
 
+    /// Called when memory is freed. Removes the allocation from tracking. The next profile export
+    /// will not include this allocation in the heap-live samples.
+    pub fn free_allocation(&self, ptr: *mut std::ffi::c_void) {
+        if let Some(sample) = self.untrack_allocation(ptr as usize) {
+            trace!(
+                "Untracked freed allocation at {:#x} ({} bytes)",
+                ptr as usize,
+                sample.allocation_size
+            );
+        }
+        // If not tracked, nothing to do (wasn't sampled or tracking disabled)
+    }
+
     /// Collect a stack sample with exception.
     #[cfg_attr(feature = "tracing", tracing::instrument(skip_all))]
     pub fn collect_exception(
@@ -1623,6 +1793,7 @@ mod tests {
             profiling_experimental_cpu_time_enabled: false,
             profiling_allocation_enabled: false,
             profiling_allocation_sampling_distance: DEFAULT_ALLOCATION_SAMPLING_INTERVAL,
+            profiling_heap_live_enabled: false,
             profiling_timeline_enabled: false,
             profiling_exception_enabled: false,
             profiling_exception_message_enabled: false,
@@ -1642,6 +1813,8 @@ mod tests {
             cpu_time: 30,
             alloc_samples: 40,
             alloc_size: 50,
+            heap_live_samples: 55,
+            heap_live_size: 56,
             timeline: 60,
             exception: 70,
             socket_read_time: 80,
diff --git a/profiling/src/profiling/sample_type_filter.rs b/profiling/src/profiling/sample_type_filter.rs
index aadecd7c620..0e674234c05 100644
--- a/profiling/src/profiling/sample_type_filter.rs
+++ b/profiling/src/profiling/sample_type_filter.rs
@@ -1,7 +1,7 @@
 use crate::config::SystemSettings;
 use crate::profiling::{SampleValues, ValueType};
 
-const MAX_SAMPLE_TYPES: usize = 23;
+const MAX_SAMPLE_TYPES: usize = 25;
 
 pub struct SampleTypeFilter {
     sample_types: Vec<ValueType>,
@@ -17,6 +17,8 @@ impl SampleTypeFilter {
             ValueType::new("cpu-time", "nanoseconds"),
             ValueType::new("alloc-samples", "count"),
             ValueType::new("alloc-size", "bytes"),
+            ValueType::new("heap-live-samples", "count"),
+            ValueType::new("heap-live-size", "bytes"),
             ValueType::new("timeline", "nanoseconds"),
             ValueType::new("exception-samples", "count"),
             ValueType::new("socket-read-time", "nanoseconds"),
@@ -55,22 +57,27 @@ impl SampleTypeFilter {
                 sample_types_mask[4] = true;
             }
 
-            if system_settings.profiling_timeline_enabled {
-                sample_types.push(SAMPLE_TYPES[5]);
+            // heap-live-samples, heap-live-size (indices 5, 6)
+            if system_settings.profiling_allocation_enabled
+                && system_settings.profiling_heap_live_enabled
+            {
+                sample_types.extend_from_slice(&SAMPLE_TYPES[5..7]);
                 sample_types_mask[5] = true;
-            }
-
-            if system_settings.profiling_exception_enabled {
-                sample_types.push(SAMPLE_TYPES[6]);
                 sample_types_mask[6] = true;
             }
 
-            #[cfg(feature = "io_profiling")]
-            if system_settings.profiling_io_enabled {
+            if system_settings.profiling_timeline_enabled {
                 sample_types.push(SAMPLE_TYPES[7]);
                 sample_types_mask[7] = true;
+            }
+
+            if system_settings.profiling_exception_enabled {
                 sample_types.push(SAMPLE_TYPES[8]);
                 sample_types_mask[8] = true;
+            }
+
+            #[cfg(feature = "io_profiling")]
+            if system_settings.profiling_io_enabled {
                 sample_types.push(SAMPLE_TYPES[9]);
                 sample_types_mask[9] = true;
                 sample_types.push(SAMPLE_TYPES[10]);
@@ -99,6 +106,10 @@ impl SampleTypeFilter {
                 sample_types_mask[21] = true;
                 sample_types.push(SAMPLE_TYPES[22]);
                 sample_types_mask[22] = true;
+                sample_types.push(SAMPLE_TYPES[23]);
+                sample_types_mask[23] = true;
+                sample_types.push(SAMPLE_TYPES[24]);
+                sample_types_mask[24] = true;
             }
         }
 
@@ -124,6 +135,8 @@ impl SampleTypeFilter {
             sample_values.cpu_time,
             sample_values.alloc_samples,
             sample_values.alloc_size,
+            sample_values.heap_live_samples,
+            sample_values.heap_live_size,
             sample_values.timeline,
             sample_values.exception,
             sample_values.socket_read_time,
@@ -288,4 +301,80 @@ mod tests {
         );
         assert_eq!(values, vec![10, 20, 30, 70]);
     }
+
+    #[test]
+    fn filter_with_heap_live() {
+        let mut settings = get_system_settings();
+        settings.profiling_enabled = true;
+        settings.profiling_allocation_enabled = true;
+        settings.profiling_heap_live_enabled = true;
+        settings.profiling_experimental_cpu_time_enabled = false;
+
+        let sample_type_filter = SampleTypeFilter::new(&settings);
+        let values = sample_type_filter.filter(get_samples());
+        let types = sample_type_filter.sample_types();
+
+        assert_eq!(
+            types,
+            vec![
+                ValueType::new("sample", "count"),
+                ValueType::new("wall-time", "nanoseconds"),
+                ValueType::new("alloc-samples", "count"),
+                ValueType::new("alloc-size", "bytes"),
+                ValueType::new("heap-live-samples", "count"),
+                ValueType::new("heap-live-size", "bytes"),
+            ]
+        );
+        assert_eq!(values, vec![10, 20, 40, 50, 55, 56]);
+    }
+
+    #[test]
+    fn filter_with_heap_live_requires_allocation_enabled() {
+        let mut settings = get_system_settings();
+        settings.profiling_enabled = true;
+        settings.profiling_allocation_enabled = false;
+        settings.profiling_heap_live_enabled = true;
+        settings.profiling_experimental_cpu_time_enabled = false;
+
+        let sample_type_filter = SampleTypeFilter::new(&settings);
+        let values = sample_type_filter.filter(get_samples());
+        let types = sample_type_filter.sample_types();
+
+        // heap-live should NOT be included when allocation profiling is disabled
+        assert_eq!(
+            types,
+            vec![
+                ValueType::new("sample", "count"),
+                ValueType::new("wall-time", "nanoseconds"),
+            ]
+        );
+        assert_eq!(values, vec![10, 20]);
+    }
+
+    #[test]
+    fn filter_with_allocations_and_heap_live_and_cpu_time() {
+        let mut settings = get_system_settings();
+        settings.profiling_enabled = true;
+        settings.profiling_allocation_enabled = true;
+        settings.profiling_heap_live_enabled = true;
+        settings.profiling_experimental_cpu_time_enabled = true;
+
+        let sample_type_filter = SampleTypeFilter::new(&settings);
+        let values = sample_type_filter.filter(get_samples());
+        let types = sample_type_filter.sample_types();
+
+        assert_eq!(
+            types,
+            vec![
+                ValueType::new("sample", "count"),
+                ValueType::new("wall-time", "nanoseconds"),
+                ValueType::new("cpu-time", "nanoseconds"),
+                ValueType::new("alloc-samples", "count"),
+                ValueType::new("alloc-size", "bytes"),
+                ValueType::new("heap-live-samples", "count"),
+                ValueType::new("heap-live-size", "bytes"),
+            ]
+        );
+        assert_eq!(values, vec![10, 20, 30, 40, 50, 55, 56]);
+    }
 }
diff --git a/profiling/src/profiling/stack_walking.rs b/profiling/src/profiling/stack_walking.rs
index 8b661c509ad..7d99c860318 100644
--- a/profiling/src/profiling/stack_walking.rs
+++ b/profiling/src/profiling/stack_walking.rs
@@ -22,7 +22,7 @@ const COW_TRUNCATED: Cow<str> = Cow::Borrowed("[truncated]");
 const STR_LEN_LIMIT: usize = u16::MAX as usize;
 const COW_LARGE_STRING: Cow<str> = Cow::Borrowed("[suspiciously large string]");
 
-#[derive(Default, Debug)]
+#[derive(Clone, Default, Debug)]
 pub struct ZendFrame {
     // Most tools don't like frames that don't have function names, so use a
     // fake name if you need to like "<?php".
diff --git a/profiling/tests/phpt/heap_live_01.phpt b/profiling/tests/phpt/heap_live_01.phpt
new file mode 100644
index 00000000000..628a2b51203
--- /dev/null
+++ b/profiling/tests/phpt/heap_live_01.phpt
@@ -0,0 +1,32 @@
+--TEST--
+[profiling] heap live profiling tracks allocations
+--DESCRIPTION--
+Verify that heap live profiling tracks allocations that stay alive.
+Uses trace log level to verify allocations are being tracked.
+--SKIPIF--
+<?php
+if (!extension_loaded('datadog-profiling'))
+    echo "skip: test requires Datadog Continuous Profiler\n";
+?>
+--ENV--
+DD_PROFILING_ENABLED=yes
+DD_PROFILING_ALLOCATION_ENABLED=yes
+DD_PROFILING_HEAP_LIVE_ENABLED=yes
+DD_PROFILING_ALLOCATION_SAMPLING_DISTANCE=1
+DD_PROFILING_LOG_LEVEL=trace
+DD_PROFILING_EXPERIMENTAL_CPU_TIME_ENABLED=no
+--INI--
+opcache.jit=off
+--FILE--
+<?php
+
+// Allocate some memory that stays alive until end of script
+// This should be tracked by heap-live profiling
+$data = str_repeat('x', 1024);
+
+echo "Done.";
+
+?>
+--EXPECTREGEX--
+.*Tracked allocation at 0x[0-9a-f]+ \(\d+ bytes\) for batched heap-live emission.*
+.*Done\..*
diff --git a/profiling/tests/phpt/heap_live_02.phpt b/profiling/tests/phpt/heap_live_02.phpt
new file mode 100644
index 00000000000..4ccba8e55f3
--- /dev/null
+++ b/profiling/tests/phpt/heap_live_02.phpt
@@ -0,0 +1,40 @@
+--TEST--
+[profiling] heap live profiling untracks freed allocations
+--DESCRIPTION--
+Verify that heap live profiling untracks allocations when they are freed.
+Uses trace log level to verify allocations are being untracked.
+--SKIPIF--
+<?php
+if (!extension_loaded('datadog-profiling'))
+    echo "skip: test requires Datadog Continuous Profiler\n";
+?>
+--ENV--
+DD_PROFILING_ENABLED=yes
+DD_PROFILING_ALLOCATION_ENABLED=yes
+DD_PROFILING_HEAP_LIVE_ENABLED=yes
+DD_PROFILING_ALLOCATION_SAMPLING_DISTANCE=1
+DD_PROFILING_LOG_LEVEL=trace
+DD_PROFILING_EXPERIMENTAL_CPU_TIME_ENABLED=no
+--INI--
+opcache.jit=off
+--FILE--
+<?php
+
+// Allocate memory in a function scope so it gets freed when function returns
+function allocate_and_free() {
+    $data = str_repeat('y', 2048);
+    // $data goes out of scope here and should be freed
+}
+
+allocate_and_free();
+
+// Force garbage collection to ensure memory is freed
+gc_collect_cycles();
+
+echo "Done.";
+
+?>
+--EXPECTREGEX--
+.*Tracked allocation at 0x[0-9a-f]+ \(\d+ bytes\) for batched heap-live emission.*
+.*Untracked freed allocation at 0x[0-9a-f]+ \(\d+ bytes\).*
+.*Done\..*
diff --git a/profiling/tests/phpt/heap_live_phpinfo_01.phpt b/profiling/tests/phpt/heap_live_phpinfo_01.phpt
new file mode 100644
index 00000000000..34a331184b2
--- /dev/null
+++ b/profiling/tests/phpt/heap_live_phpinfo_01.phpt
@@ -0,0 +1,55 @@
+--TEST--
+[profiling] heap live profiling setting is shown in phpinfo
+--DESCRIPTION--
+Verify that the heap live profiling setting is properly displayed in phpinfo
+when allocation profiling is enabled.
+--SKIPIF--
+<?php
+if (!extension_loaded('datadog-profiling'))
+    echo "skip: test requires Datadog Continuous Profiler\n";
+?>
+--ENV--
+DD_PROFILING_ENABLED=yes
+DD_PROFILING_ALLOCATION_ENABLED=yes
+DD_PROFILING_HEAP_LIVE_ENABLED=yes
+DD_PROFILING_EXPERIMENTAL_CPU_TIME_ENABLED=no
+--INI--
+assert.exception=1
+opcache.jit=off
+--FILE--
+<?php
+
+ob_start();
+$extension = new ReflectionExtension('datadog-profiling');
+$extension->info();
+$output = ob_get_clean();
+
+$lines = preg_split("/\R/", $output);
+$values = [];
+foreach ($lines as $line) {
+    $pair = explode("=>", $line);
+    if (count($pair) != 2) {
+        continue;
+    }
+    $values[trim($pair[0])] = trim($pair[1]);
+}
+
+// Check exact values
+$sections = [
+    ["Profiling Enabled", "true"],
+    ["Allocation Profiling Enabled", "true"],
+    ["Heap Live Profiling Enabled", "true"],
+];
+
+foreach ($sections as [$key, $expected]) {
+    assert(
+        $values[$key] === $expected,
+        "Expected '{$expected}', found '{$values[$key]}', for key '{$key}'"
+    );
+}
+
+echo "Done.";
+
+?>
+--EXPECT--
+Done.
diff --git a/profiling/tests/phpt/heap_live_phpinfo_02.phpt b/profiling/tests/phpt/heap_live_phpinfo_02.phpt
new file mode 100644
index 00000000000..11d7cea28c8
--- /dev/null
+++ b/profiling/tests/phpt/heap_live_phpinfo_02.phpt
@@ -0,0 +1,55 @@
+--TEST--
+[profiling] heap live profiling requires allocation profiling
+--DESCRIPTION--
+Verify that heap live profiling shows "requires allocation profiling" when
+allocation profiling is disabled.
+--SKIPIF--
+<?php
+if (!extension_loaded('datadog-profiling'))
+    echo "skip: test requires Datadog Continuous Profiler\n";
+?>
+--ENV--
+DD_PROFILING_ENABLED=yes
+DD_PROFILING_ALLOCATION_ENABLED=no
+DD_PROFILING_HEAP_LIVE_ENABLED=yes
+DD_PROFILING_EXPERIMENTAL_CPU_TIME_ENABLED=no
+--INI--
+assert.exception=1
+opcache.jit=off
+--FILE--
+<?php
+
+ob_start();
+$extension = new ReflectionExtension('datadog-profiling');
+$extension->info();
+$output = ob_get_clean();
+
+$lines = preg_split("/\R/", $output);
+$values = [];
+foreach ($lines as $line) {
+    $pair = explode("=>", $line);
+    if (count($pair) != 2) {
+        continue;
+    }
+    $values[trim($pair[0])] = trim($pair[1]);
+}
+
+// Check exact values
+$sections = [
+    ["Profiling Enabled", "true"],
+    ["Allocation Profiling Enabled", "false"],
+    ["Heap Live Profiling Enabled", "false (requires allocation profiling)"],
+];
+
+foreach ($sections as [$key, $expected]) {
+    assert(
+        $values[$key] === $expected,
+        "Expected '{$expected}', found '{$values[$key]}', for key '{$key}'"
+    );
+}
+
+echo "Done.";
+
+?>
+--EXPECT--
+Done.

From 9867f1ecdf7b3b11ec2555f1ab1258d2e5962692 Mon Sep 17 00:00:00 2001
From: Florian Engelhardt <florian.engelhardt@datadoghq.com>
Date: Thu, 5 Feb 2026 08:06:21 +0100
Subject: [PATCH 2/3] refactor(profiling): simplify heap-live and sample filter
 code

- Use functional style (map + match) in collect_batched_heap_live_samples
- Only create ProfileIndex when heap-live tracking is enabled
- Replace 32 repetitive I/O profiling lines with a loop
- Use filter_map in sample type filter method
- Add early bail-out in free_allocation when heap-live is disabled

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 profiling/src/profiling/mod.rs                | 51 ++++++++----------
 profiling/src/profiling/sample_type_filter.rs | 52 ++++---------------
 2 files changed, 32 insertions(+), 71 deletions(-)

diff --git a/profiling/src/profiling/mod.rs b/profiling/src/profiling/mod.rs
index 1e893a6cefa..3bfaefd1e7d 100644
--- a/profiling/src/profiling/mod.rs
+++ b/profiling/src/profiling/mod.rs
@@ -231,13 +231,11 @@ pub enum ProfilerMessage {
     Wake,
 }
 
-/// A complete sample stored for live heap tracking. Contains everything needed
-/// to send an identical deallocation sample (with negated heap-live-* values).
-#[derive(Clone, Debug)]
 /// Tracked allocation for batched heap-live sample emission.
 /// Unlike the .NET profiler which tracks CLR objects via weak handles,
 /// we track raw allocation pointers. Samples are emitted in batches
 /// at profile export time, not on each allocation/free.
+#[derive(Clone, Debug)]
 pub struct LiveHeapSample {
     /// The profile index (sample_types + tags) for adding to correct profile
     pub key: ProfileIndex,
@@ -318,16 +316,17 @@ impl TimeCollector {
             let tracked = entry.value();
 
             // Build sample_values with only heap-live-samples and heap-live-size set
-            let mut sample_values = vec![0i64; tracked.key.sample_types.len()];
-            for (i, st) in tracked.key.sample_types.iter().enumerate() {
-                if st.r#type == "heap-live-samples" {
-                    sample_values[i] = 1;
-                } else if st.r#type == "heap-live-size" {
-                    sample_values[i] = tracked.allocation_size;
-                }
-            }
+            let sample_values: Vec<i64> = tracked
+                .key
+                .sample_types
+                .iter()
+                .map(|st| match st.r#type {
+                    "heap-live-samples" => 1,
+                    "heap-live-size" => tracked.allocation_size,
+                    _ => 0,
+                })
+                .collect();
 
-            // Create the sample message
             let message = SampleMessage {
                 key: tracked.key.clone(),
                 value: SampleData {
@@ -1160,14 +1159,12 @@ impl Profiler {
 
                 // Track allocation for heap live profiling if enabled.
                 // Samples will be emitted in batch at profile export time.
-                // Fetch sample_types and tags once, reuse for both tracking and sending.
-                let sample_types = self.sample_types_filter.sample_types();
-                let tags = TAGS.with_borrow(Arc::clone);
-                let key = ProfileIndex { sample_types, tags };
-
                 if self.is_heap_live_enabled() {
                     let tracked = LiveHeapSample {
-                        key: key.clone(),
+                        key: ProfileIndex {
+                            sample_types: self.sample_types_filter.sample_types(),
+                            tags: TAGS.with_borrow(Arc::clone),
+                        },
                         frames: frames.clone(),
                         labels: labels.clone(),
                         allocation_size: alloc_size,
@@ -1181,16 +1178,7 @@ impl Profiler {
                     }
                 }
 
-                let sample_values = self.sample_types_filter.filter(sample_values);
-                let message = SampleMessage {
-                    key,
-                    value: SampleData {
-                        frames,
-                        labels,
-                        sample_values,
-                        timestamp,
-                    },
-                };
+                let message = self.prepare_sample_message(frames, sample_values, labels, timestamp);
 
                 match self.message_sender.try_send(ProfilerMessage::Sample(message)) {
                     Ok(_) => trace!(
@@ -1210,6 +1198,11 @@ impl Profiler {
     /// Called when memory is freed. Removes the allocation from tracking. The next profile export
     /// will not include this allocation in the heap-live samples.
     pub fn free_allocation(&self, ptr: *mut std::ffi::c_void) {
+        // Bail out early if heap-live tracking is disabled to avoid DashMap lookup overhead
+        if !self.is_heap_live_enabled() {
+            return;
+        }
+
         if let Some(sample) = self.untrack_allocation(ptr as usize) {
             trace!(
                 "Untracked freed allocation at {:#x} ({} bytes)",
@@ -1217,7 +1210,7 @@ impl Profiler {
                 sample.allocation_size
             );
         }
-        // If not tracked, nothing to do (wasn't sampled or tracking disabled)
+        // If not tracked, nothing to do (wasn't sampled)
     }
 
     /// Collect a stack sample with exception.
diff --git a/profiling/src/profiling/sample_type_filter.rs b/profiling/src/profiling/sample_type_filter.rs
index 0e674234c05..f5f0c1cb9bf 100644
--- a/profiling/src/profiling/sample_type_filter.rs
+++ b/profiling/src/profiling/sample_type_filter.rs
@@ -78,38 +78,11 @@ impl SampleTypeFilter {
 
             #[cfg(feature = "io_profiling")]
             if system_settings.profiling_io_enabled {
-                sample_types.push(SAMPLE_TYPES[9]);
-                sample_types_mask[9] = true;
-                sample_types.push(SAMPLE_TYPES[10]);
-                sample_types_mask[10] = true;
-                sample_types.push(SAMPLE_TYPES[11]);
-                sample_types_mask[11] = true;
-                sample_types.push(SAMPLE_TYPES[12]);
-                sample_types_mask[12] = true;
-                sample_types.push(SAMPLE_TYPES[13]);
-                sample_types_mask[13] = true;
-                sample_types.push(SAMPLE_TYPES[14]);
-                sample_types_mask[14] = true;
-                sample_types.push(SAMPLE_TYPES[15]);
-                sample_types_mask[15] = true;
-                sample_types.push(SAMPLE_TYPES[16]);
-                sample_types_mask[16] = true;
-                sample_types.push(SAMPLE_TYPES[17]);
-                sample_types_mask[17] = true;
-                sample_types.push(SAMPLE_TYPES[18]);
-                sample_types_mask[18] = true;
-                sample_types.push(SAMPLE_TYPES[19]);
-                sample_types_mask[19] = true;
-                sample_types.push(SAMPLE_TYPES[20]);
-                sample_types_mask[20] = true;
-                sample_types.push(SAMPLE_TYPES[21]);
-                sample_types_mask[21] = true;
-                sample_types.push(SAMPLE_TYPES[22]);
-                sample_types_mask[22] = true;
-                sample_types.push(SAMPLE_TYPES[23]);
-                sample_types_mask[23] = true;
-                sample_types.push(SAMPLE_TYPES[24]);
-                sample_types_mask[24] = true;
+                // I/O sample types are at indices 9..=24
+                for i in 9..=24 {
+                    sample_types.push(SAMPLE_TYPES[i]);
+                    sample_types_mask[i] = true;
+                }
             }
         }
 
@@ -124,9 +97,6 @@ impl SampleTypeFilter {
     }
 
     pub fn filter(&self, sample_values: SampleValues) -> Vec<i64> {
-        let mut output = Vec::new();
-        output.reserve_exact(self.sample_types.len());
-
         // Lay this out in the same order as SampleValues.
         // Allows us to slice the SampleValues as if they were an array.
         let values: [i64; MAX_SAMPLE_TYPES] = [
@@ -157,13 +127,11 @@ impl SampleTypeFilter {
             sample_values.file_write_size_samples,
         ];
 
-        for (value, enabled) in values.into_iter().zip(self.sample_types_mask.iter()) {
-            if *enabled {
-                output.push(value);
-            }
-        }
-
-        output
+        values
+            .into_iter()
+            .zip(self.sample_types_mask.iter())
+            .filter_map(|(value, &enabled)| enabled.then_some(value))
+            .collect()
     }
 }
 

From 91f9d71fe5be956f5fc3fe389c42f2743c4287c3 Mon Sep 17 00:00:00 2001
From: Florian Engelhardt <florian.engelhardt@datadoghq.com>
Date: Thu, 5 Feb 2026 17:43:58 +0100
Subject: [PATCH 3/3] perf(profiling): use fast pointer hasher for heap-live
 tracker

Replace default SipHash with a simple bit-mixing hasher optimized for
pointer addresses. Since pointers are already well-distributed, we use
`ptr ^ (ptr >> 4)` instead of expensive cryptographic hashing.

This reduces overhead in untrack_allocation() which is called on every free.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 profiling/src/profiling/mod.rs | 52 +++++++++++++++++++++++++++++++---
 1 file changed, 48 insertions(+), 4 deletions(-)

diff --git a/profiling/src/profiling/mod.rs b/profiling/src/profiling/mod.rs
index 3bfaefd1e7d..831c54926b6 100644
--- a/profiling/src/profiling/mod.rs
+++ b/profiling/src/profiling/mod.rs
@@ -37,7 +37,7 @@ use libdd_profiling::internal::Profile as InternalProfile;
 use log::{debug, info, trace, warn};
 use std::borrow::Cow;
 use std::collections::HashMap;
-use std::hash::Hash;
+use std::hash::{BuildHasher, Hash, Hasher};
 use std::num::NonZeroI64;
 use std::sync::atomic::{AtomicBool, AtomicPtr, AtomicU32, AtomicU64, Ordering};
 use std::sync::{Arc, Barrier, OnceLock};
@@ -60,6 +60,49 @@ pub const NO_TIMESTAMP: i64 = 0;
 // magnitude for the capacity.
 const UPLOAD_CHANNEL_CAPACITY: usize = 8;
 
+/// A fast, non-cryptographic hasher optimized for pointer addresses.
+/// Since pointers are already well-distributed and typically aligned,
+/// we use a simple bit mixing approach instead of expensive hashing.
+#[derive(Default)]
+struct PointerHasher(u64);
+
+impl Hasher for PointerHasher {
+    #[inline]
+    fn write(&mut self, _bytes: &[u8]) {
+        unreachable!("PointerHasher only supports write_usize");
+    }
+
+    #[inline]
+    fn write_usize(&mut self, ptr: usize) {
+        // Pointers are typically 8 or 16-byte aligned, so shift right to spread
+        // the entropy across the lower bits. XOR with shifted value for mixing.
+        let ptr = ptr as u64;
+        self.0 = ptr ^ (ptr >> 4);
+    }
+
+    #[inline]
+    fn finish(&self) -> u64 {
+        self.0
+    }
+}
+
+/// BuildHasher that creates PointerHasher instances.
+/// DashMap requires Clone for its internal sharding.
+#[derive(Clone)]
+struct PointerHasherBuilder;
+
+impl BuildHasher for PointerHasherBuilder {
+    type Hasher = PointerHasher;
+
+    #[inline]
+    fn build_hasher(&self) -> Self::Hasher {
+        PointerHasher(0)
+    }
+}
+
+/// Type alias for the heap tracker with our fast pointer hasher
+type HeapTracker = DashMap<usize, LiveHeapSample, PointerHasherBuilder>;
+
 /// The global profiler. Profiler gets made during the first rinit after an
 /// minit, and is destroyed on mshutdown.
 static mut PROFILER: OnceLock<Profiler> = OnceLock::new();
@@ -284,7 +327,8 @@ pub struct Profiler {
     /// Tracks sampled allocations for live heap profiling.
     /// Maps allocation pointer -> sample data for batched emission at export time.
     /// Wrapped in Arc to share with TimeCollector for batched sample emission.
-    live_heap_tracker: Arc<DashMap<usize, LiveHeapSample>>,
+    /// Uses a fast pointer hasher since addresses are already well-distributed.
+    live_heap_tracker: Arc<HeapTracker>,
 }
 
 struct TimeCollector {
@@ -294,7 +338,7 @@ struct TimeCollector {
     upload_sender: Sender<UploadMessage>,
     upload_period: Duration,
     /// Shared tracker for batched heap-live sample emission at export time.
-    live_heap_tracker: Arc<DashMap<usize, LiveHeapSample>>,
+    live_heap_tracker: Arc<HeapTracker>,
 }
 
 impl TimeCollector {
@@ -788,7 +832,7 @@ impl Profiler {
         let interrupt_manager = Arc::new(InterruptManager::new());
         let (message_sender, message_receiver) = crossbeam_channel::bounded(100);
         let (upload_sender, upload_receiver) = crossbeam_channel::bounded(UPLOAD_CHANNEL_CAPACITY);
-        let live_heap_tracker = Arc::new(DashMap::new());
+        let live_heap_tracker = Arc::new(DashMap::with_hasher(PointerHasherBuilder));
         let time_collector = TimeCollector {
             fork_barrier: fork_barrier.clone(),
             interrupt_manager: interrupt_manager.clone(),