backend: add opt-in pprof server (RADIANCE_PPROF_ADDR)#513
Open
myleshorton wants to merge 3 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an opt-in, loopback-only pprof HTTP server for on-device profiling when Radiance is embedded (e.g., via gomobile), gated behind the RADIANCE_PPROF_ADDR environment variable so nothing is exposed by default.
Changes:
- Start an optional debug/pprof server during
LocalBackend.Start()whenRADIANCE_PPROF_ADDRis set. - Introduce a dedicated
http.ServeMuxhostingnet/http/pprofendpoints to avoid usinghttp.DefaultServeMux.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| backend/radiance.go | Starts the debug server during backend startup. |
| backend/pprof.go | Implements the opt-in pprof HTTP server with a dedicated mux. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Radiance is compiled into the host app via gomobile, so there's no
process to attach a profiler to and no on-device profiling hook. Add a
loopback pprof/HTTP server gated behind RADIANCE_PPROF_ADDR — off by
default (nothing registered, no port opened) so it ships safely in
release builds. Set it to e.g. localhost:6060 to capture CPU/heap
profiles of the running client, notably the broflake / Unbounded WebRTC
relay whose cost is otherwise invisible:
RADIANCE_PPROF_ADDR=localhost:6060 <app>
go tool pprof http://localhost:6060/debug/pprof/profile?seconds=30
Bound to loopback only and served from a dedicated mux (not
DefaultServeMux) so the debug handlers can't leak off-device or onto
another server in the process.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Hard-refuse any RADIANCE_PPROF_ADDR that isn't loopback (empty host, 0.0.0.0, or a public IP) instead of trusting the caller. pprof exposes goroutine stacks and can be driven to burn CPU, so it must never bind off-device. - Register the server's Close in shutdownFuncs so a Start/Close cycle (re-init, tests, in-process clients) frees the port and stops the goroutine. Previously it leaked and the next Start would hit "address already in use". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
myleshorton
force-pushed
the
fisk/radiance-pprof
branch
from
febf293 to
58d7b61
Compare
myleshorton
changed the base branch from
main
to
fisk/unbounded-conn-source-on-close
Add an env.Pprof key and have startDebugServer read the address through the radiance env package instead of os.Getenv directly. env.Get already honours an OS env var, a .env file in the working dir, and runtime env.Set (incl. the IPC SetEnv path) — the latter two are what let the profiler be enabled on sandboxed macOS/iOS system extensions, which don't inherit the launching shell's environment. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
WendelHime
approved these changes
Jun 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a loopback pprof/HTTP server to
LocalBackend, gated behind theRADIANCE_PPROF_ADDRenv var. Off by default — with the var unset, nothing is registered and no port is opened, so it's safe in release builds.Why
Radiance is compiled into the host app via gomobile, so there's no separate process to attach a profiler to, and no other on-device profiling hook. This came out of investigating high CPU while the Unbounded / broflake WebRTC relay is active — that relay's cost (pion DTLS/ICE/SCTP + QUIC-over-datachannel + byte copying) is otherwise invisible, and there was no way to capture a CPU/heap profile of the running client.
Safety
isLoopbackAddrrejects an empty host (:6060→ all interfaces),0.0.0.0, and public IPs before the listener opens; onlylocalhost,127.0.0.0/8, and::1are accepted. The pprof endpoints expose goroutine stacks and can be driven to burn CPU, so they must never be reachable off-device — this is enforced, not left to the caller.Close(). The server'sCloseis registered inshutdownFuncs, so a Start/Close cycle (re-init, tests, in-process clients) frees the port and stops the goroutine instead of leaking it and failing the next Start with "address already in use".http.DefaultServeMux, so importingnet/http/pprofhere can't surface these handlers on any other server in the process.🤖 Generated with Claude Code