Problem

Heap dumps may contain proprietary or personally identifying information within the objects. This presents a challenge for debugging memory issues if the complete heap dumps cannot be shared due to privacy and security concerns. However, object size and connectivity information is often sufficient for the vast majority of cases where heap dumps are used for debugging.

Solution

Add a command line option to the jcmd utility's diagnostic command GC.heap_dump to redact primitive fields from the heap dump. In addition, add a JVM runtime flag to enable the same redaction for automatic heap dumps such as the HeapDumpOnOutOfMemoryError option.

The redacted heap dump sets all primitive type fields and primitive type array elements to the default value. Class names and reference field values are not changed.

byte = 0
short = 0
int = 0
long = 0
float = 0.0f
double = 0.0
char = '\u0000'
boolean = false

Specification

New jcmd flag for GC.heap_dump creates a heap dump file with redacted values.

jcmd <pid> GC.heap_dump -redact <filename>

New JVM command line flag -XX:+HeapDumpRedacted

This flag is manageable and only redacts heap dumps generated from enabling the flags HeapDumpOnOutOfMemoryError , HeapDumpBeforeFullGC, or HeapDumpAfterFullGC.

Both flags are boolean and false by default if not specified. The jcmd flag and the command line flag operate independently of each other. For example, jcmd without the -redact flag will produce a regular heap dump even if the target JVM is running with -XX:+HeapDumpRedacted.

These flags combine naturally with other existing heap dump options such as gzip compression, specifying all or live objects, and file path.