YOUR DIGITAL HUB
← Back to blog

Tools to measure PHP application performance: profilers, APM, load testing

· 11 min read
#performance #profiling #apm #observability
Cover — Tools to measure PHP application performance

Measure before optimizing

Knuth wrote in 1974 that premature optimization is the root of all evil. The quote is repeated everywhere, stripped of context. The full version starts with "in 97% of cases" — meaning that in the remaining 3%, optimization is not only justified, it is critical. The real problem is not optimizing too early, it is optimizing in the wrong place.

The rule we apply systematically on performance engagements is simpler: never optimize without prior measurement. In the audits we run, the root cause of a slowdown is almost never what the team suspects. Feel-based optimizations waste weeks and sometimes make things worse (a poorly designed cache, a useless index that slows down writes, refactoring a lukewarm code path instead of the actual bottleneck).

This article presents the three families of tools we use to measure: profilers that inspect code inside the process, APM platforms that correlate distributed traces in production, and load-testing tools that reproduce traffic before real users do.

Three families, three jobs

Each family answers a distinct question. Confusing them is the first mistake.

Family Question it answers When to use
Profiler Where does the code spend its time? Development, investigating a slow endpoint
APM How does the application behave in production, across all traffic? Continuous observation, alerting, regression diagnosis
Load testing What happens when we push load beyond normal? Before a release, capacity validation, peak preparation

An APM alone does not tell you why a request is slow, only that it is. A profiler does not tell you whether your system handles 5000 concurrent users. A load test does not replace real observation. The three complement each other.

PHP profilers: the code level

A profiler records how much time and memory each function consumes, line by line. In PHP, four tools cover most needs.

Blackfire — the gold standard

Blackfire is our default on every engagement. Native Symfony and Laravel integration, lightweight PHP extension that does not hurt production performance (configurable sampling), interactive call graph, performance tests in CI.

Typical profiling flow for a slow endpoint.

# Install extension
pecl install blackfire

# Profile a targeted HTTP request
blackfire curl https://app.example.com/api/invoices/42

# Profile a CLI command
blackfire run php bin/console app:reindex

# Assertion in CI
blackfire run --samples=5 \
  --assert='main.wall_time < 200ms' \
  --assert='metrics.sql.queries.count <= 5' \
  php bin/phpunit tests/Integration/InvoiceListTest.php

Blackfire's killer feature is the before/after comparison. Two profiles overlay, showing exactly which functions gained or lost time. That is what makes optimization scientific rather than intuitive.

Tideways

Tideways combines profiler, monitoring and timeline in a single product. Less known than Blackfire in France, heavily used in the German ecosystem. Overhead is low, suitable for a permanent production deployment on sampling. The request timeline is particularly useful to visualize SQL queries in real execution order.

Xdebug profile mode

Xdebug has a historic profiler mode that generates Cachegrind files readable with KCachegrind or QCachegrind. Free, powerful, but overhead is heavy (5x to 10x slowdown). Local development only, never in production.

; php.ini to enable Xdebug profiler locally
xdebug.mode = profile
xdebug.output_dir = /tmp/xdebug
xdebug.profiler_output_name = cachegrind.out.%t.%p

SPX

SPX is a recent open-source profiler, lightweight, with a native web UI. Interesting for teams that avoid SaaS. Less mature than Blackfire, but improving rapidly.

PHP profilers comparison

Profiler License Prod overhead CI-ready Call graph Our recommendation
Blackfire Commercial (29 EUR/dev/month) Very low on sampling Yes, native Excellent Default on all engagements
Tideways Commercial (from 49 EUR/month) Low Yes Very good Good choice for unified APM + profiler
Xdebug profile Free Unusable in prod Limited Via KCachegrind Local dev only
SPX Open-source Low Not official Good Serious free option

APM and observability: the production level

An APM (Application Performance Monitoring) continuously collects metrics and traces across all traffic. The goal is not to profile a single request but to see the full distribution: which endpoints are slow at p95, how many SQL queries per transaction, where errors concentrate.

Datadog APM

Datadog is the APM we deploy most often at scale-up clients. Universal agent, native PHP integration via datadog/dd-trace-php, auto-instrumentation of major frameworks, logs-metrics-traces correlation in one interface.

# docker-compose.yml — Datadog agent side-car
services:
  datadog-agent:
    image: gcr.io/datadoghq/agent:7
    environment:
      DD_API_KEY: ${DD_API_KEY}
      DD_APM_ENABLED: "true"
      DD_SITE: datadoghq.eu
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /proc/:/host/proc/:ro
      - /sys/fs/cgroup/:/host/sys/fs/cgroup:ro

  app:
    image: our-php-app:latest
    environment:
      DD_AGENT_HOST: datadog-agent
      DD_TRACE_ENABLED: "true"
      DD_SERVICE: invoices-api
      DD_ENV: production

The cost scales fast: around 31 USD per host per month for standard APM, plus logging if enabled. On a 20-host fleet, easily 1000 EUR per month. Budget for it from day one.

New Relic

New Relic is historically the APM pioneer. The free plan (100 GB of data per month) is generous for small teams. The PHP extension is mature. The interface can feel dated but remains very functional. Still a great choice for an SMB wanting a serious APM without Datadog pricing.

Elastic APM

Elastic APM plugs into the Elastic stack (Elasticsearch, Kibana). Self-hostable, useful for teams with sovereignty requirements. The PHP agent lags behind Datadog and New Relic, but basic features are there.

Sentry Performance

Sentry extended its error tracking toward performance. Symfony integration is excellent. Good for teams wanting centralized errors and performance in one tool without paying Datadog rates. The free plan covers modest projects.

OpenTelemetry — the emerging standard

OpenTelemetry (OTel) has become the de facto instrumentation standard in 2025. One API, several backends (Datadog, New Relic, Grafana Tempo, Honeycomb, Jaeger). PHP auto-instrumentation via open-telemetry/opentelemetry-auto-slim and equivalents for Symfony/Laravel is moving fast.

Our 2026 recommendation: instrument with OTel rather than adopt a proprietary API. If the backend changes in two years, the code does not have to.

Load testing: the capacity level

Load testing simulates concurrent users and measures how the system behaves under load. Four tools dominate in 2026.

k6 — the modern choice

k6 (acquired by Grafana Labs in 2021) is our default recommendation. JavaScript scripts, lightweight Go binary, rich metrics, natural CI integration. Very gentle learning curve for any team that can read JS.

// load-test-invoices-api.js
import http from 'k6/http';
import { check, sleep } from 'k6';
import { Trend } from 'k6/metrics';

const listLatency = new Trend('list_latency');

export const options = {
  scenarios: {
    ramp_up: {
      executor: 'ramping-vus',
      startVUs: 0,
      stages: [
        { duration: '1m', target: 50 },
        { duration: '3m', target: 200 },
        { duration: '2m', target: 200 },
        { duration: '1m', target: 0 },
      ],
    },
  },
  thresholds: {
    http_req_duration: ['p(95)<400', 'p(99)<800'],
    http_req_failed: ['rate<0.01'],
    list_latency: ['p(95)<300'],
  },
};

const BASE = __ENV.BASE_URL || 'https://staging.example.com';
const TOKEN = __ENV.API_TOKEN;

export default function () {
  const headers = { Authorization: `Bearer ${TOKEN}` };

  const list = http.get(`${BASE}/api/invoices?page=1&limit=20`, { headers });
  check(list, {
    'list 200': (r) => r.status === 200,
    'list has data': (r) => (r.json('data') || []).length > 0,
  });
  listLatency.add(list.timings.duration);

  sleep(Math.random() * 2 + 1);

  const detail = http.get(`${BASE}/api/invoices/42`, { headers });
  check(detail, { 'detail 200': (r) => r.status === 200 });

  sleep(Math.random() * 3 + 1);
}

Run with k6 run -e API_TOKEN=xxx load-test-invoices-api.js. The test can be wired in GitHub Actions via grafana/setup-k6-action and fail the pipeline if thresholds are not met.

Gatling

Gatling (JVM, Scala or Java DSL) is extremely mature and fast. Very rich HTML reports. Our pick when the team has a JVM culture or targets very high load (beyond 10,000 requests per second from a single generator).

JMeter

JMeter is the veteran, still common in large enterprises. GUI helps beginners, verbose XML format to version. We rarely use it for new engagements in 2026, but it remains unavoidable if the client already has a JMeter test library.

Locust

Locust (Python) is a solid choice for Python-centric teams. Simple scripts, native distributed scaling. Fewer out-of-the-box metrics than k6.

Critical metrics to track

Regardless of tools, the metrics that matter are the same.

Metric Definition Typical target
TTFB Time To First Byte < 200 ms
LCP Largest Contentful Paint < 2.5 s
Latency p50 Median < 100 ms for an API
Latency p95 95th percentile < 400 ms
Latency p99 99th percentile < 800 ms
Apdex score Satisfaction index (0 to 1) > 0.9
Error rate 5xx error rate < 0.5%
Throughput Requests per second Per business target

The mean is a dangerous metric. An 80 ms median can hide a 4-second p99. On an API with 1 million requests per day, 1% of traffic at 4 s means 10,000 frustrated users every day.

Reading a before/after Blackfire profile

Recent real case: an /api/invoices endpoint replying in 1.8 s for 500 invoices. The Blackfire profile showed the problem in 15 seconds.

  • 67% of the time in Doctrine\ORM\UnitOfWork::computeChangeSets: classic N+1 signature.
  • 18% in serialize_groups of the Symfony Serializer with deep nested groups.
  • 8% in DateTimeImmutable::format called inside a foreach.

After optimization (Doctrine fetch-join + projection DTO + date formatted once): 140 ms for 500 invoices, a 13x improvement. Two hours of work, plus a Blackfire test in CI to prevent regression. Without a profile, the team had spent a week "tuning Redis" with no measurable effect.

Our methodology

On every performance engagement we apply the same sequence.

  1. Baseline. Measure the current state with the APM and a reproducible load test. Freeze p50, p95, p99, throughput and error rate.
  2. Profile. Target the 3 to 5 slowest or most-called endpoints. Profile each one with Blackfire or Tideways.
  3. Hypothesis and optimization. One hypothesis per iteration. Change only one thing at a time.
  4. Benchmark. Re-profile after every change. Compare with baseline. If no measurable gain, revert.
  5. Load test. Replay the k6 scenario to check behavior under load.
  6. Ship and observe. Deploy, then watch the APM for 48 hours to confirm the gain holds in production.

The critical point is the step-by-step discipline. An optimization that changes ten things at once is impossible to diagnose if it degrades performance elsewhere.

Typical 2026 costs

Performance tooling budget for a standard PHP team.

Tool Plan Monthly cost
Blackfire Pro Per developer, 3 devs ~90 EUR
Datadog APM 4 staging + prod hosts ~120 EUR
Sentry Performance Team plan ~26 EUR
k6 Cloud (optional) For distributed tests 0 to 99 EUR
New Relic Free 100 GB/month 0 EUR

A total budget of 250 to 400 EUR per month covers a team of 3 to 5 developers with a serious observability stack. Compare that to the cost of a single day of urgent support after a production incident.

Pitfalls to avoid

The mistakes we see most often, ranked by impact.

  • Measuring in prod without sampling. A 100% profiler in production can add 30% overhead. Always sample (1%, 5% depending on criticality).
  • Profiling only in dev. Data volume and parallelism change everything. Code that runs in 50 ms on the developer's machine can take 500 ms under 100 concurrent users and 1 million rows in the database.
  • Tracking the wrong metric. Optimizing the mean while p99 explodes. Optimizing an endpoint called 10 times a day while the main endpoint generates 80% of server time.
  • No baseline. Without a pre-measurement, no way to prove a gain. Teams spend weeks optimizing without showing quantified results.
  • Poorly designed cache. Adding a cache to hide a design flaw. The problem resurfaces when cache miss explodes under load. Always measure hit ratio.
  • Ignoring the database. 70% of PHP slowdowns come from the database. Profilers show SQL time, but you also need to read EXPLAIN output and watch the slow query log.

Conclusion

Performance is an engineering discipline, not an intuitive one. Modern tools are accessible, mature, and often cheaper than a single day of incident response. The real difficulty is not technical but methodological: measure before touching, one change at a time, systematic benchmark, revert if no gain.

If you need a performance diagnosis on an existing PHP application, tuning before a traffic peak, or end-to-end observability setup, reach out at contact@your-digital-hub.com or explore our PHP expertise and our performance and scalability service.