- 20 Oct, 2016 1 commit
-
-
Sasha Goldshtein authored
Because `funccount` doesn't use the direct regex attach infrastructure in the BPF module, it needs its own checking for a maximum probe limit that would make sense. We use 1000 because that's what the BPF module uses as well. When trying to attach to more than 1000 probes, we bail out early.
-
- 19 Oct, 2016 6 commits
-
-
Brendan Gregg authored
funccount: Generalized for uprobes, tracepoints, and USDT
-
Sasha Goldshtein authored
As part of the funccount work, the kprobe quota test doesn't fail early when adding multiple kprobes at once (with `event_re`), but rather only when the 1000th probe is being added. Revert to the old behavior, which fixes the `test_probe_quota` test. Add similar test for uprobes, `test_uprobe_quota`, which tests the recently-added uprobe regex support.
-
Sasha Goldshtein authored
This commit updates `funccount` to support attaching to a set of user functions, kernel tracepoints, or USDT probes using familiar syntax. Along the way, the implementation has been updated to use a separate BPF function for each target function, because using the instruction pointer to determine the function name doesn't work for anything other than kprobes. Even though the BPF program can now be potentially larger, testing with 40-50 attach points shows no significant overhead compared to the previous version. Examples of what's now possible: ``` funccount t:block:* funccount u:node:gc* funccount -r 'c:(read|write)$' funccount -p 142 u:ruby:object__create ```
-
Sasha Goldshtein authored
Make the `get_user_functions`, `get_kprobe_functions`, and `get_tracepoints` methods publicly accessible from the BPF class. These can then be used by tools that need to do their own work before attaching programs to a set of functions or tracepoints.
-
Sasha Goldshtein authored
-
Brendan Gregg authored
-
- 18 Oct, 2016 9 commits
-
-
Brendan Gregg authored
-
Sasha Goldshtein authored
* argdist: linter cleanup * cpudist: linter cleanup * execsnoop: linter cleanup * funclatency: linter cleanup * gethostlatency: linter cleanup * hardirqs: linter cleanup * memleak: linter cleanup * mountsnoop: linter cleanup * offcputime: linter cleanup * softirqs: linter cleanup * solisten: linter cleanup and u+x mode * stacksnoop: linter cleanup * tplist: linter cleanup * trace: linter cleanup
-
Brenden Blanco authored
mysqld_slower: Fix breakage after USDT API change
-
Brendan Gregg authored
-
Sasha Goldshtein authored
* trace: Additional include files support Similarly to `argdist`, `trace` now has a `-I` option for adding include files that can be used in filter and print expressions. This also required a slight modification to `argdist`'s syntax for consistency: where previously we would allow `-I header1 header2`, we now require `-I header1 -I header2` to avoid any mixups with which argument is a header file and which is a probe for `trace`. This is very unlikely to break anyone, because I haven't seen the `-I` option used at all, not to mention extensively with multiple headers. Also made sure the man and example pages are up to date. * argdist: Update -C and -H switches for consistency This commit updates `argdist`'s `-H` and `-C` switches for consistency with the `-I` switch and `trace`'s switches. Specifically, each probe needs an explicit `-C` or `-H` specifier in front of it. This also allows safe and understandable mixing of histogram and counting probes, for example: ``` argdist -C 'p:c:write()' -H 'p::vfs__write(int fd, const void *buf, size_t size):size_t:size#write sizes' ``` * trace: Fix stack trace support for tracepoints Tracepoint probes don't have a `ctx` argument, it's called `args` instead. The recently-added stack trace support code didn't take this into account, and consequently didn't work for tracepoints. This commit fixes the issue, so we can now do things like `trace -K t:block:block_rq_complete`.
-
Brenden Blanco authored
Making selection of kernel headers type automatic
-
Sasha Goldshtein authored
Modern versions of USDT probes (such as what's found in PostgreSQL when compiled with `--enable-dtrace`) may have the offset listed after the global symbol for USDT arguments of the format `4@symbol+8(%rip)`. This commit extends the argument parser to support these cases, adds tests for these cases, and makes sure that in case of a parse error, the parser always moves forward and consumes at least one character. Presently, the parser would get stuck on the problematic position and enter an infinite loop.
-
Brenden Blanco authored
Add vxlan gbp header
-
Dina Goldshtein authored
* Filter by process ID in ex4slower * Updated the rest of the tools to filter by process ID
-
- 17 Oct, 2016 2 commits
-
-
Sasha Goldshtein authored
The BPF class constructor now accepts an array of USDT contexts instead of just one object. Update the examples in **examples/tracing** and docs in **docs** to reflect this change.
-
Sasha Goldshtein authored
A recent PR to the USDT infrastructure changed the BPF module constructor to accept an array of USDT contexts. This commit updates `mysqld_slower` to use that new constructor.
-
- 16 Oct, 2016 2 commits
-
-
Brendan Gregg authored
-
Omar Sandoval authored
Filesystem mounting and unmounting affects an entire system, so this is a great candidate for system-wide tracing. mountsnoop.py watches all mounts and unmounts and is also mount namespace-aware, which is a requirement for working with containers. Signed-off-by: Omar Sandoval <osandov@fb.com>
-
- 15 Oct, 2016 1 commit
-
-
Deepa Kalani authored
Signed-off-by: Deepa Kalani <dkalani@plumgrid.com>
-
- 11 Oct, 2016 1 commit
-
-
Sasha Goldshtein authored
The %K and %U format specifiers can be used in a trace format string to resolve kernel and user symbols, respectively. For example, the pthread_create USDT probe has an argument pointing to the new thread's function. To trace pthread_create and print the symbolic name of the new thread's function, use: ``` trace 'u:pthread:pthread_create "%U", arg3' ``` The %U specifier resolves addresses in the event's process, while the %K specifier resolves kernel addresses.
-
- 10 Oct, 2016 2 commits
-
-
Dina Goldshtein authored
* Use real PID instead of TID in opensnoop * Replaced -t for timestamp with -T * Support TID as well as PID * Update opensnoop example * Update man * Added missing documentation re -n option * Minor: styling
-
Brenden Blanco authored
Update INSTALL.md
-
- 09 Oct, 2016 1 commit
-
-
Eric W authored
Quickstart leaves out installing the examples.
-
- 06 Oct, 2016 5 commits
-
-
Marco Leogrande authored
GCC 6 behaves slightly differently when using -isystem, and our use of that parameter is causing a build failure. Avoid using -isystem on gcc6+ for now, until that compiler becomes a bit more mainstream and we can debug further. Failure had been introuced in d19e0cb0. Signed-off-by: Marco Leogrande <marcol@plumgrid.com>
-
Sasha Goldshtein authored
* bcc: Allow custom bucket formatting for histogram keys When histogram keys are complex structures (`ct.Structure` created from C struct), they can't be used as dictionary keys for counting purposes without a custom hashing function. Allow the user to provide such hashing function when calling `print_log_hist` to print the histogram. * bcc: Allow regular expression in attach_uretprobe Similarly to `attach_uprobe`, `attach_uretprobe` now supports taking a regular expression. * funclatency: Support user functions funclatency now supports user functions (including regular expressions) in addition to kernel functions. When multiple processes are traced, the output is always per-function, per- process. When a single process is traced, the output can be combined for all traced functions (as with kernel functions). Usage examples: ``` funclatency pthread:*mutex* -p 6449 -F funclatency c:read funclatency dd:* -p $(pidof dd) -uF ```
-
Sasha Goldshtein authored
FC23 and FC24 need Clang 3.9.0 because of ABI changes in the C++ runtime library. Split the installation instructions to FC22 and FC23/24.
-
Sasha Goldshtein authored
* cc: Add USDT location and argument reporting libbcc now exposes USDT location and argument information using two new APIs: `bcc_usdt_get_location` and `bcc_usdt_get_argument`. * python: Retrieve USDT locations and arguments Add wrappers in the libbcc.py file to access the new APIs for retrieving USDT location and argument information. Also add high-level classes in usdt.py to access this information and format arguments and locations in a shape suitable for display. * tplist: Print USDT locations and arguments Add super-verbose mode (-vv) to tplist where it prints USDT locations and arguments including full detail on registers, offsets, and global identifier offsets.
-
Marek Vavruša authored
this is initial commit of LuaJIT bytecode to BPF compiler project that enables writing both kernel and user-part of the code as Lua
-
- 05 Oct, 2016 3 commits
-
-
Sasha Goldshtein authored
* stackcount: Support user-space functions Add support for user-space functions in `stackcount` by taking an additional `-l` command-line parameter specifying the name of the user-space library. When a user-space library is specified, `stackcount` attaches to a specific process and traces a user-space function with user-space stacks only. Regex support for uprobes (similar to what is available for kprobes) is not currently provided. Also add a couple of functions to the `BPF` object for consistency. * bcc: Support regex in attach_uprobe attach_kprobe allows a regular expression for the function name, while attach_uprobe does not. Add support in libccc for enumerating all the function symbols in a binary, and use that in the BPF module to attach uprobes according to a regular expression. For example: ```python bpf = BPF(text="...") bpf.attach_uprobe(name="c", sym_re=".*write$", fn_name="probe") ``` * python: Support regex in attach_tracepoint Modify attach_tracepoint to take a regex argument, in which case it enumerates all tracepoints matching that regex and attaches to all of them. The logic for enumerating tracepoints should eventually belong in libccc and be shared across all the tools (tplist, trace and so on). * cc: Fix termination condition bug in symbol enumeration bcc_elf would not terminate the enumeration correctly when the user-provided callback returned -1 but there were still more sections remaining in the ELF to be enumerated. * stackcount: Support uprobes and tracepoints Refactored stackcount and added support for uprobes and tracepoints, which also required changes to the BPF module. USDT support still pending. * bcc: Refactor symbol listing to use foreach-style Refactor symbol listing from paging style to foreach-style with a callback function per-symbol. Even though we're now performing a callback from C to Python for each symbol, this is preferable to the paging approach because we need all the symbols in the current use case. Also refactored `stackcount` slightly; only missing support for USDT probes now. * stackcount: Support per-process displays For user-space functions, or when requested for kernel-space functions or tracepoints, group the output by process. Toggled with the -P switch, off by default (except for user-space). * Fix rebase issues, print pid only when there is one * stackcount: Add USDT support Now, stackcount supports USDT tracepoints in addition to kernel functions, user functions, and kernel tracepoints. The format is the same as with the other general-purpose tools (argdist, trace): ``` stackcount -p $(pidof node) u:node:gc* stackcount -p 185 u:pthread:pthread_create ``` * stackcount: Update examples and man page Add examples and man page documentation for kernel tracepoints, USDT tracepoints, and other features. * stackcount: Change printing format slightly When -p is specified, don't print the comm and pid. Also, when -P is specified for kernel probes (kprobes and tracepoints), use -1 for symbol resolution so that we don't try to resolve kernel functions as user symbols. Finally, print the comm and pid at the end of the stack output and not at the beginning.
-
Dror Kronstein authored
-
Brendan Gregg authored
-
- 04 Oct, 2016 7 commits
-
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Sasha Goldshtein authored
Fixes #722, in which a USDT probe that has more than one location and the type of the argument is a string caused trace to potentially access an uninitialized stack variable, thereby not passing BPF program verification at load time.
-
Sasha Goldshtein authored
* Remove tracepoint.py The `Tracepoint` class which implements the necessary support for the tracepoint kprobe-based hack is no longer needed and can be removed. * argdist: Native tracepoint support This commit migrates argdist to use the native bcc/BPF tracepoint support instead of the hackish kprobe- based approach. The resulting programs are cleaner and likely more efficient. As a result of this change, there is a slight API change in how argdist is used with tracepoints. To access fields from the tracepoint structure, the user is expected to use `args->field` directly. This leverages most of the built-in bcc support for generating the tracepoint probe function. * trace: Native tracepoint support This commit migrates trace to use the native bcc/BPF tracepoint support instead of the hackish kprobe- based approach. The resulting programs are cleaner and likely more efficient. As with argdist, users are now expected to use the `args` structure pointer to access the tracepoint's arguments. For example: ``` trace 't:irq:irq_handler_entry (args->irq != 27) "irq %d", args->irq' ```
-
Sasha Goldshtein authored
By default, argdist now clears the histograms or freq count maps after each display interval. The new `-c` option enables cumulative mode, where maps are not cleared at each interval. This fixes #718.
-
Sasha Goldshtein authored
When verbose mode is enabled, ask all USDT helper objects to print out the argument helper functions, which help retrieve the argument values for each individual probe location. This can be useful for debugging probes; the helper functions are part of the loaded BPF program, so they need to be printed in verbose mode.
-
Sasha Goldshtein authored
Fixes the error message from `BPF._find_exe` which would occur if argdist or trace had a naked executable name not qualified with a path, such as: ``` trace 'r:bash:readline "%s", retval' ``` This is now supported again.
-