Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bpftrace
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bpftrace
Commits
06f28be0
Commit
06f28be0
authored
Sep 15, 2018
by
Brendan Gregg
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add syscount tool
parent
bde3da29
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
145 additions
and
0 deletions
+145
-0
README.md
README.md
+1
-0
man/man8/syscount.8
man/man8/syscount.8
+65
-0
tools/syscount.bt
tools/syscount.bt
+37
-0
tools/syscount_example.txt
tools/syscount_example.txt
+42
-0
No files found.
README.md
View file @
06f28be0
...
@@ -115,6 +115,7 @@ bpftrace contains various tools, which also serve as examples of programming in
...
@@ -115,6 +115,7 @@ bpftrace contains various tools, which also serve as examples of programming in
-
tools/
[
pidpersec.bt
](
tools/pidpersec.bt
)
: Count new procesess (via fork).
[
Examples
](
tools/pidpersec_example.txt
)
.
-
tools/
[
pidpersec.bt
](
tools/pidpersec.bt
)
: Count new procesess (via fork).
[
Examples
](
tools/pidpersec_example.txt
)
.
-
tools/
[
statsnoop.bt
](
tools/statsnoop.bt
)
: Trace stat() syscalls for general debugging.
[
Examples
](
tools/statsnoop_example.txt
)
.
-
tools/
[
statsnoop.bt
](
tools/statsnoop.bt
)
: Trace stat() syscalls for general debugging.
[
Examples
](
tools/statsnoop_example.txt
)
.
-
tools/
[
syncsnoop.bt
](
tools/syncsnoop.bt
)
: Trace sync() variety of syscalls.
[
Examples
](
tools/syncsnoop_example.txt
)
.
-
tools/
[
syncsnoop.bt
](
tools/syncsnoop.bt
)
: Trace sync() variety of syscalls.
[
Examples
](
tools/syncsnoop_example.txt
)
.
-
tools/
[
syscount.bt
](
tools/syscount.bt
)
: Count system callls.
[
Examples
](
tools/syscount_example.txt
)
.
-
tools/
[
vfscount.bt
](
tools/vfscount.bt
)
: Count VFS calls.
[
Examples
](
tools/vfscount_example.txt
)
.
-
tools/
[
vfscount.bt
](
tools/vfscount.bt
)
: Count VFS calls.
[
Examples
](
tools/vfscount_example.txt
)
.
-
tools/
[
vfsstat.bt
](
tools/vfsstat.bt
)
: Count some VFS calls, with per-second summaries.
[
Examples
](
tools/vfsstat_example.txt
)
.
-
tools/
[
vfsstat.bt
](
tools/vfsstat.bt
)
: Count some VFS calls, with per-second summaries.
[
Examples
](
tools/vfsstat_example.txt
)
.
-
tools/
[
xfsdist.bt
](
tools/xfsdist.bt
)
: Summarize XFS operation latency distribution as a histogram.
[
Examples
](
tools/xfsdist_example.txt
)
.
-
tools/
[
xfsdist.bt
](
tools/xfsdist.bt
)
: Summarize XFS operation latency distribution as a histogram.
[
Examples
](
tools/xfsdist_example.txt
)
.
...
...
man/man8/syscount.8
0 → 100644
View file @
06f28be0
.TH syscount 8 "2018-09-06" "USER COMMANDS"
.SH NAME
syscount.bt \- Count system calls. Uses bpftrace/eBPF.
.SH SYNOPSIS
.B syscount.bt
.SH DESCRIPTION
This counts system calls (syscalls), printing a summary of the top ten
syscall IDs, and the top ten process names making syscalls. This can be
helpful for characterizing the kernel and resource workload, and finding
applications who are using syscalls inefficiently.
This works by using the tracepoint:raw_syscalls:sys_enter tracepoint.
Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF and bpftrace.
.SH EXAMPLES
.TP
Count all VFS calls until Ctrl-C is hit:
#
.B syscount.bt
.SH OUTPUT
.TP
Top 10 syscalls IDs:
This shows the syscall ID number (in @syscall[]) followed by a count for this
syscall during tracing. To see the syscall name for that ID, you can use
"ausyscall --dump", or the bcc version of this tool that does translations.
.TP
Top 10 processes:
This shows the process name (in @process[]) followed by a count of syscalls
during tracing.
.SH OVERHEAD
For most applications, the overhead should be manageable if they perform 1000's
or even 10,000's of syscalls per second. For higher rates, the overhead may
become considerable. For example, tracing a microbenchmark loop of 4 million
calls to geteuid(), slows it down by 2.4x. However, this represents tracing
a workload that has a syscall rate of over 4 million syscalls per second per
CPU, which should not be typical (in one large cloud production environment,
rates of between 10k and 50k are typical, where the application overhead is
expected to be closer to 1%).
For comparison, strace(1) in its current ptrace-based implementation (which it
has had for decades) runs the same geteuid() workload 102x slower (that's one
hundred and two times slower).
.SH SOURCE
This is from bpftrace.
.IP
https://github.com/iovisor/bpftrace
.PP
Also look in the bpftrace distribution for a companion _examples.txt file
containing example usage, output, and commentary for this tool.
This is a bpftrace version of the bcc tool of the same name.
The bcc version provides different command line options, and translates the
syscall IDs to their syscall names.
.IP
https://github.com/iovisor/bcc
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
strace(1)
tools/syscount.bt
0 → 100644
View file @
06f28be0
/*
* syscount.bt Count system callls.
* For Linux, uses bpftrace, eBPF.
*
* This is a bpftrace version of the bcc tool of the same name.
* The bcc versions translates syscall IDs to their names, and this version
* currently does not. Syscall IDs can be listed by "ausyscall --dump".
*
* Copyright 2018 Netflix, Inc.
* Licensed under the Apache License, Version 2.0 (the "License")
*
* 13-Sep-2018 Brendan Gregg Created this.
*/
BEGIN
{
printf("Counting syscalls... Hit Ctrl-C to end.\n");
// ausyscall --dump | awk 'NR > 1 { printf("\t@sysname[%d] = \"%s\";\n", $1, $2); }'
}
tracepoint:raw_syscalls:sys_enter
{
$id = *(ctx + 8); // workaround until #32
@syscall[$id] = count();
@process[comm] = count();
}
END
{
printf("\nTop 10 syscalls IDs:\n");
print(@syscall, 10);
clear(@syscall);
printf("\nTop 10 processes:\n");
print(@process, 10);
clear(@process);
}
tools/syscount_example.txt
0 → 100644
View file @
06f28be0
Demonstrations of syscount, the Linux bpftrace/eBPF version.
syscount counts system calls, and prints summaries of the top ten syscall IDs,
and the top ten process names making syscalls. For example:
# bpftrace syscount.bt
Attaching 3 probes...
Counting syscalls... Hit Ctrl-C to end.
^C
Top 10 syscalls IDs:
@syscall[6]: 36862
@syscall[21]: 42189
@syscall[13]: 44532
@syscall[12]: 58456
@syscall[9]: 82113
@syscall[8]: 95575
@syscall[5]: 147658
@syscall[3]: 163269
@syscall[2]: 270801
@syscall[4]: 326333
Top 10 processes:
@process[rm]: 14360
@process[tail]: 16011
@process[objtool]: 20767
@process[fixdep]: 28489
@process[as]: 48982
@process[gcc]: 90652
@process[command-not-fou]: 172874
@process[sh]: 270515
@process[cc1]: 482888
@process[make]: 1404065
The above output was traced during a Linux kernel build, and the process name
with the most syscalls was "make" with 1,404,065 syscalls while tracing. The
highest syscall ID was 4, which is stat().
There is another version of this tool in bcc: https://github.com/iovisor/bcc
The bcc version provides different command line options, and translates the
syscall IDs to their syscall names.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment