Commit ab195c6d authored by Brendan Gregg's avatar Brendan Gregg

add syncsnoop tool

parent a7fc4190
......@@ -157,6 +157,7 @@ bpftrace contains various tools, which also serve as examples of programming in
- tools/[loads.bt](tools/loads.bt): Print load averages. [Examples](tools/loads_example.txt).
- tools/[opensnoop.bt](tools/loads.bt): Trace open() syscalls showing filenames. [Examples](tools/opensnoop_example.txt).
- tools/[pidpersec.bt](tools/pidpersec.bt): Count new procesess (via fork). [Examples](tools/pidpersec_example.txt).
- tools/[syncsnoop.bt](tools/syncsnoop.bt): Trace sync() variety of syscalls. [Examples](tools/syncsnoop_example.txt).
- tools/[vfscount.bt](tools/vfscount.bt): Count VFS calls. [Examples](tools/vfscount_example.txt).
- tools/[vfsstat.bt](tools/vfsstat.bt): Count some VFS calls, with per-second summaries. [Examples](tools/vfsstat_example.txt).
- tools/[xfsdist.bt](tools/xfsdist.bt): Summarize XFS operation latency distribution as a histogram. [Examples](tools/xfsdist_example.txt).
......
.TH syncsnoop 8 "2018-09-06" "USER COMMANDS"
.SH NAME
syncsnoop.bt \- Trace the sync() variety of syscalls. Uses bpftrace/eBPF.
.SH SYNOPSIS
.B syncsnoop.bt
.SH DESCRIPTION
syncsnoop traces calls to sync() syscalls (sync(), fsync(), msync(), etc), which
flushes file system cache and buffers to storage devices. These calls can cause
performance perturbations, and it can be useful to know if they are happening,
when they happen, and how frequently.
This works by tracing the sync() variety of syscalls via tracepoints.
This program is also a basic example of eBPF/bcc.
Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF and bpftrace.
.SH EXAMPLES
.TP
Trace calls to sync() syscalls:
#
.B syncsnoop.bt
.SH FIELDS
.TP
TIME
A timestamp on the output, in "HH:MM:SS" format.
.TP
PID
The process ID that was on-CPU during the event.
.TP
COMM
The process name that was on-CPU during the event.
.TP
EVENT
The tracepoint name for the sync event.
.SH OVERHEAD
This traces sync syscalls and prints output for each event. As the
rate of this is generally expected to be low (<< 100/s), the overhead is also
expected to be negligible.
.SH SOURCE
This is from bpftrace.
.IP
https://github.com/iovisor/bpftrace
.PP
Also look in the bpftrace distribution for a companion _examples.txt file
containing example usage, output, and commentary for this tool.
This is a bpftrace version of the bcc tool of the same name.
.IP
https://github.com/iovisor/bcc
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
iostat(1)
/*
* syncsnoop Trace sync() variety of syscalls.
* For Linux, uses bpftrace and eBPF.
*
* Also a basic example of bpftrace.
*
* USAGE: syncsnoop.bt
*
* This is a bpftrace version of the bcc tool of the same name.
*
* Copyright 2018 Netflix, Inc.
* Licensed under the Apache License, Version 2.0 (the "License")
*
* 06-Sep-2018 Brendan Gregg Created this.
*/
BEGIN
{
printf("Tracing sync syscalls... Hit Ctrl-C to end.\n");
printf("%-9s %-6s %-16s %s\n", "TIME", "PID", "COMM", "EVENT");
}
tracepoint:syscalls:sys_enter_sync,
tracepoint:syscalls:sys_enter_syncfs,
tracepoint:syscalls:sys_enter_fsync,
tracepoint:syscalls:sys_enter_fdatasync,
tracepoint:syscalls:sys_enter_sync_file_range,
tracepoint:syscalls:sys_enter_msync
{
time("%H:%M:%S ");
printf("%-6d %-16s %s\n", pid, comm, name);
}
Demonstrations of syncsnoop, the Linux bpftrace/eBPF version.
Tracing file system sync events:
# bpftrace syncsnoop.bt
Attaching 7 probes...
Tracing sync syscalls... Hit Ctrl-C to end.
TIME PID COMM EVENT
02:02:17 27933 sync tracepoint:syscalls:sys_enter_sync
02:03:43 27936 sync tracepoint:syscalls:sys_enter_sync
The output shows calls to the sync() syscall (traced via its tracepoint),
along with various details.
There is another version of this tool in bcc: https://github.com/iovisor/bcc
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment