add pidpersec tool

c64f85fc · Brendan Gregg · a368ba7a · c64f85fc · c64f85fc · c64f85fc
Commit c64f85fc authored Sep 09, 2018 by Brendan Gregg
Showing with 145 additions and 0 deletions

README.md README.md +1 -0

man/man8/pidpersec.8 man/man8/pidpersec.8 +49 -0

tools/pidpersec.bt tools/pidpersec.bt +38 -0

tools/pidpersec_example.txt tools/pidpersec_example.txt +57 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -149,6 +149,7 @@ bpftrace contains various tools, which also serve as examples of programming in
 - tools/[capable.bt](tools/capable.bt): Trace security capabilitiy checks. [Examples](tools/capable_example.txt).
 - tools/[cpuwalk.bt](tools/cpuwalk.bt): Sample which CPUs are executing processes. [Examples](tools/cpuwalk_example.txt).
 - tools/[gethostlatency.bt](tools/gethostlatency.bt): Show latency for getaddrinfo/gethostbyname[2] calls. [Examples](tools/gethostlatency_example.txt).
+- tools/[pidpersec.bt](tools/pidpersec.bt): Count new procesess (via fork). [Examples](tools/pidpersec_example.txt).

 For more eBPF observability tools, see [bcc tools](https://github.com/iovisor/bcc#tools).


--- a/man/man8/pidpersec.8
+++ b/man/man8/pidpersec.8
+.TH pidpersec 8  "2018-09-06" "USER COMMANDS"
+.SH NAME
+pidpersec.bt \- Count new processes (via fork()). Uses bpftrace/eBPF.
+.SH SYNOPSIS
+.B pidpersec.bt
+.SH DESCRIPTION
+pidpersec shows how many new processes were created each second. There
+can be performance issues caused by many short-lived processes, which may not
+be visible in sampling tools like top(1). pidpersec provides one way to
+investigate this behavior.
+
+This works by tracing the tracepoint:sched:sched_process_fork tracepoint.
+
+Since this uses BPF, only the root user can use this tool.
+.SH REQUIREMENTS
+CONFIG_BPF and bpftrace.
+.SH EXAMPLES
+.TP
+Count new processes, printing per-second summaries until Ctrl-C is hit:
+#
+.B pidpersec.bt
+.SH FIELDS
+.TP
+1st
+Count of processes (after "@")
+.SH OVERHEAD
+This traces kernel forks, and maintains an in-kernel count which is
+read asynchronously from user-space. As the rate of this is generally expected to
+be low (<< 1000/s), the overhead is also expected to be negligible.
+.SH SOURCE
+This is from bpftrace.
+.IP
+https://github.com/iovisor/bpftrace
+.PP
+Also look in the bpftrace distribution for a companion _examples.txt file
+containing example usage, output, and commentary for this tool.
+
+This is a bpftrace version of the bcc tool of the same name. The bcc tool
+may provide more options and customizations.
+.IP
+https://github.com/iovisor/bcc
+.SH OS
+Linux
+.SH STABILITY
+Unstable - in development.
+.SH AUTHOR
+Brendan Gregg
+.SH SEE ALSO
+top(1)
--- a/tools/pidpersec.bt
+++ b/tools/pidpersec.bt
+/*
+ * pidpersec	Count new procesess (via fork).
+ *		For Linux, uses bpftrace and eBPF.
+ *
+ * Written as a basic example of counting on an event.
+ *
+ * USAGE: pidpersec.bt
+ *
+ * This is a bpftrace version of the bcc tool of the same name.
+ *
+ * Copyright 2018 Netflix, Inc.
+ * Licensed under the Apache License, Version 2.0 (the "License")
+ *
+ * 06-Sep-2018	Brendan Gregg	Created this.
+ */
+
+BEGIN
+{
+	printf("Tracing new processes... Hit Ctrl-C to end.\n");
+
+}
+
+tracepoint:sched:sched_process_fork
+{
+	@ = count();
+}
+
+interval:s:1
+{
+	time("%H:%M:%S PIDs/sec: ");
+	print(@);
+	clear(@);
+}
+
+END
+{
+	clear(@);
+}
--- a/tools/pidpersec_example.txt
+++ b/tools/pidpersec_example.txt
+Demonstrations of pidpersec, the Linux bpftrace/eBPF version.
+
+
+Tracing new procesess:
+
+# pidpersec.bt
+Attaching 4 probes...
+Tracing new processes... Hit Ctrl-C to end.
+22:29:50 PIDs/sec: @: 121
+22:29:51 PIDs/sec: @: 120
+22:29:52 PIDs/sec: @: 122
+22:29:53 PIDs/sec: @: 124
+22:29:54 PIDs/sec: @: 123
+22:29:55 PIDs/sec: @: 121
+22:29:56 PIDs/sec: @: 121
+22:29:57 PIDs/sec: @: 121
+22:29:58 PIDs/sec: @: 49
+22:29:59 PIDs/sec:
+22:30:00 PIDs/sec:
+22:30:01 PIDs/sec:
+22:30:02 PIDs/sec:
+^C
+
+The output begins by showing a rate of new procesess over 120 per second.
+That then ends at time 22:29:59, and for the next few seconds there are zero
+new processes per second.
+
+
+The following example shows a Linux build launched at 6:33:40, on a 36 CPU
+server, with make -j36:
+
+# pidpersec.bt
+Attaching 4 probes...
+Tracing new processes... Hit Ctrl-C to end.
+06:33:38 PIDs/sec:
+06:33:39 PIDs/sec:
+06:33:40 PIDs/sec: @: 2314
+06:33:41 PIDs/sec: @: 2517
+06:33:42 PIDs/sec: @: 1345
+06:33:43 PIDs/sec: @: 1752
+06:33:44 PIDs/sec: @: 1744
+06:33:45 PIDs/sec: @: 1549
+06:33:46 PIDs/sec: @: 1643
+06:33:47 PIDs/sec: @: 1487
+06:33:48 PIDs/sec: @: 1534
+06:33:49 PIDs/sec: @: 1279
+06:33:50 PIDs/sec: @: 1392
+06:33:51 PIDs/sec: @: 1556
+06:33:52 PIDs/sec: @: 1580
+06:33:53 PIDs/sec: @: 1944
+
+A Linux kernel build involves launched many thousands of short-lived processes,
+which can be seen in the above output: a rate of over 1,000 processes per
+second.
+
+
+There is another version of this tool in bcc: https://github.com/iovisor/bcc