Re: Fixing stack trace function names by argument introspection

Yonghong Song

On Sun, Jul 22, 2018 at 3:00 PM, marko@... <marko@...> wrote:

Imagine I have an interpreter that runs some program in some custom
language. If I were to get a stack trace, it would look like:

sys_read() [k]

These execute_fn() functions execute functions defined in my custom
language. Such stack trace is not very helpful.

But I know that I can get to real function name through execute_fn()
arguments. Imagine it is as simple as execute_fn(char *real_fn_name).

I know I can trace execute_fn() invocations and get to this function name
through BCC/eBPF. But I would like to have tool similar to to be
able to profile my programs written in my custom language.

So I need to get stack traces periodically (49 Hz say) and I need to
substitute name of a function from execute_fn() to the real one from

Can you give me some pointers how to do that or if it is possible at all.
I couldn't find any example that walks stack trace. All of the examples just
record them.
We did not have such an example in BCC. In Facebook, we have a bpf
program to catch
stack traces for python programs. It is very similar to what you want
to achieve in the above.
Basically, you need to walk the stack by yourself. Since verifier do
not support unbounded loops,
you need to have a fully-unrollable loop with progma unroll.

During each loop iteration, you can access the frame pointer, you need
some mechanism to
get the real function name based on that level frame pointer and then
you move on
to the next. In bpf program, you can access current task structure,
which contains some
data related to TLS which could be used by the bpf program.


Join to automatically receive all group messages.