This group is locked. No changes can be made to the group while it is locked.
Date
1 - 4 of 4
BPF runtime for systemtap
|
Richard Henderson <rth@...>
I'm pleased to be able to announce an initial implementation of an (e)bpf backend for systemtap. For the subset of systemtap probes that can use kprobes, we can use a bpf filter instead of loading a kernel module.
As this implementation is young, there are a number of limitations. Neither string nor stats types are supported. Both require enhancements to the set of builtin functions supported in kernel. The stap bpf loader still needs improvement with respect to its use of the event subsystem. We're using the same intermediate file format that is supported by the llvm bpf backend. I have some improvements to submit for the llvm bpf backend as well. The code can be reviewed at git://sourceware.org/git/systemtap.git rth/bpf r~ |
|
Brendan Gregg
On Tue, Jun 14, 2016 at 1:06 PM, Richard Henderson <rth@...> wrote:
I'm pleased to be able to announce an initial implementation of an (e)bpfGreat! Is there a hello world example in there somewhere? I found this: # ./stapbpf/stapbpf -h Usage: ./stapbpf/stapbpf [-v][-w][-V][-h] [-o FILE] <bpf-file> -h, --help Show this help text -v, --verbose Increase verbosity -V, --version Show version -w Suppress warnings -o FILE Send output to FILE But I didn't see an explicit BPF example or bpf-file. Is it implicit? Should I be able to run a stap one-liner with some -v's and see it switches to using BPF, if I restrain myself to what's supported so far? Eg, since you mentioned kprobes, how about?: stap -ve 'probe kprobe.function("vfs_fsync") { println(pointer_arg(2)) }' Brendan |
|
Frank Ch. Eigler <fche@...>
brendan.d.gregg wrote:
[...]Yup. Here is a smoke test. (A great many other things are not yet working.) % sudo ./stap -v --runtime=bpf -e 'global foo probe kprobe.function("vfs_read"), kprobe.function("do_select") { foo++ } probe begin { printf("systemtap starting probe\n") } probe end { printf("systemtap ending probe\n"); printf("foo = %d\n", foo) }' Pass 1: parsed user script and 35 library scripts using 198460virt/15804res/6416shr/9208data kb, in 0usr/0sys/71real ms. Pass 2: analyzed script: 4 probes, 0 functions, 0 embeds, 1 global using 198460virt/15804res/6416shr/9208data kb, in 0usr/0sys/0real ms. Pass 4: compiled BPF into "stap_32349.bo" in 0usr/0sys/0real ms. Pass 5: starting run. systemtap starting probe ^Csystemtap ending probe foo = 108812 Pass 5: run completed in 0usr/10sys/2525real ms. |
|
Donatas Abraitis <donatas.abraitis@...>
Awesome! On Wed, Jun 15, 2016 at 4:50 AM, Frank Ch. Eigler <fche@...> wrote:
--
Donatas
|