Vicent Marti [Wed, 30 Mar 2016 18:37:26 +0000 (20:37 +0200)]
cmake: Use the wrapper script for Lua tests too
Vicent Marti [Wed, 30 Mar 2016 18:17:06 +0000 (20:17 +0200)]
cmake: Find `sudo` explicitly
Vicent Marti [Wed, 30 Mar 2016 15:41:56 +0000 (17:41 +0200)]
bpf.lua: Implement `dump_func`
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
test.lua: Port the `test_uprobes` suite
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
ld.lua: fix parsing of base16 addresses
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
bpf.lua: fix detaching uprobes and kprobes
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
cmake: Run the Lua tests too
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
bpf.lua: Sanity check
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
memleak.lua: Fix indentation
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
test.lua: Port `test_clang` to Lua
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
test.lua: Add basic test library and helpers
Vicent Marti [Wed, 30 Mar 2016 15:31:20 +0000 (17:31 +0200)]
table.py: Implement`scanf` and `printf` helpers
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
table.lua: Add support for decoding bitfield types
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
bpf.lua: Implement `load_funcs`
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
bpf.lua: Add support for CFLAGS and LLVM debug flags
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
bcc-probe: Allow running the helper from any path
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
bcc-probe: Allow loading absolute paths
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
Add a few examples written in Lua
Vicent Marti [Wed, 30 Mar 2016 15:31:19 +0000 (17:31 +0200)]
Lua Tools for BCC
Brenden Blanco [Wed, 30 Mar 2016 03:35:29 +0000 (20:35 -0700)]
Merge pull request #452 from yadutaf/jt-solisten
solisten: clean endian conversion hack
Brenden Blanco [Tue, 29 Mar 2016 16:47:59 +0000 (09:47 -0700)]
Merge pull request #456 from yadutaf/jt-endian
Minor endian and debug enhancement
Jean-Tiare Le Bigot [Tue, 29 Mar 2016 12:48:02 +0000 (12:48 +0000)]
add debug constants
Jean-Tiare Le Bigot [Tue, 29 Mar 2016 11:04:01 +0000 (11:04 +0000)]
move endian flags to kbuild_helper
4ast [Tue, 29 Mar 2016 04:36:40 +0000 (21:36 -0700)]
Merge pull request #451 from goldshtn/usdt
argdist, trace, and tplist support for USDT probes
Jean-Tiare Le Bigot [Mon, 28 Mar 2016 15:14:12 +0000 (15:14 +0000)]
solisten: clean endian conversion hack
Brenden Blanco [Mon, 28 Mar 2016 20:10:59 +0000 (13:10 -0700)]
Merge pull request #453 from yadutaf/jt-endian
expose buitin byte swap methods
Jean-Tiare Le Bigot [Mon, 28 Mar 2016 15:32:35 +0000 (15:32 +0000)]
expose buitin byte swap methods
Sasha Goldshtein [Thu, 24 Mar 2016 15:39:47 +0000 (08:39 -0700)]
argdist, trace, and tplist support for USDT probes
These tools now support USDT probes with the 'u:provider:probe' syntax.
Probes in a library or process can be listed with 'tplist -l LIB' or 'tplist -p PID'.
Probe arguments are also parsed and available in both argdist and trace as arg1,
arg2, etc., regardless of the probe attach location.
The same USDT probe can be used at multiple locations, which means the attach infra-
structure must probe all these locations. argdist and trace register thunk probes
at each location, which call a central probe function (which is static inline) with
the location id (__loc_id). The central probe function checks the location id to
determine how the arguments should be retrieved -- this is location-dependent.
Finally, some USDT probes must be enabled first by writing a value to a memory
location (this is called a "semaphore"). This value is per-process, so we require a
process id for this kind of probes.
Along with trace and argdist tool support, this commit also introduces new classes
in the bcc module: ProcStat handles pid-wrap detection, whereas USDTReader,
USDTProbe, USDTProbeLocation, and USDTArgument are the shared USDT-related
infrastructure that enables enumeration, attachment, and argument retrieval for
USDT probes.
Brenden Blanco [Mon, 28 Mar 2016 11:28:17 +0000 (04:28 -0700)]
Merge pull request #449 from goldshtn/tp-str-fix
Fixed bug around local assignment from char array
Sasha Goldshtein [Sun, 27 Mar 2016 08:44:26 +0000 (01:44 -0700)]
Fixed bug around local assignment from char array
Brendan Gregg [Sun, 27 Mar 2016 17:29:33 +0000 (10:29 -0700)]
Merge pull request #450 from vmg/vmg/stacks-next
Stack Traces: TNG
Vicent Marti [Sun, 27 Mar 2016 16:39:18 +0000 (18:39 +0200)]
stackcount: Resolve stacks using a StackTrace table
The changes for this script are minimal: the inline C probe has been
_significantly_ simplified, and should now perform better since the
stack walk happens in native code inside the kernel thanks to the
BPF_STACK_TRACE table.
The output of the tool should be virtually identical, so the man page
and included examples have essentially no changes.
Vicent Marti [Sun, 27 Mar 2016 16:22:03 +0000 (18:22 +0200)]
stacksnoop: Resolve stacks using a StackTrace table
Instead of manually walking the stack and printing each frame to the
trace log, we can use a BPF_STACK_TRACE table to store the stack traces,
and print to the trace log their IDs every time they are traced.
The output of the tool has been slightly modified: we no longer prefix
each line of the stack trace with the timestamp and the other headers,
since the whole stack trace is fetched in one go from the table and the
information would be highly redundant.
The man page and the examples have been updated to reflect the new
output.
Vicent Marti [Sun, 27 Mar 2016 16:18:03 +0000 (18:18 +0200)]
BPF: better format for `ksymaddr`
The offset is now returned after a `+` symbol, instead of directly
attached to the symbol name (which made reading the output very
confusing)
Before:
tick_do_update_jiffies64a0
After:
tick_do_update_jiffies64+0xa0
Brenden Blanco [Sun, 27 Mar 2016 14:47:30 +0000 (07:47 -0700)]
Merge pull request #448 from vmg/vmg/stacks
Better stack walking APIs
Vicent Marti [Fri, 25 Mar 2016 16:21:44 +0000 (17:21 +0100)]
offcputime: Resolve stacks using a StackTrace table
The manual walking for kernel stacks in the eBPF code has been replaced
with a `BPF_STACK_TRACE` table; the stack ID is now stored as an integer
in the main key.
Thanks to the `StackTrace.walk` iterator, the printing code can also be
significantly simplified for both folded and full stack modes.
Vicent Marti [Fri, 25 Mar 2016 16:14:34 +0000 (17:14 +0100)]
memleak: Resolve stacks with a StackTrace table
Instead of manually walking the (kernel) stack inside the eBPF code,
create a `BPF_STACK_TRACE` table and store the stack IDs in the alloc
info struct.
This greatly simplifies the leak detection code: instead of storing the
full stack trace as a string to de-duplicate the allocation point for
the different allocations, we can store the `stack_id`. Since we're
creating stack IDs with `BPF_F_REUSE_STACKID`, the kernel will take care
of deduplication for us.
Additionally, the `StackDecoder` class has been specialized into a
`UStackDecoder` and `KStackDecoder` (for userland and kernel stacks,
respectively). This lets us pass the decode class directly to
`stack_traces.walk()` to automate symbol resolution.
A new class, `Allocation` has been created to encapsulate what
previously was a 2-element tuple of `(count, size)`. This
Vicent Marti [Fri, 25 Mar 2016 22:22:57 +0000 (23:22 +0100)]
examples: Add `mallocstacks`
This simple example script traces all calls to `malloc` in a process and
prints the callsite using the new `BPF_STACK_TRACE` table API.
Vicent Marti [Fri, 25 Mar 2016 16:12:11 +0000 (17:12 +0100)]
table: Implement a StackWalker for StackTrace tables
The StackWalker iterator lets us call `stack_trace.walk(id)` to iterate
through the addresses in any given stack. The constructor of this
iterator takes an optional `resolver` to convert the addresses in the
iterator into symbols (or to format them according to the users' needs).
4ast [Thu, 24 Mar 2016 17:59:45 +0000 (10:59 -0700)]
Merge pull request #445 from goldshtn/tp-vars
Allowing more natural syntax for tracepoints with no "tp" struct prefix
Sasha Goldshtein [Thu, 24 Mar 2016 16:56:12 +0000 (09:56 -0700)]
Allowing more natural syntax for tracepoints with no "tp" struct prefix
Brenden Blanco [Wed, 23 Mar 2016 23:09:07 +0000 (16:09 -0700)]
Merge pull request #429 from yadutaf/jt-tcpv4listen
add tcpv4listen.py tracing example, with comments
Jean-Tiare Le Bigot [Fri, 4 Mar 2016 20:45:32 +0000 (21:45 +0100)]
add solisten tool. Currently TCP only.
Brenden Blanco [Tue, 22 Mar 2016 15:47:12 +0000 (08:47 -0700)]
Merge pull request #444 from goldshtn/probefail
Fix error handling when attaching {u,k}{,ret}probes
Sasha Goldshtein [Tue, 22 Mar 2016 15:30:29 +0000 (08:30 -0700)]
Fix error handling when attaching {u,k}{,ret}probes
Brenden Blanco [Mon, 21 Mar 2016 19:48:53 +0000 (12:48 -0700)]
Merge pull request #442 from goldshtn/usyms
Moved user symbol decoding from memleak into bcc module
Sasha Goldshtein [Mon, 21 Mar 2016 17:05:29 +0000 (10:05 -0700)]
Added pid wrap check, moved user symbols to usyms.py
Sasha Goldshtein [Mon, 21 Mar 2016 14:26:52 +0000 (07:26 -0700)]
Moved user symbol decoding from memleak into bcc module
4ast [Mon, 21 Mar 2016 15:50:24 +0000 (08:50 -0700)]
Merge pull request #439 from goldshtn/tpoint2
tracepoint support for argdist and trace, and new tplist tool
Brenden Blanco [Mon, 21 Mar 2016 14:45:59 +0000 (07:45 -0700)]
Merge pull request #441 from ismail/llvm-3.8
Fix llvm shared build
Sasha Goldshtein [Mon, 21 Mar 2016 11:06:15 +0000 (04:06 -0700)]
Moved auto-includes helper to __init__.py
Sasha Goldshtein [Mon, 21 Mar 2016 10:52:09 +0000 (03:52 -0700)]
Moved common tracepoint support into tracepoint.py
İsmail Dönmez [Mon, 21 Mar 2016 06:44:48 +0000 (08:44 +0200)]
Fix llvm shared build
Trim the llvm libs to the direct requirements only and use
llvm_expand_dependencies to discover all dependencies.
Sasha Goldshtein [Tue, 1 Mar 2016 20:15:34 +0000 (12:15 -0800)]
tracepoint support for argdist and trace, and new tplist tool for printing tracepoints
Brenden Blanco [Wed, 16 Mar 2016 00:33:10 +0000 (17:33 -0700)]
Merge pull request #438 from brendangregg/master
fix -p
Brendan Gregg [Wed, 16 Mar 2016 00:26:18 +0000 (17:26 -0700)]
fix -p
4ast [Fri, 11 Mar 2016 23:40:17 +0000 (15:40 -0800)]
Merge pull request #435 from iovisor/bblanco_dev
Fix python3 incompatibilities
Brenden Blanco [Fri, 11 Mar 2016 23:34:29 +0000 (15:34 -0800)]
Fix python3 incompatibilities
Syntax and dict usages fixups in dcstat.py and memleak.py
Fixes: #433, #434
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brendan Gregg [Thu, 10 Mar 2016 00:49:37 +0000 (16:49 -0800)]
Merge pull request #432 from iovisor/bblanco_dev
Enable python3 compatible strings in biosnoop
Brenden Blanco [Tue, 8 Mar 2016 18:07:51 +0000 (10:07 -0800)]
Enable python3 compatible strings in biosnoop
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Tue, 8 Mar 2016 17:19:33 +0000 (09:19 -0800)]
Merge pull request #430 from iovisor/bblanco_dev
Add option to change kernel build search paths
Brenden Blanco [Tue, 8 Mar 2016 16:32:29 +0000 (08:32 -0800)]
When in KERNEL_HAS_SOURCE_DIR mode, include everything
Include all of the paths in the build/ directory when kernel headers are
split.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 8 Mar 2016 07:27:59 +0000 (23:27 -0800)]
Add option to change kernel build search paths
Some linux distributions structure the /lib/modules directories
differently, causing complexities. Add cmake overrides to be able to
compile different behavior.
If your distro sets up `/lib/modules/$(uname -r)/{source,build}` with
header files split between the two (debian does this), then add
-DBCC_KERNEL_HAS_SOURCE_DIR=1 to the cmake command line.
If your distro just has something other than build/, but things are
still in one subdirectory, then add -DBCC_KERNEL_MODULES_SUFFIX=foo to
the cmake command line.
Also, fix one implicit declaration warning introduced by the new
bpf_get_stackid() helper.
Fixes: #397
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Fri, 4 Mar 2016 23:21:19 +0000 (15:21 -0800)]
Merge pull request #428 from iovisor/bblanco_dev
[RFC] Basic implementation of stacktrace table
Brenden Blanco [Fri, 4 Mar 2016 23:13:13 +0000 (15:13 -0800)]
Better get_stackid rewriter logic and unittest version testing
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 4 Mar 2016 21:58:44 +0000 (13:58 -0800)]
Rename stack lookup() to get_stackid
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 4 Mar 2016 20:02:10 +0000 (12:02 -0800)]
Basic implementation of stacktrace table
This is the initial implementation of bpf_get_stackid with python
helpers. This doesn't expose the different methods of calling
(kernel/user, fast, or reuse).
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brendan Gregg [Fri, 4 Mar 2016 18:31:36 +0000 (10:31 -0800)]
Merge pull request #427 from markdrayton/stacksnoop-filter
Fix stacksnoop PID filter
Mark Drayton [Fri, 4 Mar 2016 08:51:20 +0000 (00:51 -0800)]
Fix stacksnoop PID filter
The function FILTER is injected into (trace_stack()) returns void, not int.
4ast [Fri, 4 Mar 2016 00:31:27 +0000 (16:31 -0800)]
Merge pull request #426 from iovisor/bblanco_dev
Move cc/*py tests to python subdir and introduce c standalone test binary
Brenden Blanco [Thu, 3 Mar 2016 23:40:07 +0000 (15:40 -0800)]
Add libbcc.a compilation and test binary
This creates a new static library target for bcc. Add one trivial c test
case that links against it.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Thu, 3 Mar 2016 23:24:35 +0000 (15:24 -0800)]
Move python tests to tests/python
They didn't quite make sense where they were. At one point 'cc' meant
compiler, and yes they were testing the compiler. Now lets use the
convention that different tests/ subdirectories test different bindings
(c, python, other).
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 3 Mar 2016 21:19:07 +0000 (13:19 -0800)]
Merge pull request #424 from iovisor/bblanco_dev
Update headers with 4.5+ features
Brenden Blanco [Wed, 2 Mar 2016 06:59:11 +0000 (22:59 -0800)]
Update headers with 4.5+ features
Pull in bpf.h from upstream, and update helpers accordingly.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 1 Mar 2016 15:11:24 +0000 (07:11 -0800)]
Merge pull request #422 from billyom/install_md
INSTALL.md: Fix path for example and some small clarifications
Billy O'Mahony [Tue, 1 Mar 2016 12:20:36 +0000 (12:20 +0000)]
INSTALL.md: Fix path for example and some small clarifications
4ast [Mon, 29 Feb 2016 22:43:35 +0000 (14:43 -0800)]
Merge pull request #420 from iovisor/proto_update
Add v6 headers to proto.h
Brenden Blanco [Mon, 29 Feb 2016 22:32:23 +0000 (14:32 -0800)]
Add v6 headers to proto.h
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 24 Feb 2016 01:38:26 +0000 (17:38 -0800)]
Merge pull request #418 from brendangregg/master
tools map
Brendan Gregg [Wed, 24 Feb 2016 00:26:43 +0000 (16:26 -0800)]
tools map
4ast [Tue, 23 Feb 2016 22:39:31 +0000 (14:39 -0800)]
Merge pull request #417 from iovisor/funccount_alternate
Remove use of update() in funccount
Brenden Blanco [Tue, 23 Feb 2016 21:13:57 +0000 (13:13 -0800)]
Use pre-calculated function addresses in funccount
Hash map updates are not safe in recursive context. Change the
implementation of funccount to be read-only by converting
lookup_or_init() to lookup(). When run in interval mode, zero the counts
table instead of clearing it.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 23 Feb 2016 21:12:03 +0000 (13:12 -0800)]
Add name to address ksym helper
Add a helper to translate from kernel name to symbol. As part of this,
slightly refactor the ksym globals (which are internal implementation
and not part of the api) so that there is one array of tuples instead of
two arrays.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 23 Feb 2016 21:10:50 +0000 (13:10 -0800)]
Add a table.zero() function to bcc.TableBase
It is sometimes useful to zero out the entries of table without erasing
the keys. Add a zero() function to make this easy.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Tue, 23 Feb 2016 20:55:14 +0000 (12:55 -0800)]
Merge pull request #416 from iovisor/probe_quota
Enforce limit of 1000 open [uk]probes
Brenden Blanco [Tue, 23 Feb 2016 19:59:39 +0000 (11:59 -0800)]
Enforce limit of 1000 open [uk]probes
The number of open probes has bitten users already, so lets enforce a
limit with a meaningful(ish) message.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Tue, 23 Feb 2016 01:47:13 +0000 (17:47 -0800)]
Merge pull request #414 from iovisor/tag_v0.1.8
Prepare debian changelog for v0.1.8 tag
Brenden Blanco [Tue, 23 Feb 2016 00:42:51 +0000 (16:42 -0800)]
Prepare debian changelog for v0.1.8 tag
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 23 Feb 2016 01:25:21 +0000 (17:25 -0800)]
Fixup build scripts to support in-flight version change
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Mon, 22 Feb 2016 23:02:10 +0000 (15:02 -0800)]
Merge pull request #412 from iovisor/deb_fixes
Prepare deb build for nightly target
Brenden Blanco [Mon, 22 Feb 2016 18:29:36 +0000 (10:29 -0800)]
Prepare deb build for nightly target
Add incremental release numbering for deb targets.
Tweak rpm release numbering as well.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Mon, 22 Feb 2016 18:39:34 +0000 (10:39 -0800)]
Merge pull request #411 from iovisor/drzaeus77-patch-1
Fix ubuntu kernel path typo is INSTALL.md
Brenden Blanco [Mon, 22 Feb 2016 18:36:19 +0000 (10:36 -0800)]
Fix ubuntu kernel path typo is INSTALL.md
4ast [Mon, 22 Feb 2016 17:10:30 +0000 (09:10 -0800)]
Merge pull request #408 from iovisor/rpm_updates
Update rpm build scripts and README
Brenden Blanco [Mon, 22 Feb 2016 16:41:49 +0000 (08:41 -0800)]
Merge pull request #410 from goldshtn/argdist-silent
Print traceback only if verbose mode was requested
Brenden Blanco [Mon, 22 Feb 2016 16:39:06 +0000 (08:39 -0800)]
Merge pull request #409 from goldshtn/trace2
trace: trace function execution with custom format strings and filters
Sasha Goldshtein [Mon, 22 Feb 2016 10:36:43 +0000 (12:36 +0200)]
Merge branch 'master' into argdist-silent
Sasha Goldshtein [Mon, 22 Feb 2016 10:25:03 +0000 (02:25 -0800)]
Fixed examples to use fewer colons
Sasha Goldshtein [Mon, 22 Feb 2016 10:19:24 +0000 (02:19 -0800)]
trace
Brenden Blanco [Fri, 19 Feb 2016 22:42:22 +0000 (14:42 -0800)]
Update rpm build scripts and README
Remove the unused Dockerfiles.
Create two flavors of spec files, one which includes steps to build
clang from source and link against it, and one which assumes clang is
already available and just builds bcc. The former is more appropriate
for official packaging, the latter for nightly and quick builds.
Also, introduce a numbering scheme for nightly rpm files. The format
will be:
`libbcc-$latest_git_tag-g$latest_git_hash.x86_64.rpm`
as in:
`libbcc-0.1.7-g73c4d1a.x86_64.rpm`
Update the INSTALL.md to mention the RPMs
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>