Commit 9924e64e authored by vijunag's avatar vijunag Committed by yonghong-song

support symbol resolution of short-lived process. (#2144)

New command line options have been added to tools/trace.py to support the 
new BUILD_ID stackmap. List of symbol files can be added to the script to 
resolve symbols from build id as reported by the kernel in the stack trace
Updated man page and added an example usage
parent 6cc0e7ad
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.SH NAME .SH NAME
trace \- Trace a function and print its arguments or return value, optionally evaluating a filter. Uses Linux eBPF/bcc. trace \- Trace a function and print its arguments or return value, optionally evaluating a filter. Uses Linux eBPF/bcc.
.SH SYNOPSIS .SH SYNOPSIS
.B trace [-h] [-b BUFFER_PAGES] [-p PID] [-L TID] [-v] [-Z STRING_SIZE] [-S] .B trace [-h] [-b BUFFER_PAGES] [-p PID] [-L TID] [-v] [-Z STRING_SIZE] [-S] [-s SYM_FILE_LIST]
[-M MAX_EVENTS] [-t] [-T] [-C] [-K] [-U] [-a] [-I header] [-M MAX_EVENTS] [-t] [-T] [-C] [-K] [-U] [-a] [-I header]
probe [probe ...] probe [probe ...]
.SH DESCRIPTION .SH DESCRIPTION
...@@ -31,6 +31,10 @@ Display the generated BPF program, for debugging purposes. ...@@ -31,6 +31,10 @@ Display the generated BPF program, for debugging purposes.
When collecting string arguments (of type char*), collect up to STRING_SIZE When collecting string arguments (of type char*), collect up to STRING_SIZE
characters. Longer strings will be truncated. characters. Longer strings will be truncated.
.TP .TP
\-s SYM_FILE_LIST
When collecting stack trace in build id format, use the coma separated list for
symbol resolution.
.TP
\-S \-S
If set, trace messages from trace's own process. By default, this is off to If set, trace messages from trace's own process. By default, this is off to
avoid tracing storms -- for example, if you trace the write system call, and avoid tracing storms -- for example, if you trace the write system call, and
...@@ -177,6 +181,10 @@ Trace the pthread_create USDT probe from the pthread library and print the addre ...@@ -177,6 +181,10 @@ Trace the pthread_create USDT probe from the pthread library and print the addre
Trace the nanosleep system call and print the sleep duration in nanoseconds: Trace the nanosleep system call and print the sleep duration in nanoseconds:
# #
.B trace 'p::SyS_nanosleep(struct timespec *ts) "sleep for %lld ns", ts->tv_nsec' .B trace 'p::SyS_nanosleep(struct timespec *ts) "sleep for %lld ns", ts->tv_nsec'
.TP
Trace the inet_pton system call using build id mechanism and print the stack
#
.B trace -s /lib/x86_64-linux-gnu/libc.so.6,/bin/ping 'p:c:inet_pton' -U
.SH SOURCE .SH SOURCE
This is from bcc. This is from bcc.
.IP .IP
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
# parameters, with an optional filter. # parameters, with an optional filter.
# #
# usage: trace [-h] [-p PID] [-L TID] [-v] [-Z STRING_SIZE] [-S] # usage: trace [-h] [-p PID] [-L TID] [-v] [-Z STRING_SIZE] [-S]
# [-M MAX_EVENTS] [-T] [-t] [-K] [-U] [-a] [-I header] # [-M MAX_EVENTS] [-s SYMBOLFILES] [-T] [-t] [-K] [-U] [-a] [-I header]
# probe [probe ...] # probe [probe ...]
# #
# Licensed under the Apache License, Version 2.0 (the "License") # Licensed under the Apache License, Version 2.0 (the "License")
...@@ -35,6 +35,7 @@ class Probe(object): ...@@ -35,6 +35,7 @@ class Probe(object):
tgid = -1 tgid = -1
pid = -1 pid = -1
page_cnt = None page_cnt = None
build_id_enabled = False
@classmethod @classmethod
def configure(cls, args): def configure(cls, args):
...@@ -49,6 +50,7 @@ class Probe(object): ...@@ -49,6 +50,7 @@ class Probe(object):
cls.pid = args.pid or -1 cls.pid = args.pid or -1
cls.page_cnt = args.buffer_pages cls.page_cnt = args.buffer_pages
cls.bin_cmp = args.bin_cmp cls.bin_cmp = args.bin_cmp
cls.build_id_enabled = args.sym_file_list is not None
def __init__(self, probe, string_size, kernel_stack, user_stack): def __init__(self, probe, string_size, kernel_stack, user_stack):
self.usdt = None self.usdt = None
...@@ -346,7 +348,9 @@ static inline bool %s(char const *ignored, uintptr_t str) { ...@@ -346,7 +348,9 @@ static inline bool %s(char const *ignored, uintptr_t str) {
self.events_name = "%s_events" % self.probe_name self.events_name = "%s_events" % self.probe_name
self.struct_name = "%s_data_t" % self.probe_name self.struct_name = "%s_data_t" % self.probe_name
self.stacks_name = "%s_stacks" % self.probe_name self.stacks_name = "%s_stacks" % self.probe_name
stack_table = "BPF_STACK_TRACE(%s, 1024);" % self.stacks_name \ stack_type = "BPF_STACK_TRACE" if self.build_id_enabled is False \
else "BPF_STACK_TRACE_BUILDID"
stack_table = "%s(%s, 1024);" % (stack_type,self.stacks_name) \
if (self.kernel_stack or self.user_stack) else "" if (self.kernel_stack or self.user_stack) else ""
data_fields = "" data_fields = ""
for i, field_type in enumerate(self.types): for i, field_type in enumerate(self.types):
...@@ -693,6 +697,10 @@ trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users' ...@@ -693,6 +697,10 @@ trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users'
help="print CPU id") help="print CPU id")
parser.add_argument("-B", "--bin_cmp", action="store_true", parser.add_argument("-B", "--bin_cmp", action="store_true",
help="allow to use STRCMP with binary values") help="allow to use STRCMP with binary values")
parser.add_argument('-s', "--sym_file_list", type=str, \
metavar="SYM_FILE_LIST", dest="sym_file_list", \
help="coma separated list of symbol files to use \
for symbol resolution")
parser.add_argument("-K", "--kernel-stack", parser.add_argument("-K", "--kernel-stack",
action="store_true", help="output kernel stack trace") action="store_true", help="output kernel stack trace")
parser.add_argument("-U", "--user-stack", parser.add_argument("-U", "--user-stack",
...@@ -757,6 +765,9 @@ trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users' ...@@ -757,6 +765,9 @@ trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users'
print(probe.usdt.get_text()) print(probe.usdt.get_text())
usdt_contexts.append(probe.usdt) usdt_contexts.append(probe.usdt)
self.bpf = BPF(text=self.program, usdt_contexts=usdt_contexts) self.bpf = BPF(text=self.program, usdt_contexts=usdt_contexts)
if self.args.sym_file_list is not None:
print("Note: Kernel bpf will report stack map with ip/build_id")
map(lambda x: self.bpf.add_module(x), self.args.sym_file_list.split(','))
for probe in self.probes: for probe in self.probes:
if self.args.verbose: if self.args.verbose:
print(probe) print(probe)
......
...@@ -104,6 +104,19 @@ TIME PID COMM FUNC - ...@@ -104,6 +104,19 @@ TIME PID COMM FUNC -
01:23:55 0 swapper/0 block_rq_complete sectors=8 01:23:55 0 swapper/0 block_rq_complete sectors=8
^C ^C
Suppose that you want to trace a system-call in a short-lived process, you can use
the -s option to trace. The option is followed by list of libraries/executables to
use for symbol resolution.
# trace -s /lib/x86_64-linux-gnu/libc.so.6,/bin/ping 'p:c:inet_pton' -U
Note: Kernel bpf will report stack map with ip/build_id
PID TID COMM FUNC
4175 4175 ping inet_pton
inet_pton+0x136340 [libc.so.6]
getaddrinfo+0xfb510 [libc.so.6]
_init+0x2a08 [ping]
During the trace, 'ping -c1 google.com' was executed to obtain the above results
To discover the tracepoint structure format (which you can refer to as the "args" To discover the tracepoint structure format (which you can refer to as the "args"
pointer variable), use the tplist tool. For example: pointer variable), use the tplist tool. For example:
...@@ -268,6 +281,8 @@ optional arguments: ...@@ -268,6 +281,8 @@ optional arguments:
-v, --verbose print resulting BPF program code before executing -v, --verbose print resulting BPF program code before executing
-Z STRING_SIZE, --string-size STRING_SIZE -Z STRING_SIZE, --string-size STRING_SIZE
maximum size to read from strings maximum size to read from strings
-s SYM_FILE_LIST when collecting stack trace in build id format,
use the coma separated list for symbol resolution
-S, --include-self do not filter trace's own pid from the trace -S, --include-self do not filter trace's own pid from the trace
-M MAX_EVENTS, --max-events MAX_EVENTS -M MAX_EVENTS, --max-events MAX_EVENTS
number of events to print before quitting number of events to print before quitting
...@@ -325,4 +340,7 @@ trace -I 'net/sock.h' \\ ...@@ -325,4 +340,7 @@ trace -I 'net/sock.h' \\
to 53 (DNS; 13568 in big endian order) to 53 (DNS; 13568 in big endian order)
trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users' trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users'
Trace the number of users accessing the file system of the current task Trace the number of users accessing the file system of the current task
trace -s /lib/x86_64-linux-gnu/libc.so.6,/bin/ping 'p:c:inet_pton' -U
Trace inet_pton system call and use the specified libraries/executables for
symbol resolution.
" "
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment