The patch adds a new debug option "DEBUG_SOURCE = 8" to
dump insns embedded with source. In C++ API, users
can change BPF constructor "flag" value to enable debug output.
In Python API, users can change "debug" value to enable
debug output. For example, for python test program test_usdt.py,
the debug output looks like below:

......
Disassembly of section .bpf.fn.do_trace1:
do_trace1:
; int do_trace1(struct pt_regs *ctx) { // Line 110
   0:   bf 16 00 00 00 00 00 00         r6 = r1
   1:   b7 01 00 00 00 00 00 00         r1 = 0
; struct probe_result_t1 result = {}; // Line 111
   2:   7b 1a f0 ff 00 00 00 00         *(u64 *)(r10 - 16) = r1
; switch(ctx->ip) { // Line   5
   3:   79 61 80 00 00 00 00 00         r1 = *(u64 *)(r6 + 128)
   4:   15 01 04 00 d7 06 40 00         if r1 == 4196055 goto 4
   5:   55 01 06 00 ce 06 40 00         if r1 != 4196046 goto 6
; case 0x4006ceULL: *((int8_t *)dest) = ctx->ax; __asm__ __volatile__("": : :"memory"); return 0; // Line   6
   6:   79 61 50 00 00 00 00 00         r1 = *(u64 *)(r6 + 80)
......

For asm insns, byte code is also dumped out (similar to objdump).
For source codes, only lines in the module file are printed (as expected).
The line number is added at the end of source code, which is
especially helpful for inlined functions.

This functionality is only in llvm 6.x (the trunk version), which
provides an public interface to create a dwarf context based on
a set of in-memory debug sections. llvm 5.x also provides
such a public interface in a different way, and this patch
does not support it in bcc yet. llvm 4.x and lower do not
have such a public interface and hence will not be supported
in bcc.

In this patch, the debug output only goes to stderr.
A subsequent patch will dump the per-function output into
<BCC_PROG_TAG_DIR>/bpf_prog_<tag>/ if it is available.
Signed-off-by: Yonghong Song <yhs@fb.com>

examples: fix dns_matching

Partially reverts 80667b7b, "Fix unary operator handling of probe
reads with parens", keeping the test case. With 4c6ecb46,
"Restrict rewrite of unary operators to dereference operator," only
dereferences are rewritten, removing the need for the previous fix.

Reverting 80667b7b allows bcc to rewrite more dereferences, as
highlighted in the new test case.

The for loop was copying garbase characters after domain name.
Fixed this by adding correct terminating condition. Also removed
unnecessary code
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

Loop unrolling was not working because of if-condition in the loop.
Added #pragma unroll directive.
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

Changed key length to 255, maximum length of DNS domain name.
Also fixed double increment of loop variable. These both changes
fix buffer overrun.
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>

bpf_probe_read*: src argument should be const void *.

Fix shared library loaded into multiple sections

Use ELF load sections in address -> symbol resolution

LPM trie maps require the BPF_F_NO_PREALLOC flag on creation. The
need for this flag is not obvious at first; this new macro should
help avoid the mistake.

Fix edge case when doing symbol name -> address resolution

For the following program:

    #include <linux/interrupt.h>

    // remember t(last-interrupt) on interface
    int kprobe__handle_irq_event_percpu(struct pt_regs *ctx, struct irq_desc *desc) {
        const char *irqname = desc->action->name;

        char c;

        bpf_probe_read(&c, 1, &irqname[0]);
        if (c != 'e') return 0;

        bpf_probe_read(&c, 1, &irqname[1]);
        if (c != 't') return 0;

        ...

LLVM gives warnings because irqaction->name is `const char *`:

    /virtual/main.c:10:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        bpf_probe_read(&c, 1, &irqname[0]);
                              ^~~~~~~~~~~
    /virtual/main.c:13:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        bpf_probe_read(&c, 1, &irqname[1]);
                              ^~~~~~~~~~~
    ...

Instead of adding casts in source everywhere fix bpf_probe_read* signature to
indicate the memory referenced by src won't be modified, as it should be.

P.S.

bpf_probe_read_str was in fact already marked so in several places in comments
but not in actual signature.

In order to run, some test programs depend on the availability
of binaries in locations that are part of PATH. So, we add a
generic utility to simplify this.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

If netperf is not installed or installed at a location that is not
in PATH as recognized by Python, then 'test_brb' and 'test_brb2'
freeze after an OSError is raised. To avoid this, we proactively
check if the 'iperf', 'netserver' and 'netperf' binaries are
available before making the corresponding NSPopen() calls.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

Fix 'test_debuginfo' from failing if a kernel symbol has multiple aliases

Update LINKS.md

The first symbol from /proc/kallsyms is read by 'test_debuginfo'
and the name obtained here is compared against the name obtained
from the BPF.ksym() library call. In some architectures such as
powerpc64le, a kernel symbol may have multiple aliases that refer
to the same address. So, to avoid the test from failing, we need
to compare the name returned by BPF.ksym() against all possible
aliases for the given address in /proc/kallsyms and look for a
match.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

Signed-off-by: Gary Lin <glin@suse.com>

Signed-off-by: Colin Ian King <colin.king@canonical.com>

nfsdist: trace NFS operation latency distribution, similar to the other *dist tools.

Fix for incorrect tool arguments in the man pages

Improve string buffer checking on uprobe attach and detach

annotate program tag

Do not create instance for kprobe

Fix for bug in lesson 4 of the Python developer tutorial

during debug of production systems it's difficult to trace back
the kernel reported 'bpf_prog_4985bb0bd6c69631' symbols to the source code
of the program, hence teach bcc to store the main function source
in the /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/ directory.

This program tag is stable. Every time the script is called the tag
will be the same unless source code of the program changes.
During active development of bcc scripts the /var/tmp/bcc/ dir can
get a bunch of stale tags. The users have to trim that dir manually.

Python scripts can be modified to use this feature too, but probably
need to be gated by the flag. For c++ api I think it makes sense
to store the source code always, since the cost is minimal and
c++ api is used by long running services.

Example:
$ ./examples/cpp/LLCStat
$ ls -l /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/
total 16
-rw-r--r--. 1 root root 226 Sep  1 17:30 on_cache_miss.c
-rw-r--r--. 1 root root 487 Sep  1 17:30 on_cache_miss.rewritten.c
-rw-r--r--. 1 root root 224 Sep  1 17:30 on_cache_ref.c
-rw-r--r--. 1 root root 484 Sep  1 17:30 on_cache_ref.rewritten.c

Note that there are two .c files there, since two different
bpf programs have exactly the same bytecode hence same prog_tag.

$ cat /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/on_cache_miss.c
int on_cache_miss(struct bpf_perf_event_data *ctx) {
    struct event_t key = {};
    get_key(&key);

    u64 zero = 0, *val;
    val = miss_count.lookup_or_init(&key, &zero);
...
Signed-off-by: Alexei Starovoitov <ast@fb.com>