Shulou(Shulou.com)06/03 Report--

Bpftrace is an open source tracker built on BPF and BCC. Like BCC, bpftrace comes with a number of performance tools and supporting documentation. However, it also provides a high-level programming language that allows you to create powerful single lines of code and short tools.

For example, use bpftrace one-liner to summarize the return values (bytes or error values) of vfs_read () into a histogram:

# bpftrace-e 'kretprobe:vfs_read {@ bytes = hist (retval);}'

Attaching 1 probe. ^ C @ bytes: (. 0) 223 | @ | [0] 110 | @ | [1] 581 | @ @ | [2 4) 23 | @ | [4,8) 9 | [8] 16) 844 | @ | [16,32) 44 | @ @ | [32 64) 67 | @ | [64,128) 50 | @ | [128256) 24 | @ | [256 512) 1 |

Bpftrace is ideal for temporary tools that use custom single lines of code and short scripts, while BCC is ideal for complex tools and daemons.

Comparison between bpftrace and other observability tools

L perf

Bpftrace provides a concise high-level language, while the perf scripting language is verbose.

Perf supports valid event dumps in binary format through perf records and memory summary modes such as perf top.

Bpftrace supports valid in-kernel feeds, such as custom histograms, while perf's built-in kernel feeds are limited to perf stat.

You can extend the functionality of perf by running BPF programs, although it cannot be done in a high-level language such as bpftrace.

L Ftrace

Bpftrace provides high-level languages similar to C and awk, while Ftrace has its own special syntax. Ftrace has fewer dependencies, making it suitable for small Linux environments. Ftrace also has a detection mode, for example, the function count so far has been optimized in addition to the event sources used by bpftrace. (my Ftrace funccount currently has faster start and stop times than bpftrace, and lower runtime overhead.)

L Systemtap

Both bpftrace and SystemTap provide high-level languages.

Bpftrace is based on built-in Linux technology, while SystemTap adds its own kernel modules, which prove unreliable on systems other than RHEL. As bpftrace has done, work has begun on SystemTap to support the BPF back end, which should make it more reliable on other systems. SystemTap currently has more accessibility in its library (tape set) that can be used to detect different targets.

L Lttng

LTTng optimizes event dumps and provides tools for analyzing event dumps. Compared with bpftrace, this performance analysis method is different from bpftrace, which is dedicated to temporary real-time analysis.

L specific tools that come with the application

Application-and runtime-specific tools are limited to user-level visibility. Bpftrace can also detect kernel and hardware events to identify the root causes of problems that tools cannot solve. The advantage of these tools is that they are usually tailored to the target application or runtime. The MySQL database analyzer already knows how to detect queries, while the JVM parser can already detect garbage collection. In bpftrace, you need to write your own code for this type of functionality.

Several related tools recommended by bpftrace

Bpftrace tools have a lot in common:

They solved the problem of observability in the real world.

They are designed to run in a production environment as a root user.

Each tool has a man page (under man / man8).

Each tool has a sample file with output and discussion (under tools / * _ examples.txt).

The source code of the tool begins with an introduction to block comments.

These tools are as simple as possible. (more complex tools will be left to BCC.)

Under CentOS7, after bpftrace is installed, the executable file * .bt file path is at: / usr/share/bpftrace/tools

Cd / usr/share/bpftrace/tools

. / opensnoop.bt can execute the corresponding bpftrace program

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.