- 21 Mar, 2017 2 commits
-
-
Brenden Blanco authored
python: Allow module=None when resolving kernel symbols
-
Simon Liu authored
-
- 16 Mar, 2017 2 commits
-
-
Brenden Blanco authored
Add build option for installing C++ examples
-
Teng Qin authored
-
- 11 Mar, 2017 4 commits
-
-
Brenden Blanco authored
Smoke tests for the tools
-
Sasha Goldshtein authored
This commit adds basic smoke tests for most tools in tools/ by running the tool with either a short duration, or interrupting it with a SIGINT after a short duration. The tests check the return value from the tool to detect any Python exceptions or other errors, but they do not read the standard error or standard output and parse the tool's result. Some tools are not covered by these smoke tests for reasons documented in the test itself: * btrfsdist and btrfsslower need btrfs * cachetop doesn't like to run without a terminal * dbslower, dbstat, and mysqld_qslower need a database engine * deadlock_detector allocates a huge amount of memory * softirqs doesn't work on new kernels and needs fixing (#1031) * ugc needs a USDT-enabled runtime with GC probes * zfsdist and zfsslower need zfs This is a good place to start, but clearly for some tools, especially those with a complex interface like trace and argdist, we need more than just basic smoke tests.
-
Sasha Goldshtein authored
-
4ast authored
syscount: Use ausyscalls if available to get syscall list
-
- 10 Mar, 2017 2 commits
-
-
Brendan Gregg authored
bpflist: Display processes with running BPF programs and maps
-
Brenden Blanco authored
Prepare debian changelog for v0.3.0 tag
-
- 09 Mar, 2017 5 commits
-
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Sasha Goldshtein authored
This tool displays processes with running BPF programs and maps, and also optionally kprobes and uprobes. This is a poor-man's version that snoops BPF file descriptors, as proposed by @brendangregg. Example: ``` PID COMM TYPE COUNT 4058 fileslower prog 4 4058 fileslower map 2 4106 bashreadline map 1 4106 bashreadline prog 1 ``` Resolves #1036.
-
Sasha Goldshtein authored
If ausyscall is installed, it can provide a clean, up-to-date list of syscall numbers for the current architecture. This is much more useful than the default hardcoded list for x86-64, which is currently used by syscount. Try to run `ausyscall --dump` and parse the output before resorting to the static list. Tested on FC/Linux 4.9 and produces 327 syscalls. Resolves #1001.
-
4ast authored
funclatency: remove unnecessary include
-
4ast authored
Added s390x support. Needs 4.10 Kernel
-
- 08 Mar, 2017 1 commit
-
-
Brendan Gregg authored
-
- 07 Mar, 2017 2 commits
-
-
Zvonko Kosic authored
-
Brenden Blanco authored
Restrict rewrite of unary operators to dereference operator
-
- 06 Mar, 2017 5 commits
-
-
Paul Chaignon authored
Since the whole expression, unary operator included, is replaced by a call to bpf_probe_read, the dereference operator is currently the only unary operator properly rewritten. When rewriting an increment expression (++val) for instance, the increment operator is lost in translation. Trying to rewrite all unary operators sometimes confuses bcc and results in improper code, for instance when trying to rewrite a logical negation.
-
Brenden Blanco authored
debuild: Do not parallelize tests
-
Florian Schmidt authored
The tests in the test suite are not parallelizable and will fail if run in parallel. Make the test step non-parallel to fix this issue.
-
Brenden Blanco authored
Fix bpf_dins_pkt rewrite in BinaryOperator
-
Brenden Blanco authored
cmake: Explicitly mark static libraries as such
-
- 05 Mar, 2017 3 commits
-
-
4ast authored
filetop: support specifying sort column via cmdline argument
-
Rafael Fonseca authored
Some distros (e.g Fedora) override the default behaviour of building static libraries to building dynamic ones instead. By explicitly building the correct libraries as static, we make sure BCC properly compiles everywhere.
-
Paul Chaignon authored
Binary operator expressions where the left hand-side expression is a reference to the packet are replaced by a call to the bpf_dins_pkt helper. When replacing text, the Clang Rewriter tries to maintain a list of offsets between the original and the new position of tokens. Replacing the whole binary operator expression with the call to bpf_dins_pkt confuses the Rewriter and it is unable to track the new position of the right hand-side expression. Rewriting the binary operator expression in two times without rewriting the right hand-side expression itself solves the issue.
-
- 04 Mar, 2017 4 commits
-
-
Paul Chaignon authored
* Travis CI build to check compliance with PEP8 * argdist: linter cleanup * dbslower: linter cleanup * dbstat: linter cleanup * memleak: linter cleanup * syscount: linter cleanup * tplist: linter cleanup * trace: linter cleanup * ucalls: linter cleanup * uflow: linter cleanup * ugc: linter cleanup * uobjnew: linter cleanup * ustat: linter cleanup
-
Brendan Gregg authored
-
4ast authored
python: handle null module in BPF.sym
-
4ast authored
Symbol resolution with multiple executable regions per module
-
- 03 Mar, 2017 8 commits
-
-
Brenden Blanco authored
add XDP return values to python interface
-
Sasha Goldshtein authored
The symbol resolution code used to assume for most purposes that there is a single executable region per module. When there were several, there was no crash, but symbols were not resolved correctly. The reason is that the symbol offsets are relative to the first executable region's start address, but bcc would resolve them relative to the region in which they appeared. For example, given the following regions and spans for a module libfoo.so loaded into some process: 1000-2000 r-xp libfoo.so 2000-3000 rw-p libfoo.so 3000-4000 r-xp libfoo.so 4000-5000 r--- libfoo.so Now, suppose there is a symbol bar() loaded at address 3500. In the binary on disk, bar() is at offset 2500 from the beginning of the module (but not the beginning of the 3000-4000 region!). When we look at the candidate regions, we find 3000-4000, and discover that 3500 lies within it. Then we subtract 3500-3000 to find the offset from the beginning of the region, get 500, and now look for a symbol that contains the relative address 500. As a result, we might find some random symbol in the region 1000-2000, and report that address 3500 corresponds to that random symbol rather than to bar(). This commit fixes the situation by keeping only a single `Module` instance for each module, even if that module spans multiple executable regions. We remember all executable region start and end ranges so we can determine whether an address (like 3500 in the above example) lies within the module. But for the purpose of finding the actual symbol, we need only the offset from the start of the _first_ executable region, and then need to look up a symbol based on that. This was discovered and fixed while tracing .NET Core processes on Linux, where libcoreclr.so (the main CLR binary) has several executable regions. Resolving symbols from any but the first region would produce totally bogus results.
-
Sasha Goldshtein authored
-
Rafael F authored
-
Rafael F authored
This fixes the following error: $: ./tplist -v -v -l /usr/lib64/dri/i965_dri.so argument 1: <class 'TypeError'>: wrong type
-
Alan Thompson authored
small typo
-
Brenden Blanco authored
cc: Don't parse the same module multiple times for USDT probes
-
Sasha Goldshtein authored
If a module has more than one executable region, it is reported multiple times by `bcc_procutils_each_module`. This is fine for symbol resolution, but we don't need the duplicates for parsing the ELF header looking for USDT probes: the first appearance of that module is enough. This also prevents issues with the same probe appearing multiple times with the same location, which results in an invalid program when reading USDT arguments. Fix by storing each visited module in the USDT::Context class, and ignoring modules that were already visited.
-
- 02 Mar, 2017 2 commits
-
-
Gabriel Ganne authored
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com> Signed-off-by: Romain Ly <romain.ly@enea.com>
-
Mark Drayton authored
Check to see if `module` is None before attempting to call `os.path.basename` on it. Before: ``` >>> BPF.sym(0x400001, 12345, show_module=True) Traceback (most recent call last): .. AttributeError: 'NoneType' object has no attribute 'rfind' ``` After: ``` >>> BPF.sym(0x400001, 12345, show_module=True) '[unknown]' ```
-