SlideShare a Scribd company logo

No instrumentation Golang Logging with eBPF (GoSF talk 11/11/20)

Z
Zain Asgar

The document discusses using eBPF for instrumentation and logging in Golang applications without source code modifications. It demonstrates attaching a BPF program to a function using uprobes to log function arguments each time the function is called. This allows tracing application flow and variables without recompilation like traditional debuggers. eBPF provides low overhead dynamic tracing of production applications.

1 of 25
Download to read offline
GoSF Nov 11, 2020 No-Instrumentation Golang Logging with eBPF
ABOUT ME 👋 i’m Zain @zainasgar Co-Founder/CEO Pixie Labs & Adjunct Professor of CS @ Stanford
DEVELOPER PROBLEM You’re an application developer, and your program is misbehaving. ● No problem. You have logs! Right? ● Uh-oh, not in the spot you need. 😞 We’ve all been there: ● “I just wish I could see the variable x when Foo() is called”
- Delve is one of the main Go debuggers. - You can also use GDB, but it has less support for Go runtime, data structures, etc. - Install Delve to get started go get github.com/go-delve/delve/cmd/dlv First steps with a debugger DEBUGGERS
Github Link: https://github.com/pixie-labs/pixie/tree/main/demos/simple-gotracing Relevant Code: // computeE computes the approximation of e by running a fixed number of iterations. func computeE(iterations int64) float64 { res := 2.0 fact := 1.0 for i := int64(2); i < iterations; i++ { fact *= float64(i) res += 1 / fact } return res } Let’s look at test application Use Case GET /e?iters={iterations}
// computeE computes the approximation of e by running a fixed number of iterations. func computeE(iterations int64) float64 { res := 2.0 fact := 1.0 for i := int64(2); i < iterations; i++ { fact *= float64(i) res += 1 / fact } return res } What if we just want to log the iterations? Use Case fmt.Printf("iterations: %dn”, iterations)
Running and using the debugger % dlv exec app Type 'help' for list of commands. (dlv) b app.go:15 Breakpoint 1 set at 0x125ef40 for main.computeE() ./app.go:15 (dlv) c Starting server on: :9090 > main.computeE() ./app.go:15 (hits goroutine(34):1 total:1) (PC: 0x125ef40) Warning: debugging optimized function ... 14: for i := int64(2); i < iterations; i++ { => 15: fact *= float64(i) 16: res += 1 / fact 17: } ... (dlv) print iterations 100000 (dlv) print i 2 Delve
(dlv) bt 0 0x000000000125ef40 in main.computeE at ./app.go:15 1 0x000000000125f2b1 in main.main.func1 at ./app.go:39 2 0x0000000001232f24 in net/http.HandlerFunc.ServeHTTP at /opt/golang/src/net/http/server.go:2007 3 0x0000000001234dfd in net/http.(*ServeMux).ServeHTTP at /opt/golang/src/net/http/server.go:2387 4 0x0000000001235d74 in net/http.serverHandler.ServeHTTP at /opt/golang/src/net/http/server.go:2802 5 0x0000000001231f55 in net/http.(*conn).serve at /opt/golang/src/net/http/server.go:1890 6 0x000000000105ab11 in runtime.goexit at /opt/golang/src/runtime/asm_amd64.s:1357 (dlv) grs Goroutine 1 - User: /opt/golang/src/runtime/netpoll.go:184 internal/poll.runtime_pollWait (0x102aa45) Goroutine 2 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) Goroutine 3 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) Goroutine 4 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) Goroutine 18 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) * Goroutine 34 - User: ./app.go:15 main.computeE (0x125ef40) (thread 36175033) Goroutine 35 - User: /opt/golang/src/runtime/netpoll.go:184 internal/poll.runtime_pollWait (0x102aa45) [7 goroutines] Stack Goroutines GETTING CONTEXT
RECAP ON DEBUGGERS ● Debuggers provide and easy way to get information about executing code ● No need to add fmt.Print and recompile. ○ Can easily step through code and get information. ● Dlv and GDB can connect to remote binaries to help debug machines running on servers. ○ Unfortunately this turns out to be harder than expected when running in environments like Kubernetes . ○ Checkout Solo.io, etc.
CAN WE RUN THIS SAFELY ON PRODUCTION CODE? ● Debuggers can be attached to production binaries by using a remote attachment. ● Unfortunately, they can mutate, stop execution of the code and lead to unexpected failures. ○ You probably don’t want this on prod ● What else can we do?
YOUR OPTIONS Option 1: Add a log to your program, re-compile and re-deploy. ○ This can be simple log statements, or ○ More comprehensive like Open tracing. Option 2: Debugger ○ GDB ○ Delve Option 3: Linux tracing utility ○ strace/ftrace ○ LTTng/USDT Option 4: eBPF 🤔
What is Credit: https://ebpf.io/ eBPF
What are we going to build? eBPF
[0] % objdump --syms app|grep computeE 00000000006609a0 g F .text 000000000000004b main.computeE [0] % objdump -d app | less 00000000006609a0 <main.computeE>: 6609a0: 48 8b 44 24 08 mov 0x8(%rsp),%rax 6609a5: b9 02 00 00 00 mov $0x2,%ecx 6609aa: f2 0f 10 05 16 a6 0f movsd 0xfa616(%rip),%xmm0 # 75afc8 <$f64.3ff0000000000000> 6609b1: 00 6609b2: f2 0f 10 0d 36 a6 0f movsd 0xfa636(%rip),%xmm1 # 75aff0 <$f64.4000000000000000> Diving into the details eBPF
Using uprobes eBPF ... ... main.computeE 0x6609a0 { App Binary main.main { 0x6609f0 ... ... main.computeE Uprobe Hook { App Binary main.main { 0x6609f0 BPF Program Perf Buffer Tracer Binary
What does the BPF program look like? ● The function is simply invoked whenever main.computeE is called. ● The registration is done via UProbes ● It attaches to every running version of the binary #include <uapi/linux/ptrace.h> BPF_PERF_OUTPUT(trace); inline int computeECalled(struct pt_regs *ctx) { // The input argument is stored in ax. long val = ctx->ax; trace.perf_submit(ctx, &val, sizeof(val)); return 0; } eBPF Github Link: https://github.com/pixie-labs/pixie/tree/main/demos/simple-gotracing/trace_example
DEMO: eBPF
● Utilizing tracepoints for dynamic logging allows for easy instrumentation of production binaries ● The complexities of the Go ABI make it difficult to do. Especially when you consider: interfaces, channels, etc. What’s next? eBPF
DEMO: HTTP Tracer
eBPF https://github.com/pixie-labs/pixie https://github.com/kinvolk/inspektor-gadget Some related projects https://github.com/draios/sysdig/wiki/eBPF
APPENDIX
eBPF Dynamic Tracepoint (live injection) func Foo(a, b int) int { c := a + 2; if c > threshold { return Bar(b) } return 0 } fmt.Printf("%v, %v, %v", b, c, threshold) - Function Argument Tracing → “What are the arguments being passed to Foo(x, y, z)?” - Function Input-Output Tracing → “What are the arguments and return value of calls to Foo(x, y, z)?” - Function Latency Profiling → “What is the latency (call to return) of calls to Login(username)?”
At, less than 2% CPU overhead and Latency degradation Less than 2% overhead at 0% sampling !!
... ... main.computeE 0x6609a0 { App Binary main.main { 0x6609f0 ... ... main.computeE Uprobe Hook { App Binary main.main { 0x6609f0 BPF Program Perf Buffer Tracer Binary
COMPARING TOOLS GDB, Delve etc. USDT, LTTng OpenTracing eBPF Traceable Code Instrumented Application Code All application code Instrumented Application Code All application code Application Disruption High Low Low Low Distributed Analysis No No Multi-Node No Performance Impact High Low Low/Med Low

Recommended

サーバPUSHざっくりまとめ
サーバPUSHざっくりまとめサーバPUSHざっくりまとめ
サーバPUSHざっくりまとめ
Yasuhiro Mawarimichi
 
WSL Reloaded
WSL ReloadedWSL Reloaded
WSL Reloaded
Anthony LAOU-HINE TSUEI
 
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdsotwlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
Viller Hsiao
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and Then
SATOSHI TAGOMORI
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
Thomas Graf
 
UEFI時代のブートローダ
UEFI時代のブートローダUEFI時代のブートローダ
UEFI時代のブートローダ
Takuya ASADA
 
Continuous Go Profiling & Observability
Continuous Go Profiling & ObservabilityContinuous Go Profiling & Observability
Continuous Go Profiling & Observability
ScyllaDB
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
Frans Rosén
 

Recommended

サーバPUSHざっくりまとめ
サーバPUSHざっくりまとめサーバPUSHざっくりまとめ
サーバPUSHざっくりまとめ
Yasuhiro Mawarimichi
 
WSL Reloaded
WSL ReloadedWSL Reloaded
WSL Reloaded
Anthony LAOU-HINE TSUEI
 
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdsotwlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
Viller Hsiao
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and Then
SATOSHI TAGOMORI
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
Thomas Graf
 
UEFI時代のブートローダ
UEFI時代のブートローダUEFI時代のブートローダ
UEFI時代のブートローダ
Takuya ASADA
 
Continuous Go Profiling & Observability
Continuous Go Profiling & ObservabilityContinuous Go Profiling & Observability
Continuous Go Profiling & Observability
ScyllaDB
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
Frans Rosén
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 
目grep入門 +解説
目grep入門 +解説目grep入門 +解説
目grep入門 +解説
murachue
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF Superpowers
Brendan Gregg
 
FridaによるAndroidアプリの動的解析とフッキングの基礎
FridaによるAndroidアプリの動的解析とフッキングの基礎FridaによるAndroidアプリの動的解析とフッキングの基礎
FridaによるAndroidアプリの動的解析とフッキングの基礎
ken_kitahara
 
Hinemosのすゝめ(監視編)
Hinemosのすゝめ(監視編)Hinemosのすゝめ(監視編)
Hinemosのすゝめ(監視編)
Hinemos
 
Host Header injection - Slides
Host Header injection - SlidesHost Header injection - Slides
Host Header injection - Slides
Amit Dubey
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
Motonori Shindo
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
IO Visor Project
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
Kohei Tokunaga
 
카프카, 산전수전 노하우
카프카, 산전수전 노하우카프카, 산전수전 노하우
카프카, 산전수전 노하우
if kakao
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
Cory Forsyth
 
Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
Bradley Holt
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
 
HTTP入門
HTTP入門HTTP入門
HTTP入門
Sota Sugiura
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
Brendan Gregg
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
Md Safiyat Reza
 
1.mysql disk io 모니터링 및 분석사례
1.mysql disk io 모니터링 및 분석사례1.mysql disk io 모니터링 및 분석사례
1.mysql disk io 모니터링 및 분석사례
I Goo Lee
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
 
The true story_of_hello_world
The true story_of_hello_worldThe true story_of_hello_world
The true story_of_hello_world
fantasy zheng
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3
Linaro
 

More Related Content

What's hot

I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 
目grep入門 +解説
目grep入門 +解説目grep入門 +解説
目grep入門 +解説
murachue
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF Superpowers
Brendan Gregg
 
FridaによるAndroidアプリの動的解析とフッキングの基礎
FridaによるAndroidアプリの動的解析とフッキングの基礎FridaによるAndroidアプリの動的解析とフッキングの基礎
FridaによるAndroidアプリの動的解析とフッキングの基礎
ken_kitahara
 
Hinemosのすゝめ(監視編)
Hinemosのすゝめ(監視編)Hinemosのすゝめ(監視編)
Hinemosのすゝめ(監視編)
Hinemos
 
Host Header injection - Slides
Host Header injection - SlidesHost Header injection - Slides
Host Header injection - Slides
Amit Dubey
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
Motonori Shindo
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
IO Visor Project
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
Kohei Tokunaga
 
카프카, 산전수전 노하우
카프카, 산전수전 노하우카프카, 산전수전 노하우
카프카, 산전수전 노하우
if kakao
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
Cory Forsyth
 
Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
Bradley Holt
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
 
HTTP入門
HTTP入門HTTP入門
HTTP入門
Sota Sugiura
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
Brendan Gregg
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
Md Safiyat Reza
 
1.mysql disk io 모니터링 및 분석사례
1.mysql disk io 모니터링 및 분석사례1.mysql disk io 모니터링 및 분석사례
1.mysql disk io 모니터링 및 분석사례
I Goo Lee
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
 

What's hot (20)

I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
目grep入門 +解説
目grep入門 +解説目grep入門 +解説
目grep入門 +解説
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF Superpowers
 
FridaによるAndroidアプリの動的解析とフッキングの基礎
FridaによるAndroidアプリの動的解析とフッキングの基礎FridaによるAndroidアプリの動的解析とフッキングの基礎
FridaによるAndroidアプリの動的解析とフッキングの基礎
 
Hinemosのすゝめ(監視編)
Hinemosのすゝめ(監視編)Hinemosのすゝめ(監視編)
Hinemosのすゝめ(監視編)
 
Host Header injection - Slides
Host Header injection - SlidesHost Header injection - Slides
Host Header injection - Slides
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
 
카프카, 산전수전 노하우
카프카, 산전수전 노하우카프카, 산전수전 노하우
카프카, 산전수전 노하우
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
 
Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
 
HTTP入門
HTTP入門HTTP入門
HTTP入門
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
 
1.mysql disk io 모니터링 및 분석사례
1.mysql disk io 모니터링 및 분석사례1.mysql disk io 모니터링 및 분석사례
1.mysql disk io 모니터링 및 분석사례
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
 

Similar to No instrumentation Golang Logging with eBPF (GoSF talk 11/11/20)

The true story_of_hello_world
The true story_of_hello_worldThe true story_of_hello_world
The true story_of_hello_world
fantasy zheng
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3
Linaro
 
HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4
Linaro
 
TechDays Switzerland 2009
TechDays Switzerland 2009TechDays Switzerland 2009
TechDays Switzerland 2009
Laurent Bugnion
 
Introduction to gdb
Introduction to gdbIntroduction to gdb
Introduction to gdb
Owen Hsu
 
Testing of javacript
Testing of javacriptTesting of javacript
Testing of javacriptLei Kang
 
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
Roman Podoliaka
 
Go 1.8 Release Party
Go 1.8 Release PartyGo 1.8 Release Party
Go 1.8 Release Party
Rodolfo Carvalho
 
Debugging Hung Python Processes With GDB
Debugging Hung Python Processes With GDBDebugging Hung Python Processes With GDB
Debugging Hung Python Processes With GDB
bmbouter
 
The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6
Wim Godden
 
Incredible Machine with Pipelines and Generators
Incredible Machine with Pipelines and GeneratorsIncredible Machine with Pipelines and Generators
Incredible Machine with Pipelines and Generators
dantleech
 
Php 5.6 From the Inside Out
Php 5.6 From the Inside OutPhp 5.6 From the Inside Out
Php 5.6 From the Inside Out
Ferenc Kovács
 
Advanced debugging  techniques in different environments
Advanced debugging  techniques in different environmentsAdvanced debugging  techniques in different environments
Advanced debugging  techniques in different environments
Andrii Soldatenko
 
Mini Session - Using GDB for Profiling
Mini Session - Using GDB for ProfilingMini Session - Using GDB for Profiling
Mini Session - Using GDB for Profiling
Enkitec
 
Building resilient services in go
Building resilient services in goBuilding resilient services in go
Building resilient services in go
Jaehue Jang
 
eBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging InfrastructureeBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging Infrastructure
Netronome
 
Bfg Ploneconf Oct2008
Bfg Ploneconf Oct2008Bfg Ploneconf Oct2008
Bfg Ploneconf Oct2008Jeffrey Clark
 
HPC_MPI_CICD.pptx
HPC_MPI_CICD.pptxHPC_MPI_CICD.pptx
HPC_MPI_CICD.pptx
ObjectAutomation2
 
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im ÜberblickEin Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblickrenebruns
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
Saumil Shah
 

Similar to No instrumentation Golang Logging with eBPF (GoSF talk 11/11/20) (20)

The true story_of_hello_world
The true story_of_hello_worldThe true story_of_hello_world
The true story_of_hello_world
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3
 
HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4
 
TechDays Switzerland 2009
TechDays Switzerland 2009TechDays Switzerland 2009
TechDays Switzerland 2009
 
Introduction to gdb
Introduction to gdbIntroduction to gdb
Introduction to gdb
 
Testing of javacript
Testing of javacriptTesting of javacript
Testing of javacript
 
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
 
Go 1.8 Release Party
Go 1.8 Release PartyGo 1.8 Release Party
Go 1.8 Release Party
 
Debugging Hung Python Processes With GDB
Debugging Hung Python Processes With GDBDebugging Hung Python Processes With GDB
Debugging Hung Python Processes With GDB
 
The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6
 
Incredible Machine with Pipelines and Generators
Incredible Machine with Pipelines and GeneratorsIncredible Machine with Pipelines and Generators
Incredible Machine with Pipelines and Generators
 
Php 5.6 From the Inside Out
Php 5.6 From the Inside OutPhp 5.6 From the Inside Out
Php 5.6 From the Inside Out
 
Advanced debugging  techniques in different environments
Advanced debugging  techniques in different environmentsAdvanced debugging  techniques in different environments
Advanced debugging  techniques in different environments
 
Mini Session - Using GDB for Profiling
Mini Session - Using GDB for ProfilingMini Session - Using GDB for Profiling
Mini Session - Using GDB for Profiling
 
Building resilient services in go
Building resilient services in goBuilding resilient services in go
Building resilient services in go
 
eBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging InfrastructureeBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging Infrastructure
 
Bfg Ploneconf Oct2008
Bfg Ploneconf Oct2008Bfg Ploneconf Oct2008
Bfg Ploneconf Oct2008
 
HPC_MPI_CICD.pptx
HPC_MPI_CICD.pptxHPC_MPI_CICD.pptx
HPC_MPI_CICD.pptx
 
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im ÜberblickEin Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
Ein Stall voller Trüffelschweine - (PHP-)Profiling-Tools im Überblick
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
 

Recently uploaded

Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Yara Milbes
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 

Recently uploaded (20)

Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 

No instrumentation Golang Logging with eBPF (GoSF talk 11/11/20)

  • 1. GoSF Nov 11, 2020 No-Instrumentation Golang Logging with eBPF
  • 2. ABOUT ME 👋 i’m Zain @zainasgar Co-Founder/CEO Pixie Labs & Adjunct Professor of CS @ Stanford
  • 3. DEVELOPER PROBLEM You’re an application developer, and your program is misbehaving. ● No problem. You have logs! Right? ● Uh-oh, not in the spot you need. 😞 We’ve all been there: ● “I just wish I could see the variable x when Foo() is called”
  • 4. - Delve is one of the main Go debuggers. - You can also use GDB, but it has less support for Go runtime, data structures, etc. - Install Delve to get started go get github.com/go-delve/delve/cmd/dlv First steps with a debugger DEBUGGERS
  • 5. Github Link: https://github.com/pixie-labs/pixie/tree/main/demos/simple-gotracing Relevant Code: // computeE computes the approximation of e by running a fixed number of iterations. func computeE(iterations int64) float64 { res := 2.0 fact := 1.0 for i := int64(2); i < iterations; i++ { fact *= float64(i) res += 1 / fact } return res } Let’s look at test application Use Case GET /e?iters={iterations}
  • 6. // computeE computes the approximation of e by running a fixed number of iterations. func computeE(iterations int64) float64 { res := 2.0 fact := 1.0 for i := int64(2); i < iterations; i++ { fact *= float64(i) res += 1 / fact } return res } What if we just want to log the iterations? Use Case fmt.Printf("iterations: %dn”, iterations)
  • 7. Running and using the debugger % dlv exec app Type 'help' for list of commands. (dlv) b app.go:15 Breakpoint 1 set at 0x125ef40 for main.computeE() ./app.go:15 (dlv) c Starting server on: :9090 > main.computeE() ./app.go:15 (hits goroutine(34):1 total:1) (PC: 0x125ef40) Warning: debugging optimized function ... 14: for i := int64(2); i < iterations; i++ { => 15: fact *= float64(i) 16: res += 1 / fact 17: } ... (dlv) print iterations 100000 (dlv) print i 2 Delve
  • 8. (dlv) bt 0 0x000000000125ef40 in main.computeE at ./app.go:15 1 0x000000000125f2b1 in main.main.func1 at ./app.go:39 2 0x0000000001232f24 in net/http.HandlerFunc.ServeHTTP at /opt/golang/src/net/http/server.go:2007 3 0x0000000001234dfd in net/http.(*ServeMux).ServeHTTP at /opt/golang/src/net/http/server.go:2387 4 0x0000000001235d74 in net/http.serverHandler.ServeHTTP at /opt/golang/src/net/http/server.go:2802 5 0x0000000001231f55 in net/http.(*conn).serve at /opt/golang/src/net/http/server.go:1890 6 0x000000000105ab11 in runtime.goexit at /opt/golang/src/runtime/asm_amd64.s:1357 (dlv) grs Goroutine 1 - User: /opt/golang/src/runtime/netpoll.go:184 internal/poll.runtime_pollWait (0x102aa45) Goroutine 2 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) Goroutine 3 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) Goroutine 4 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) Goroutine 18 - User: /opt/golang/src/runtime/proc.go:305 runtime.gopark (0x1030360) * Goroutine 34 - User: ./app.go:15 main.computeE (0x125ef40) (thread 36175033) Goroutine 35 - User: /opt/golang/src/runtime/netpoll.go:184 internal/poll.runtime_pollWait (0x102aa45) [7 goroutines] Stack Goroutines GETTING CONTEXT
  • 9. RECAP ON DEBUGGERS ● Debuggers provide and easy way to get information about executing code ● No need to add fmt.Print and recompile. ○ Can easily step through code and get information. ● Dlv and GDB can connect to remote binaries to help debug machines running on servers. ○ Unfortunately this turns out to be harder than expected when running in environments like Kubernetes . ○ Checkout Solo.io, etc.
  • 10. CAN WE RUN THIS SAFELY ON PRODUCTION CODE? ● Debuggers can be attached to production binaries by using a remote attachment. ● Unfortunately, they can mutate, stop execution of the code and lead to unexpected failures. ○ You probably don’t want this on prod ● What else can we do?
  • 11. YOUR OPTIONS Option 1: Add a log to your program, re-compile and re-deploy. ○ This can be simple log statements, or ○ More comprehensive like Open tracing. Option 2: Debugger ○ GDB ○ Delve Option 3: Linux tracing utility ○ strace/ftrace ○ LTTng/USDT Option 4: eBPF 🤔
  • 13. What are we going to build? eBPF
  • 14. [0] % objdump --syms app|grep computeE 00000000006609a0 g F .text 000000000000004b main.computeE [0] % objdump -d app | less 00000000006609a0 <main.computeE>: 6609a0: 48 8b 44 24 08 mov 0x8(%rsp),%rax 6609a5: b9 02 00 00 00 mov $0x2,%ecx 6609aa: f2 0f 10 05 16 a6 0f movsd 0xfa616(%rip),%xmm0 # 75afc8 <$f64.3ff0000000000000> 6609b1: 00 6609b2: f2 0f 10 0d 36 a6 0f movsd 0xfa636(%rip),%xmm1 # 75aff0 <$f64.4000000000000000> Diving into the details eBPF
  • 15. Using uprobes eBPF ... ... main.computeE 0x6609a0 { App Binary main.main { 0x6609f0 ... ... main.computeE Uprobe Hook { App Binary main.main { 0x6609f0 BPF Program Perf Buffer Tracer Binary
  • 16. What does the BPF program look like? ● The function is simply invoked whenever main.computeE is called. ● The registration is done via UProbes ● It attaches to every running version of the binary #include <uapi/linux/ptrace.h> BPF_PERF_OUTPUT(trace); inline int computeECalled(struct pt_regs *ctx) { // The input argument is stored in ax. long val = ctx->ax; trace.perf_submit(ctx, &val, sizeof(val)); return 0; } eBPF Github Link: https://github.com/pixie-labs/pixie/tree/main/demos/simple-gotracing/trace_example
  • 18. ● Utilizing tracepoints for dynamic logging allows for easy instrumentation of production binaries ● The complexities of the Go ABI make it difficult to do. Especially when you consider: interfaces, channels, etc. What’s next? eBPF
  • 22. eBPF Dynamic Tracepoint (live injection) func Foo(a, b int) int { c := a + 2; if c > threshold { return Bar(b) } return 0 } fmt.Printf("%v, %v, %v", b, c, threshold) - Function Argument Tracing → “What are the arguments being passed to Foo(x, y, z)?” - Function Input-Output Tracing → “What are the arguments and return value of calls to Foo(x, y, z)?” - Function Latency Profiling → “What is the latency (call to return) of calls to Login(username)?”
  • 23. At, less than 2% CPU overhead and Latency degradation Less than 2% overhead at 0% sampling !!
  • 24. ... ... main.computeE 0x6609a0 { App Binary main.main { 0x6609f0 ... ... main.computeE Uprobe Hook { App Binary main.main { 0x6609f0 BPF Program Perf Buffer Tracer Binary
  • 25. COMPARING TOOLS GDB, Delve etc. USDT, LTTng OpenTracing eBPF Traceable Code Instrumented Application Code All application code Instrumented Application Code All application code Application Disruption High Low Low Low Distributed Analysis No No Multi-Node No Performance Impact High Low Low/Med Low