Advertisement
Check these out next
Bpf performance tools chapter 4 bcc
Feb. 23, 2020•0 likes•357 views
1 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Engineering
Study report about BPF Performance Tools (book) The video is in https://www.youtube.com/watch?v=GlKtraMn4Ic
Viller HsiaoFollow
Manager at Realtek Semiconductor Corp.Advertisement
Advertisement
Advertisement
Bpf performance tools chapter 4 bcc
- BPF Performance Tools chapter 4 - bcc Viller Hsiao Feb. 17, 2020
- What’s in Chapter 4
- BPF Compiler Collection (BCC) BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Linux 4.1 and above. (4.9 and up is better)
- Overview (1/3) ● Use bcc ○ How to install bcc ■ with man page ■ example files ○ Tools overview ● Develop bcc program ○ bcc internals ○ debugging bcc
- Overview (2/3) ● Use bcc ○ How to install bcc ○ Tools overview ● Develop bcc program ○ bcc internals ○ debugging bcc
- Overview (3/3) ● Use bcc ○ How to install bcc ○ Tools overview ● Develop bcc program ○ bcc internals ○ debugging bcc
- Example bcc/examples/tracing/task_switch.py
- task_switch.py [/path/to/bcc/examples/tracing]% sudo python task_switch.py task_switch[ 0-> 2520]=10 task_switch[14980-> 0]=1 task_switch[ 1096-> 0]=1 task_switch[19347->14055]=1 task_switch[14423-> 0]=1 task_switch[ 0-> 53]=1 task_switch[ 0->28879]=60
- At First Glance https://vignette.wikia.nocookie.net/pttpedia/images/4/48/File _52cb83b426b60.jpg/revision/latest/scale-to-width-down/34 0?cb=20180122134757&path-prefix=zh
- Main Parts 1. BPF program to run in kernel 2. Kernel tracing tool to use 3. Retrieve data and do some post processing
- What’s the Program Do? Translation When kernel run to <target>, use <tracing mechanism> to execute <handler>. The handler record some <statistics> or do <something>. (Like a function decorator in Python)
- Actions When kernel run to finish_task_switch, use kprobe to execute cond_sched. The handler store counts of task switch as hash map, which is indexed by (prev_pid, curr_pid) pairs. static struct rq * finish_task_switch(struct task_struct *prev) BPF helper
- Recorded Data Manipulation When kernel run to finish_task_switch, use kprobe to execute cond_sched. The handler store counts of task switch as hash map, which is indexed by (prev_pid, curr_pid) pairs.
- 翻訳コンニャク When kernel run to finish_task_switch, use kprobe to execute cond_sched. The handler store counts of task switch as hash map, which is indexed by (prev_pid, curr_pid) pairs.
- Resources for bcc Programming ● bcc Reference Guide ○ BPF C ○ bcc Python ● bpftrace -l
- Other resources ● If it’s hard to use bpftrace on your machine ... ● /sys/kernel/tracing ○ available_events ■ tracepoint ○ tracepoint format ■ /sys/kernel/tracing/<type>/<event>/format ■ e.g. events/irq/softirq_entry/format ○ available_filter_functions ■ kprobe on function entry ● “perf list” ○ pmu events
- Alternative Tools
- Alternative Profiling Tools ● bpftrace ● ftrace / perf ○ perf-tools, by Brendan Gregg, before bcc ○ iosnoop vs biosnoop-bpfcc ● Other frontends ○ systemtap, LTTng and so on
- Q & A
Advertisement