top | item 20505592

(no title)

_wmd | 6 years ago

The joy with bpftrace (and dtrace before it) for me is this ease with which 'synthetic' profiling events can be constructed from multiple underlying events. This can be used to, for example, only record the latency of malloc() while at least one TCP connection has been accepted and some particular function in your binary has already run at least once with its third parameter having a particular value

The offwake.bt example from the article is the closest to that, but it doesn't hook any userspace functions (like malloc). That's totally possible and extremely easy -- events can be mixed from wherever in the same script and, barring some knowledge like the fact the script is running on every CPU simultaneously, things just magically work

The main problem with bpftrace is that it's a pain in the ass to compile from source just now. A tool as useful as this really wants to be available on every machine by default

discuss

cyphar|6 years ago

There has been quite a bit of work in recent months to make it easier for distributions to compile (such as using the system's bcc headers and libraries), so you should start to see bpftrace in more distributions. I packaged it for openSUSE almost a year ago, but it only recently became easy enough to package that I could reasonably submit it to Tumbleweed.

brendangregg|6 years ago

It depends on your distro; last I checked an "apt-get install bpftrace" worked fine on Ubuntu 18.04. Debian has a package as well. We're tracking them in the INSTALL.md.

Companies like Netflix and Facebook have internal bpftrace packages -- it's a default install on the Netflix BaseAMI, so it's always there.

helper|6 years ago

It doesn't look like bpftrace is available in the default repos for Ubuntu 18.04.