Giter Site home page Giter Site logo

linecode / ply Goto Github PK

View Code? Open in Web Editor NEW

This project forked from wkz/ply

0.0 2.0 0.0 1.39 MB

Light-weight Dynamic Tracer for Linux

Home Page: https://wkz.github.io/ply

License: GNU General Public License v2.0

Makefile 0.78% Shell 0.02% M4 0.27% C 94.24% Yacc 2.19% Lex 1.01% Python 1.48%

ply's Introduction

ply

Documentation and language reference is available at wkz.github.io/ply.

A light-weight dynamic tracer for Linux that leverages the kernel's BPF VM in concert with kprobes to attach probes to arbitrary points in the kernel. Most tracers that generate BPF bytecode are based on the LLVM based BCC toolchain. ply on the other hand has no required external dependencies except for libc. In addition to x86_64, ply also runs on aarch64, arm, and powerpc. Adding support for more ISAs is easy.

ply follows the Little Language approach of yore, compiling ply scripts into Linux BPF programs that are attached to kprobes and tracepoints in the kernel. The scripts have a C-like syntax, heavily inspired by dtrace(1) and, by extension, awk(1).

The primary goals of ply are:

  • Expose most of the BPF tracing feature-set in such a way that new scripts can be whipped up very quickly to test different hypotheses.

  • Keep dependencies to a minimum. Right now Flex and Bison are required at build-time, leaving libc as the only runtime dependency. Thus, ply is well suited for embedded targets.

If you need more fine-grained control over the kernel/userspace interaction in your tracing, checkout the bcc project which compiles C programs to BPF using LLVM in combination with a python userspace recipient to give you the full six degrees of freedom.

Examples

Syscall Tracing

read() return size, summarized as a power-of-2 histogram:

ply 'kretprobe:SyS_read { @["size"] = quantize(retval); }'

read() request size, as a power-of-2 histogram, for reads > 1 kB, grouped by pid:

ply 'kprobe:SyS_read / arg2 > 1024 / { @[pid] = quantize(arg2); }'

open() Print process name, pid and the file that was opened:

ply 'kprobe:do_sys_open { printf("%v(%v): %s\n", comm, pid, str(arg1)); }'

Count all system calls by syscall type:

ply 'kprobe:SyS_* { @[caller] = count(); }'

Count all system calls by process name and pid:

ply 'kprobe:SyS_* { @[comm, pid] = count(); }'

Stack Traces

Frequency count all different paths to schedule:

ply 'kprobe:schedule { @[stack] = count(); }'

Build and Installation

ply uses GNU's autotools as its build system. When building from a Git clone, use the following steps:

./autogen.sh   # to generate the configure script
./configure
make
make install   # you probably need to be root for this

Maintainers

ply is developed and maintained by Tobias Waldekranz. Please direct all bug reports and pull requests towards the official Github repo.

ply's People

Contributors

4ast avatar alan-maguire avatar albertveli avatar aronasorman avatar badboy avatar brendangregg avatar leo-yan avatar monadbobo avatar wkz avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.