Rich probe filtering and reporting with variable locations and types

This proposal has been accepted as a session.

*
Accepted Session
Microconference Session

One Line Summary

How to combine various mechanisms (CTF, SDT, DWARF, etc.) used by various tools to provide rich filtering and reporting of events.

Abstract

Various observation tools use different ways to locate and access arguments and variables in scope when a probe point is hit or an event is triggered. Having the location and type of arguments and variables allows for richer filtering and reporting or user defined logging of events. Some mechanisms are tied to the way some probe mechanism is setup, others provide more generic descriptions of locations and types of variables at a particular address location. With eBPF we might be able to translate these mechanisms into efficient filters and data extraction for events used in the kernel.

I would like to go over some of the diffent mechanisms some of the tools use. Simple arch specific function arguments, CTF – Compact C Type Format used by dtrace with a experimental convertor in pahole/dwarves, (U)SDT User Static Defined Trace points with two (source compatible) implementations in dtrace and systemtap, also used by gdb and perf, and full DWARF location expressions that can be used by both user space and kernel tools. And explore why or why not these mechanisms are used by which tools.

The outcome will hopefully be a better understanding of which mechanisms are the most useful for all tools, which really won’t work in some situations and how to translate some of these into eBPF filters/functions that can be used by (all) in kernel tools.

Speaker