TracingSummit2018bpftrace

From TracingSummit
Jump to: navigation, search

Linux BPF Tracing with BPFtrace

Abstract

BPFtrace is a high level tracing language for Linux Berkeley Packet Filter (BPF) available in recent Linux kernels. Built on top of LLVM and BCC (https://github.com/iovisor/bcc), BPFtrace provides an easier way of writing BPF programs for interacting with Linux tracing capabilites, such as kprobes, uprobes, kernel tracepoints, USDT and hardware events.

We'll go over Linux BPF itself and how BPFtrace fits in, followed by some demonstrations of new performance and monitoring tools written with BPFtrace.

https://github.com/iovisor/bpftrace

Target audience

  • People interested in learning more about BPF powered tracing,
  • BCC users who would like an easier way to write ad-hoc tracing scripts.

Bio

Alastair Robertson is the creator of bpftrace and has been working on it in his own time for the past two years after discovering the new tracing capabilities of Linux BPF.