search

iovisor / ply

Dynamic Tracing in Linux
GNU General Public License v2.0
971 stars 92 forks source link

Plans for uprobe support? #38

Open billtohara opened 6 years ago

billtohara commented 6 years ago

My current understanding is that ply doesn't support uprobes yet. Is that planned, or is anyone working on it?

Looking at the providers, the support to add say profiling provide in kprobes was wonderfully concise. Might uprobes be similar, or is it a quite different undertaking? Apologies in advance for my lack of understanding there.

wkz commented 6 years ago

I'm working on a new version of ply which has a better compiler foundation with a proper type system and so on (ply was my first compiler project, ever :smile:). I'm convinced that we need this to move forward. So uprobes is lower on my list at the moment.

The hard part about uprobes is that you need some way of reading DWARF symbols in order to do anything meaningful. With the kernel we can get by with /proc/kallsyms. There is nothing similar on the userspace side, without debug symbols you are blind. Ideally we would also have something like CTF on Linux.

alan-maguire commented 6 years ago

I've got a rough prototype of uprobe support working; however it relies on specifying the instruction address currently, rather than resolving it for the user. For example, according to "objdump -j .text -T /usr/bin/bash |grep shell_execve", bash's shell_execve() function is at 000000000042fbd0. And if we cat /proc//maps |grep /usr/bin/bash |grep r-xp 00400000-004dd000 r-xp 00000000 fc:00 12433 /usr/bin/bash

...we see that the text section starts at 400000. So that means our address is 0x2fbd0 (42fbd0 - 400000). So we can run the following to see which commands bash is executing:

ply -c 'uprobe:/usr/bin/bash:0x2fbd0 { @c[mem(arg(0),"128s")].count(); }'

1 probe active ^Cde-activating probes

@c: /usr/bin/find 1 /usr/bin/ls 1

A pain to do all this I know, but it might make sense to tackle uprobe support in two stages: first add basic uprobe support as above, then tackle symbol resolution. What do you think?

Kullu14 commented 5 years ago

Does uprobe support get enabled on ply?

wkz commented 5 years ago

I've been allocating my spare time to other projects lately, so it is not there yet.

uprobes are definitely on the roadmap. Basic support is easy to add, i.e. specifying probes via raw addresses. But the way I see it, you would need some DWARF/CTF/BTF support to get something useful.

Kullu14 commented 5 years ago

I would like to work on it. If someone can guide me through it.