bpftrace uprobe pthread_create on android adeb env

[b-ripper]

On Android adeb env, if use bpftrace trace uprobe pthread_create, the path should be uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_create, not uprobe:/system/lib/bootstrap/libc.so:pthread_create, uprobe:/system/lib64/bootstrap/libc.so:pthread_create. Is that right?

All these paths could list the function path: root@localhost:/# bpftrace -l 'uprobe:/system/lib/bootstrap/libc.so:pthread*' uprobe:/system/lib/bootstrap/libc.so:pthread_setspecific uprobe:/system/lib/bootstrap/libc.so:pthread_barrierattr_getpshared uprobe:/system/lib/bootstrap/libc.so:pthread_exit uprobe:/system/lib/bootstrap/libc.so:pthread_mutexattr_gettype uprobe:/system/lib/bootstrap/libc.so:pthread_attr_getscope uprobe:/system/lib/bootstrap/libc.so:pthread_cond_timedwait_monotonic_np uprobe:/system/lib/bootstrap/libc.so:pthread_attr_setguardsize uprobe:/system/lib/bootstrap/libc.so:pthread_attr_setschedpolicy uprobe:/system/lib/bootstrap/libc.so:pthread_getschedparam uprobe:/system/lib/bootstrap/libc.so:pthread_rwlock_timedwrlock uprobe:/system/lib/bootstrap/libc.so:pthread_mutexattr_getpshared uprobe:/system/lib/bootstrap/libc.so:pthread_attr_setinheritsched ...

root@localhost:/# bpftrace -l 'uprobe:/system/lib64/bootstrap/libc.so:pthread*' uprobe:/system/lib64/bootstrap/libc.so:pthread_mutex_lock uprobe:/system/lib64/bootstrap/libc.so:pthread_mutexattr_destroy uprobe:/system/lib64/bootstrap/libc.so:pthread_cond_signal uprobe:/system/lib64/bootstrap/libc.so:pthread_cond_timedwait uprobe:/system/lib64/bootstrap/libc.so:pthread_rwlockattr_setpshared uprobe:/system/lib64/bootstrap/libc.so:pthread_create uprobe:/system/lib64/bootstrap/libc.so:pthread_attr_setstacksize uprobe:/system/lib64/bootstrap/libc.so:pthread_mutexattr_gettype uprobe:/system/lib64/bootstrap/libc.so:pthread_attr_destroy uprobe:/system/lib64/bootstrap/libc.so:pthread_gettid_np ...

root@localhost:/# bpftrace -l 'uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread*' uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_getattr_np uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_condattr_getpshared uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_attr_setaffinity_np uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_rwlockattr_init uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_timedjoin_np uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_attr_setguardsize uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_attr_getstackaddr uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_condattr_setclock uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_sigqueue uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_attr_setscope uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_barrierattr_setpshared uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_condattr_setpshared ...

I write a test program that calls pthread_create, built under adeb env, could trace the output result: root@localhost:/# bpftrace -e 'BEGIN { printf("%-10s %-6s %-16s %s\n", "TIME(ms)", "PID", "COMM", "FUNC");} uprobe:/lib/aarch64-linux-gnu/libpthread.so.0:pthread_create{ printf("%-10u %-6d %-16s %s\n", elapsed /1000000, pid, comm, usym(arg2));}' Attaching 2 probes... TIME(ms) PID COMM FUNC 181 4669 pthread_test ChildThreadFunction 457 4669 pthread_test ChildThreadFunction 764 4669 pthread_test ChildThreadFunction 1065 4669 pthread_test ChildThreadFunction 1366 4669 pthread_test ChildThreadFunction 1666 4669 pthread_test ChildThreadFunction 1966 4669 pthread_test ChildThreadFunction 2266 4669 pthread_test ChildThreadFunction 2566 4669 pthread_test ChildThreadFunction 2866 4669 pthread_test ChildThreadFunction 3165 4669 pthread_test ChildThreadFunction 3466 4669 pthread_test ChildThreadFunction 3765 4669 pthread_test ChildThreadFunction ^C

but for test program built for android which execute under adb env, there is no trace result output: root@localhost:/# bpftrace -e 'BEGIN { printf("%-10s %-6s %-16s %s\n", "TIME(ms)", "PID", "COMM", "FUNC");} uprobe:/system/lib/bootstrap/libc.so:pthread_create{ printf("%-6d %-16s\n", pid, comm);}' Attaching 2 probes... TIME(ms) PID COMM FUNC ^C

root@localhost:/# bpftrace -e 'BEGIN { printf("%-10s %-6s %-16s %s\n", "TIME(ms)", "PID", "COMM", "FUNC");} uprobe:/system/lib64/bootstrap/libc.so:pthread_create{ printf("%-10u %-6d %-16s %s\n", elapsed /1000000, pid, comm, usym(arg2));}' Attaching 2 probes... TIME(ms) PID COMM FUNC ^C

So, my problem is that under adeb env, no ability to trace the function caller to bionic library?

[b-ripper]

On Android Q, bionic shared library is now symlink:

root@localhost:/# ls system/lib64/libc.so -l
lrw-r--r--. 1 root root 46 Jan  1  2009 system/lib64/libc.so -> /apex/com.android.runtime/lib64/bionic/libc.so

this will work fine:

root@localhost:/# bpftrace -e 'BEGIN { printf("%-10s %-6s %-16s %s\n", "TIME(ms)", "PID", "COMM", "FUNC");} uprobe:/system/apex/com.android.runtime.release/lib64/bionic/libc.so:pthread_create{ printf("%-10u %-6d %-16s %s\n", elapsed /1000000, pid, comm, usym(arg2));}'
Attaching 2 probes...
TIME(ms)   PID    COMM             FUNC
4307       732    perf@2.0-servic  __timer_thread_start(void*)
4354       11363  .android.camera  art::Thread::CreateCallback(void*)
4364       11363  RxCachedThreadS  art::Thread::CreateCallback(void*)
4390       11363  .android.camera  art::Thread::CreateCallback(void*)
4406       732    perf@2.0-servic  __timer_thread_start(void*)
4578       5250   pool-15-thread-  art::Thread::CreateCallback(void*)
4777       1237   backlight-notif  0x75090b29a8
4811       701    HwBinder:701_5   0x7d510079c0
4842       701    HwBinder:701_5   0x7d5102c228
4856       602    netd             0x7644cd39a0
4859       701    HwBinder:701_5   0x7d5102c228
4897       701    HwBinder:701_5   0x7d510a0628
4996       701    HwBinder:701_5   0x7d773a89a8
5003       701    HwBinder:701_5   0x7d779554c0
5088       11363  RxSingleSchedul  art::Thread::CreateCallback(void*)
5170       1237   backlight-notif  0x75090b29a8
5477       1237   backlight-notif  0x75090b29a8