| Age | Commit message (Collapse) | Author |
|---|
|
From Christian Ludwig cludwig at genua.de.
|
|
partly checked by millert@
|
|
Statement lists for if & else conditions are now wrapped in a new
'struct bt_cond'. Handling B_AC_TEST statements moved to stmt_eval()
to handle nested conditional statements.
From Christian Ludwig christian_ludwig at genua.de
|
|
|
|
Allow to save stacktrace and process name in tuples.
|
|
A current limitation is the value read from a map is converted to an
integer. To preserve the original type we have to make maps aware of
the type of its elements.
|
|
|
|
|
|
From Christian Ludwig.
|
|
Adapted from a fix from Christian Ludwig.
|
|
Previously only the first element of the tuple was considered. This led to
the introduction of new map entries.
Reported by Christian Ludwig.
|
|
|
|
BPFTrace's exit() statement executes the END probe (if any) and prints
the contents of all non-empty maps before terminating the interpreter.
Implement this in btrace(8) with a halting check after each statement.
If a statement causes the program to halt, the condition bubbles up to
the top-level evaluation loop and causes rules_teardown() to run
immediately.
btrace(8) still performs a full rules_setup() if exit() is called
during the BEGIN probe, though the top-level evaluation loop is never
run.
One edge-like case: an exit() from the END probe is treated as an
early return; END is not executed multiple times.
Thread: https://marc.info/?l=openbsd-tech&m=169765169420751&w=2
ok mpi@
|
|
Link: https://marc.info/?l=openbsd-tech&m=169695435209410&w=2
ok mpi@
|
|
|
|
Somehow missed in previous, regression reported by anton@.
|
|
It is now possible to save and print immutable arrays as below:
..$t = (1, 42, "something");
..printf("%d %s\n", $t.1, $t.2);
Also add support for evaluating builtin in order to save them in variables
(required by tuples)
|
|
Resolves segfaults when using probe within BEGIN or END.
ok mpi@
|
|
Talking with mpi@, going to rework this to be part of the parser.
Reverts commit 0iIzGtIFgBXVfbNa.
|
|
The argN builtins aren't valid in BEGIN or END actions. The fake
probe number btrace uses to facilitate other valid builtins caused
an out of bound read of an array, producing a segfault.
Change the fake probe number to 0 as it's an unsigned int and check
for that condition.
Adds asserts near other probe array indexing to catch future issues.
ok kn@
|
|
|
|
Additionally fix the bacmp() function to work on integers and strings.
bacmp() is used when maps are printed out since the output is sorted by value.
Also adjust the rule parser to look into correctly into if branches to figure
out which values to request from the kernel.
OK kn@
|
|
This only works for a single static binary where everything was compiled
with -fno-omit-frame-pointer since the stack unwinder requires the
frame-pointer.
A possible btrace script to capture performace of a single process is:
profile:hz:100 / pid == $1 / {
@[ustack] = count();
}
Then using btrace -p program uprofile.bt `pgrep program` will collect
the information for program.
This is far from perfect but should allow other people to play with this
and hopefully improve work.
OK mpi@
|
|
from the kernel. Add them to a cache when needed, and print them
with btrace -l. If the argument is of type int, print the value
as %d signed integer. This gives pretty output for refcnt changes.
All other types still use %ul.
The probe and argument number can be used as array index. Remove
the qsort and search for probe number to simplify the code. Use
array index for both probes and argument types.
OK mpi@
|
|
any parts of his diff not taken are noted on tech
|
|
It is now possible to filter by process name, like:
syscall:mmap:entry
/comm == "ld"/
{
...
}
Currently the parser treats C-string like any other expression member even
if arithmetic operations do no apply to strings.
|
|
|
|
|
|
|
|
While SIGINT (already handled) makes sense for interactive use, handling
SIGTERM in the same manner is less surprising for scripting. This lets
you do:
btrace ... & some workload; kill $!
and get the expected output.
ok mpi@
|
|
proper strings, adapt dt's exported string in the same way.
Old/new files/tools will not work the same way.
That this interface needs to also change was pointed out by jsg
|
|
exec_elf_fixup() and coredump_elf() in <sys/exec_elf.h> and call
them and the MD setregs() directly in kern_exec.c and kern_sig.c
Also delete e_name[] (only used by sysctl), e_errno (unused), and
e_syscallnames[] (only used by SYSCALL_DEBUG) and constipate
syscallnames to 'const char *const[]'
ok kettenis@
|
|
@map[probe] = count();
OK mpi@
|
|
btrace(8) cannot be pledge due to its use of special ioctl()s.
ok deraadt@
|
|
Implement initial support for the str() function, which is used
primarily to truncate or NUL-terminate strings from either cli args
or args to tracepoints and syscalls.
Current implementation only supports cli args and is primarily for
compatability with bpftrace. Future work is needed once dt(4)
supports builtin args other than long values.
Adds a regress test and wires in argument-based tests again.
ok mpi@
|
|
too much in btrace(8).
OK mpi@ deraadt@
|
|
valid argument type
found with afl++
ok mpi@
|
|
|
|
The following syntax, reducing duplication, is now allowed:
END,
interval:hz:2
{
...
}
Rule descriptors are now linked to a list of probe descriptors instead of
a single one. Enabled kernel probes are now linked to btrace(8) probe
descriptors.
While here stop parsing filter and probe if debug is not enabled.
|
|
Fix filter debugging.
|
|
|
|
ok jasper@
|
|
Fix assertions found by jasper@ with AFL++.
ok jasper@
|
|
This adds initial support for passing cli args to btrace(8) for use
in bt(5) scripts. Similar to bpftrace, they are referenced via $1,
$2, etc. with $# being the number of command line arguments provided.
Adds an initial regress test and a Makefile change to allow providing
arguments to regress tests in a .args file.
Currently no limit is imposed on the number of arguments, keeping
a similar approach as observed in bpftrace. References to undefined
arguments result in a new "nil" type that contextually acts as a
zero or empty string. More work can be done here to improve bpftrace
compatibility.
ok mpi@, jasper@
|
|
Change the parser to make clear() and zero() accept only local and
global variables as arguments.
Since the parser has no knowledge of the type of a variable abort
the execution if clear() or zero() are being called with something
other than a map or hist.
Fix assertions found by jasper@ with AFL++ (port coming soon!).
ok jasper@
|
|
this allows us to dynamically trace function boundaries with btrace by patching
prologues and epilogues with a breakpoint upon which the handler records the data,
sends it back to userland for btrace to consume.
currently it's hidden behind DDBPROF, and there is still a lot to cleanup and
improve, but basic scripts that observe return codes from a probed function
work.
from Tom Rollet, with various changes by me
feedback and ok mpi@
|
|
tracing syscalls
and adjust btrace(8) accordingly.
extracted from a larger diff by Tom Rollet.
ok mpi@
|
|
Fix a NULL-derference found by jasper@ with AFL++ (port coming soon!).
ok jasper@
|
|
Match bpftrace behavior.
|
|
|
