| Age | Commit message (Collapse) | Author |
|---|
|
the error handling of strange variable names can be better controlled.
With and OK dv@
|
|
Changes number tokenizing and parsing to support hex & octal values.
Does not address other lexer issues (e.g. $0x1) to close gaps with
bpftrace.
OK claudio@
|
|
ok claudio@
|
|
|
|
BPFTrace's exit() statement executes the END probe (if any) and prints
the contents of all non-empty maps before terminating the interpreter.
Implement this in btrace(8) with a halting check after each statement.
If a statement causes the program to halt, the condition bubbles up to
the top-level evaluation loop and causes rules_teardown() to run
immediately.
btrace(8) still performs a full rules_setup() if exit() is called
during the BEGIN probe, though the top-level evaluation loop is never
run.
One edge-like case: an exit() from the END probe is treated as an
early return; END is not executed multiple times.
Thread: https://marc.info/?l=openbsd-tech&m=169765169420751&w=2
ok mpi@
|
|
Link: https://marc.info/?l=openbsd-tech&m=169695435209410&w=2
ok mpi@
|
|
|
|
OK mpi@
|
|
Somehow missed in previous, regression reported by anton@.
|
|
It is now possible to save and print immutable arrays as below:
..$t = (1, 42, "something");
..printf("%d %s\n", $t.1, $t.2);
Also add support for evaluating builtin in order to save them in variables
(required by tuples)
|
|
ok dv@
|
|
Allows for probes like `BEGIN {}`, in parity with bpftrace.
Also fixes an incorrect syntax error parsing argN builtins in
subsequent probes after an empty BEGIN block.
ok mpi@
|
|
Resolves segfaults when using probe within BEGIN or END.
ok mpi@
|
|
The argN builtins are undefined for BEGIN and END special probes.
Similar to bpftrace, produce an error from the parser.
Adds a regress test, as well.
ok mpi@
|
|
Talking with mpi@, going to rework this to be part of the parser.
Reverts commit 0iIzGtIFgBXVfbNa.
|
|
The argN builtins aren't valid in BEGIN or END actions. The fake
probe number btrace uses to facilitate other valid builtins caused
an out of bound read of an array, producing a segfault.
Change the fake probe number to 0 as it's an unsigned int and check
for that condition.
Adds asserts near other probe array indexing to catch future issues.
ok kn@
|
|
Define the STR symbol, used for the str function.
Tune the grammar, simplifying the 'pat' rule to 'expr'. Resolves
the reduce conflicts related to 'pat' and 'factor' both matching a
lone CSTRING token.
ok mpi@
|
|
|
|
Freeing arguments tied to statements is not an option because rules are
parsed multiple times. Always make a copy of them if they are assigned
to a key in a map.
|
|
ok claudio@
|
|
Additionally fix the bacmp() function to work on integers and strings.
bacmp() is used when maps are printed out since the output is sorted by value.
Also adjust the rule parser to look into correctly into if branches to figure
out which values to request from the kernel.
OK kn@
|
|
part of the bt.5 man page.
Input and OK kn@
|
|
This only works for a single static binary where everything was compiled
with -fno-omit-frame-pointer since the stack unwinder requires the
frame-pointer.
A possible btrace script to capture performace of a single process is:
profile:hz:100 / pid == $1 / {
@[ustack] = count();
}
Then using btrace -p program uprofile.bt `pgrep program` will collect
the information for program.
This is far from perfect but should allow other people to play with this
and hopefully improve work.
OK mpi@
|
|
from the kernel. Add them to a cache when needed, and print them
with btrace -l. If the argument is of type int, print the value
as %d signed integer. This gives pretty output for refcnt changes.
All other types still use %ul.
The probe and argument number can be used as array index. Remove
the qsort and search for probe number to simplify the code. Use
array index for both probes and argument types.
OK mpi@
|
|
any parts of his diff not taken are noted on tech
|
|
A few programs used the plural in their synopsis which doesn't read as
clear as the obvious triple-dot notation.
mdoc(7) .Ar defaults to "file ..." if no arguments are given and consistent
use of 'arg ...' matches that behaviour.
Cleanup a few markups of the same argument so the text keeps reading
naturally; omit unhelpful parts like 'if optional arguments are given,
they are passed along' for tools like time(1) and timeout(1) that obviously
execute commands with whatever arguments where given -- just like doas(1)
which doesn't mention arguments in its DESCRIPTION in the first place.
For expr(1) the difference between 'expressions' and 'expression ...' is
crucial, as arguments must be passed as individual words.
Feedback millert jmc schwarze deraadt
OK jmc
|
|
It is now possible to filter by process name, like:
syscall:mmap:entry
/comm == "ld"/
{
...
}
Currently the parser treats C-string like any other expression member even
if arithmetic operations do no apply to strings.
|
|
|
|
|
|
|
|
While SIGINT (already handled) makes sense for interactive use, handling
SIGTERM in the same manner is less surprising for scripting. This lets
you do:
btrace ... & some workload; kill $!
and get the expected output.
ok mpi@
|
|
OK tedu@
|
|
ok mpi
|
|
Whitespace is allowed after the closing slash of a filter and before
the opening brace of an action. This makes the lexer scan ahead and
collect any whitespace and newlines into the end of filter token.
ok mpi@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
proper strings, adapt dt's exported string in the same way.
Old/new files/tools will not work the same way.
That this interface needs to also change was pointed out by jsg
|
|
exec_elf_fixup() and coredump_elf() in <sys/exec_elf.h> and call
them and the MD setregs() directly in kern_exec.c and kern_sig.c
Also delete e_name[] (only used by sysctl), e_errno (unused), and
e_syscallnames[] (only used by SYSCALL_DEBUG) and constipate
syscallnames to 'const char *const[]'
ok kettenis@
|
|
array. This replaces the current solution that only prints one element for
a certain value and not all elements with tha same value.
This can be further optimized but printing is not really a hot path in btrace.
OK mpi@
|
|
@map[probe] = count();
OK mpi@
|
|
btrace(8) cannot be pledge due to its use of special ioctl()s.
ok deraadt@
|
|
Implement initial support for the str() function, which is used
primarily to truncate or NUL-terminate strings from either cli args
or args to tracepoints and syscalls.
Current implementation only supports cli args and is primarily for
compatability with bpftrace. Future work is needed once dt(4)
supports builtin args other than long values.
Adds a regress test and wires in argument-based tests again.
ok mpi@
|
|
too much in btrace(8).
OK mpi@ deraadt@
|
|
valid argument type
found with afl++
ok mpi@
|
|
First we can't assume rules are written in the order they will be executed.
Secondly filters might need to check variables before they had a chance to
be populated by the right event.
|
|
|
|
The following syntax, reducing duplication, is now allowed:
END,
interval:hz:2
{
...
}
Rule descriptors are now linked to a list of probe descriptors instead of
a single one. Enabled kernel probes are now linked to btrace(8) probe
descriptors.
While here stop parsing filter and probe if debug is not enabled.
|
|
Fix filter debugging.
|
|
|
|
ok jasper@
|
|
Fix assertions found by jasper@ with AFL++.
ok jasper@
|
