bpftrace: a path to the ultimate Linux tracing tool
Day 1 | 15:20 | 00:20 | K.4.201 | Viktor Malik
Note: I'm reworking this at the moment, some things won't work.
We present bpftrace [1], a tracing tool for Linux based on eBPF which comes with a simple domain-specific language, "bpfscript". The language offers a convenient way to write eBPF tracing programs, without the need to dive deep into the complexities of eBPF. This makes bpftrace suitable as the entry point into the eBPF world. In addition, the terse nature of the language facilitates on-the-fly writing of very powerful short programs (so-called "one-liners") specifically tailored at the user's immediate tracing purposes.
Where bpftrace has struggled in the past, is writing complex tools which are intended to run and be maintained for a prolonged period of time. This has recently started to change with the introduction of many new bpfscript features such as variable and type declarations, user-defined functions, and more.
Ultimately, our goal is to make bpftrace the number one choice for most tracing tasks on Linux. In this talk, I will guide you through our way to achieve that - the current state of the project, the latest significant additions, and the planned future work.
No prior knowledge of eBPF or bpftrace is required for this talk. A basic understanding or a prior experience with Linux tracing is helpful.
[1] https://github.com/bpftrace/bpftrace/