rbbcc 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1911b0a6e9450e76b3fda2c56c45bfc17846638e1ca99e64e983d99f99dff64
-  data.tar.gz: e4841d103a87ee45ced700ea7dff562a305e1cbf1172ef35da40be063d4ee698
+  metadata.gz: 7b09e8de1a9fb9b045fc7cd7b00bb6cd54e2af818c8c66caed5b82370f4db612
+  data.tar.gz: 02b6c61e958a72b7d69a892dfa856823d12078393327138c523653bfc3110779
 SHA512:
-  metadata.gz: fd3aba48720c19d46efa02eac50fd758e883306616bb14068e13c4062f8d8efd4f9852b2b5d7f8eded678a9954e36070cb13f2be99c271b6983ab8ec75e53807
-  data.tar.gz: 63170a77e06d0c15d5dac6eed68112232b475259fcce7a07f4c99ba21baf9df0e85faa307fa2c868afc4aea9888ac7b4779188f03e0cd40d0cbedfab28c41873
+  metadata.gz: 2fefae013cd7a13666ae61fe19284fae49fdad67ac30692e13ab445be71b9ce788177e261e0ac884bc15e491dce2e8895dd374c623256c2dec3dab3158dc583e
+  data.tar.gz: d879de7d56899578ae483d85d9fd073cca4d84fcc5adaa465e86dacb152585c395cbdb2e563b69612577abfae07c2f500acdecd4a515c0c8f833ff586afe7158

data/.gitignore

@@ -10,4 +10,8 @@
 
 .ruby-version
 
-/examples/work/*
+/examples/work/*
+
+/bin
+!/bin/setup
+!/bin/console

data/.semaphore/semaphore.yml

@@ -0,0 +1,19 @@
+version: v1.0
+name: Ruby Test
+agent:
+  machine:
+    type: e1-standard-2
+    os_image: ubuntu1804
+blocks:
+  - name: Basic Test
+    task:
+      jobs:
+        - name: ruby test
+          matrix:
+            - env_var: LIBBCC_VERSION
+              values: [ "0.12.0", "0.11.0", "0.10.0" ]
+          commands:
+            - sem-version c 7
+            - sem-version ruby 2.6.5
+            - checkout
+            - ./semaphore.sh

data/Gemfile

@@ -2,3 +2,8 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in rbbcc.gemspec
 gemspec
+
+gem "bundler", "~> 2.0"
+gem "rake", "~> 13.0"
+gem "pry", "~> 0.12"
+gem "minitest", ">= 5"

data/Gemfile.lock

@@ -1,25 +1,27 @@
 PATH
   remote: .
   specs:
-    rbbcc (0.2.0)
+    rbbcc (0.5.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
     coderay (1.1.2)
     method_source (0.9.2)
+    minitest (5.14.0)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rake (10.5.0)
+    rake (13.0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   bundler (~> 2.0)
-  pry
-  rake (~> 10.0)
+  minitest (>= 5)
+  pry (~> 0.12)
+  rake (~> 13.0)
   rbbcc!
 
 BUNDLED WITH

data/README.md

@@ -1,6 +1,6 @@
 # RbBCC
 
-[![Gem Version](https://badge.fury.io/rb/rbbcc.svg)](https://badge.fury.io/rb/rbbcc)
+[![Gem Version](https://badge.fury.io/rb/rbbcc.svg)](https://badge.fury.io/rb/rbbcc) [![CI status](https://udzura.semaphoreci.com/badges/rbbcc.svg)](https://udzura.semaphoreci.com/projects/rbbcc)
 
 RbBCC is a port of [BCC](https://github.com/iovisor/bcc) in MRI. See iovisor project page.
 
@@ -94,6 +94,10 @@ $ docker run --privileged \
             runc-5025  [003] d...  1237.797464: : Hello, World!
 ```
 
+## Documents
+
+See [docs/](docs/) for getting started and tutorial.
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/Rakefile

@@ -1,2 +1,9 @@
 require "bundler/gem_tasks"
-task :default => :spec
+
+require "rake/testtask"
+Rake::TestTask.new do |t|
+  t.test_files = FileList['test/**/*_test.rb']
+end
+desc "Run tests"
+
+task :default => :test

data/docs/README.md

@@ -1,5 +1,7 @@
 # RbBCC Docs
 
 * [Getting Started](getting_started.md)
+* [Ruby Tutorial](tutorial_bcc_ruby_developer.md)
+* [Projects Using RbBCC](projects_using_rbbcc.md)
 
 **Please see also [BCC itself's README](https://github.com/iovisor/bcc/#readme) and [docs](https://github.com/iovisor/bcc/tree/master/docs).** 

data/docs/answers/01-hello-world.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# Original hello_world.py:
+# Copyright (c) PLUMgrid, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# This Ruby version follows the Apache License 2.0
+
+# run in project examples directory with:
+# sudo ./hello_world.rb"
+# see trace_fields.rb for a longer example
+
+require "rbbcc"
+include RbBCC
+
+# This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone
+BCC.new(text: 'int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print

data/docs/answers/02-sys_sync.rb

@@ -0,0 +1,18 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+puts "Tracing sys_sync()... Ctrl-C to end."
+begin
+  BCC.new(text: <<~BPF).trace_print
+    int kprobe__sys_sync(void *ctx) {
+      bpf_trace_printk("sys_sync() called\\n");
+      return 0;
+    }
+  BPF
+rescue Interrupt
+  puts
+  puts "Done"
+end

data/docs/answers/03-hello_fields.rb

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+# define BPF program
+prog = <<BPF
+int hello(void *ctx) {
+    bpf_trace_printk("Hello, World!\\n");
+    return 0;
+}
+BPF
+
+# load BPF program
+b = BCC.new(text: prog)
+b.attach_kprobe(event: b.get_syscall_fnname("clone"), fn_name: "hello")
+
+# header
+puts("%-18s %-16s %-6s %s" % ["TIME(s)", "COMM", "PID", "MESSAGE"])
+
+# format output
+begin
+  b.trace_fields do |task, pid, cpu, flags, ts, msg|
+    print("%-18.9f %-16s %-6d %s" % [ts, task, pid, msg])
+  end
+rescue Interrupt
+  puts
+  puts "Done"
+rescue => e
+  p e
+  retry
+end

data/docs/answers/04-sync_timing.rb

@@ -0,0 +1,46 @@
+#!/usr/bin/env ruby
+# Original sync_timing.py:
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# This Ruby version follows the Apache License 2.0
+
+require "rbbcc"
+include RbBCC
+
+# load BPF program
+b = BCC.new(text: <<BPF)
+#include <uapi/linux/ptrace.h>
+
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0;
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != 0) {
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            // output if time is less than 1 second
+            bpf_trace_printk("%d\\n", delta / 1000000);
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+BPF
+
+b.attach_kprobe(event: b.get_syscall_fnname("sync"), fn_name: "do_trace")
+puts("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+b.trace_fields do |task, pid, cpu, flags, ts, ms|
+  start = ts.to_f if start.zero?
+  ts = ts.to_f - start
+  puts("At time %.2f s: multiple syncs detected, last %s ms ago" % [ts, ms.chomp])
+end

data/docs/answers/05-sync_count.rb

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+# load BPF program
+b = BCC.new(text: <<BPF)
+#include <uapi/linux/ptrace.h>
+
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0, counter_key = 1, zero = 0;
+
+    // initialize counter key
+    if (last.lookup_or_try_init(&counter_key, &zero))
+        last.increment(counter_key);
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != 0) {
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            // output if time is less than 1 second
+            bpf_trace_printk("%d\\n", delta / 1000000);
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+BPF
+
+COUNTER_KEY = 1
+
+b.attach_kprobe(event: b.get_syscall_fnname("sync"), fn_name: "do_trace")
+puts("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+begin
+  b.trace_fields do |task, pid, cpu, flags, ts, ms|
+    start = ts.to_f if start.zero?
+    ts = ts.to_f - start
+    puts("At time %.2f s: multiple syncs detected, last %s ms ago" % [ts, ms.chomp])
+  end
+rescue Interrupt
+  table = b["last"]
+  puts "Count of sys_sync: %d" % table[COUNTER_KEY].to_bcc_value
+end

data/docs/answers/06-disksnoop.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+#
+# disksnoop.rb	Trace block device I/O: basic version of iosnoop.
+#		For Linux, uses BCC, eBPF. Embedded C.
+# This is ported from original disksnoop.py
+#
+# Written as a basic example of tracing latency.
+#
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# 11-Aug-2015	Brendan Gregg	Created disksnoop.py
+
+require 'rbbcc'
+include RbBCC
+
+REQ_WRITE = 1		# from include/linux/blk_types.h
+
+# load BPF program
+b = BCC.new(text: <<CLANG)
+#include <uapi/linux/ptrace.h>
+#include <linux/blkdev.h>
+
+BPF_HASH(start, struct request *);
+
+void trace_start(struct pt_regs *ctx, struct request *req) {
+  // stash start timestamp by request ptr
+  u64 ts = bpf_ktime_get_ns();
+
+  start.update(&req, &ts);
+}
+
+void trace_completion(struct pt_regs *ctx, struct request *req) {
+  u64 *tsp, delta;
+
+  tsp = start.lookup(&req);
+  if (tsp != 0) {
+    delta = bpf_ktime_get_ns() - *tsp;
+    bpf_trace_printk("%d %x %d\\n", req->__data_len,
+        req->cmd_flags, delta / 1000);
+    start.delete(&req);
+  }
+}
+CLANG
+
+b.attach_kprobe(event: "blk_start_request", fn_name: "trace_start") if BCC.get_kprobe_functions('blk_start_request')
+b.attach_kprobe(event: "blk_mq_start_request", fn_name: "trace_start")
+b.attach_kprobe(event: "blk_account_io_completion", fn_name: "trace_completion")
+
+# header
+puts("%-18s %-2s %-7s %8s" % ["TIME(s)", "T", "BYTES", "LAT(ms)"])
+
+# format output
+loop do
+  begin
+    task, pid, cpu, flags, ts, msg = b.trace_fields
+    bytes_s, bflags_s, us_s = msg.split
+
+    if (bflags_s.to_i(16) & REQ_WRITE).nonzero?
+      type_s = "W"
+    elsif bytes_s == "0" # see blk_fill_rwbs() for logic
+      type_s = "M"
+    else
+      type_s = "R"
+    end
+    ms = us_s.to_i.to_f / 1000
+
+    puts("%-18.9f %-2s %-7s %8.2f" % [ts, type_s, bytes_s, ms])
+  rescue Interrupt
+    exit
+  end
+end

data/docs/answers/07-hello_perf_output.rb

@@ -0,0 +1,59 @@
+#!/usr/bin/env ruby
+#
+# This is a Hello World example that uses BPF_PERF_OUTPUT.
+# Ported from hello_perf_output.py
+
+require 'rbbcc'
+include RbBCC
+
+# define BPF program
+prog = """
+#include <linux/sched.h>
+
+// define output data structure in C
+struct data_t {
+    u32 pid;
+    u64 ts;
+    char comm[TASK_COMM_LEN];
+};
+BPF_PERF_OUTPUT(events);
+
+int hello(struct pt_regs *ctx) {
+    struct data_t data = {};
+
+    data.pid = bpf_get_current_pid_tgid();
+    data.ts = bpf_ktime_get_ns();
+    bpf_get_current_comm(&data.comm, sizeof(data.comm));
+
+    events.perf_submit(ctx, &data, sizeof(data));
+
+    return 0;
+}
+"""
+
+# load BPF program
+b = BCC.new(text: prog)
+b.attach_kprobe(event: b.get_syscall_fnname("clone"), fn_name: "hello")
+
+# header
+puts("%-18s %-16s %-6s %s" % ["TIME(s)", "COMM", "PID", "MESSAGE"])
+
+# process event
+start = 0
+print_event = lambda { |cpu, data, size|
+  event = b["events"].event(data)
+  if start == 0
+    start = event.ts
+  end
+
+  time_s = ((event.ts - start).to_f) / 1000000000
+  puts("%-18.9f %-16s %-6d %s" % [time_s, event.comm, event.pid,
+                                  "Hello, perf_output!"])
+}
+
+# loop with callback to print_event
+b["events"].open_perf_buffer(&print_event)
+
+loop do
+  b.perf_buffer_poll()
+end

data/docs/answers/08-sync_perf_output.rb

@@ -0,0 +1,60 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+# load BPF program
+b = BCC.new(text: <<BPF)
+#include <uapi/linux/ptrace.h>
+
+struct data_t {
+    u32 pid;
+    u64 ts;
+    u64 delta;
+};
+BPF_PERF_OUTPUT(events);
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0;
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != 0) {
+        struct data_t data = {};
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            data.pid = bpf_get_current_pid_tgid();
+            data.ts = bpf_ktime_get_ns();
+            data.delta = delta;
+            events.perf_submit(ctx, &data, sizeof(data));
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+BPF
+
+b.attach_kprobe(event: b.get_syscall_fnname("sync"), fn_name: "do_trace")
+puts("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+b["events"].open_perf_buffer do |_, data, _|
+  event = b["events"].event(data)
+  if start == 0
+    start = event.ts
+  end
+
+  time_s = ((event.ts - start).to_f) / 1_000_000_000
+  puts("At time %.2f s: multiple syncs detected, last %s ms ago" % [time_s, event.delta / 1_000_000])
+end
+
+loop do
+  b.perf_buffer_poll()
+end