rbbcc 0.3.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 162758633aea60cbe4979dd77f61603a7f2032d624594b523f990d703d9fc0e6
-  data.tar.gz: 39b9b0b9fd390f45a5a242d6182197d9e39de0fb0444f06c94872a42b5dd4d5a
+  metadata.gz: 4bfc5d3f19fd4dbfa744a6380055103b5c45a0a72d956ced238154472ae4d7b5
+  data.tar.gz: 160c2a313f7181c6a9dab665c265fe2760d743ecbcab4797cc25e920e00d7f11
 SHA512:
-  metadata.gz: e807d4903cbd8683eb58b073700a24993824e23027de3445d2729728e9cbe7d556a7948a15efaf5c5e7462521675854ec40e32e9776d64c637778fcbad4ad79c
-  data.tar.gz: fcecb00f5eb34f247987b445c59daa221b99ed477ffcd5355e965ac20c97cbe748b3650f2066de1b6575e4ffaf97c7cf21bf9751a7e55ec02cfb0a1837f3e7be
+  metadata.gz: 9e2f72abd18698c9dca81342474a38e10a2e65d88e4acc7d0bbb3d924d9019d7204639f407a14418664d49ef4eb0666729fda06e3a06f2066dd0c8bfa0cf6701
+  data.tar.gz: e651213860bacc705b8b3f8c51c962aba9f5f1d67cb041eab850eee64b1c8ab6d7fe71a6bd630cddc224bea2af465323c3b4ef728995d124c954f194e9cd6714

data/.semaphore/semaphore.yml

@@ -10,10 +10,12 @@ blocks:
       jobs:
         - name: ruby test
           matrix:
+            - env_var: RUBY_VERSION
+              values: [ "2.6.5", "2.6.6", "2.7.1" ]
             - env_var: LIBBCC_VERSION
               values: [ "0.12.0", "0.11.0", "0.10.0" ]
           commands:
             - sem-version c 7
-            - sem-version ruby 2.6.5
+            - sem-version ruby $RUBY_VERSION
             - checkout
             - ./semaphore.sh

data/Gemfile

@@ -2,3 +2,8 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in rbbcc.gemspec
 gemspec
+
+gem "bundler", "~> 2.0"
+gem "rake", "~> 13.0"
+gem "pry", "~> 0.12"
+gem "minitest", ">= 5"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rbbcc (0.3.1)
+    rbbcc (0.6.0)
 
 GEM
   remote: https://rubygems.org/
@@ -12,17 +12,17 @@ GEM
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rake (10.5.0)
+    rake (13.0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   bundler (~> 2.0)
-  minitest
-  pry
-  rake (~> 10.0)
+  minitest (>= 5)
+  pry (~> 0.12)
+  rake (~> 13.0)
   rbbcc!
 
 BUNDLED WITH
-   2.1.0
+   2.1.4

data/README.md

@@ -94,6 +94,10 @@ $ docker run --privileged \
             runc-5025  [003] d...  1237.797464: : Hello, World!
 ```
 
+## Documents
+
+See [docs/](docs/) for getting started and tutorial.
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/docs/README.md

@@ -1,5 +1,7 @@
 # RbBCC Docs
 
 * [Getting Started](getting_started.md)
+* [Ruby Tutorial](tutorial_bcc_ruby_developer.md)
+* [Projects Using RbBCC](projects_using_rbbcc.md)
 
 **Please see also [BCC itself's README](https://github.com/iovisor/bcc/#readme) and [docs](https://github.com/iovisor/bcc/tree/master/docs).** 

data/docs/answers/01-hello-world.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# Original hello_world.py:
+# Copyright (c) PLUMgrid, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# This Ruby version follows the Apache License 2.0
+
+# run in project examples directory with:
+# sudo ./hello_world.rb"
+# see trace_fields.rb for a longer example
+
+require "rbbcc"
+include RbBCC
+
+# This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone
+BCC.new(text: 'int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print

data/docs/answers/02-sys_sync.rb

@@ -0,0 +1,18 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+puts "Tracing sys_sync()... Ctrl-C to end."
+begin
+  BCC.new(text: <<~BPF).trace_print
+    int kprobe__sys_sync(void *ctx) {
+      bpf_trace_printk("sys_sync() called\\n");
+      return 0;
+    }
+  BPF
+rescue Interrupt
+  puts
+  puts "Done"
+end

data/docs/answers/03-hello_fields.rb

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+# define BPF program
+prog = <<BPF
+int hello(void *ctx) {
+    bpf_trace_printk("Hello, World!\\n");
+    return 0;
+}
+BPF
+
+# load BPF program
+b = BCC.new(text: prog)
+b.attach_kprobe(event: b.get_syscall_fnname("clone"), fn_name: "hello")
+
+# header
+puts("%-18s %-16s %-6s %s" % ["TIME(s)", "COMM", "PID", "MESSAGE"])
+
+# format output
+begin
+  b.trace_fields do |task, pid, cpu, flags, ts, msg|
+    print("%-18.9f %-16s %-6d %s" % [ts, task, pid, msg])
+  end
+rescue Interrupt
+  puts
+  puts "Done"
+rescue => e
+  p e
+  retry
+end

data/docs/answers/04-sync_timing.rb

@@ -0,0 +1,46 @@
+#!/usr/bin/env ruby
+# Original sync_timing.py:
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# This Ruby version follows the Apache License 2.0
+
+require "rbbcc"
+include RbBCC
+
+# load BPF program
+b = BCC.new(text: <<BPF)
+#include <uapi/linux/ptrace.h>
+
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0;
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != 0) {
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            // output if time is less than 1 second
+            bpf_trace_printk("%d\\n", delta / 1000000);
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+BPF
+
+b.attach_kprobe(event: b.get_syscall_fnname("sync"), fn_name: "do_trace")
+puts("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+b.trace_fields do |task, pid, cpu, flags, ts, ms|
+  start = ts.to_f if start.zero?
+  ts = ts.to_f - start
+  puts("At time %.2f s: multiple syncs detected, last %s ms ago" % [ts, ms.chomp])
+end

data/docs/answers/05-sync_count.rb

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+# load BPF program
+b = BCC.new(text: <<BPF)
+#include <uapi/linux/ptrace.h>
+
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0, counter_key = 1, zero = 0;
+
+    // initialize counter key
+    if (last.lookup_or_try_init(&counter_key, &zero))
+        last.increment(counter_key);
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != 0) {
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            // output if time is less than 1 second
+            bpf_trace_printk("%d\\n", delta / 1000000);
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+BPF
+
+COUNTER_KEY = 1
+
+b.attach_kprobe(event: b.get_syscall_fnname("sync"), fn_name: "do_trace")
+puts("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+begin
+  b.trace_fields do |task, pid, cpu, flags, ts, ms|
+    start = ts.to_f if start.zero?
+    ts = ts.to_f - start
+    puts("At time %.2f s: multiple syncs detected, last %s ms ago" % [ts, ms.chomp])
+  end
+rescue Interrupt
+  table = b["last"]
+  puts "Count of sys_sync: %d" % table[COUNTER_KEY].to_bcc_value
+end

data/docs/answers/06-disksnoop.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+#
+# disksnoop.rb	Trace block device I/O: basic version of iosnoop.
+#		For Linux, uses BCC, eBPF. Embedded C.
+# This is ported from original disksnoop.py
+#
+# Written as a basic example of tracing latency.
+#
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# 11-Aug-2015	Brendan Gregg	Created disksnoop.py
+
+require 'rbbcc'
+include RbBCC
+
+REQ_WRITE = 1		# from include/linux/blk_types.h
+
+# load BPF program
+b = BCC.new(text: <<CLANG)
+#include <uapi/linux/ptrace.h>
+#include <linux/blkdev.h>
+
+BPF_HASH(start, struct request *);
+
+void trace_start(struct pt_regs *ctx, struct request *req) {
+  // stash start timestamp by request ptr
+  u64 ts = bpf_ktime_get_ns();
+
+  start.update(&req, &ts);
+}
+
+void trace_completion(struct pt_regs *ctx, struct request *req) {
+  u64 *tsp, delta;
+
+  tsp = start.lookup(&req);
+  if (tsp != 0) {
+    delta = bpf_ktime_get_ns() - *tsp;
+    bpf_trace_printk("%d %x %d\\n", req->__data_len,
+        req->cmd_flags, delta / 1000);
+    start.delete(&req);
+  }
+}
+CLANG
+
+b.attach_kprobe(event: "blk_start_request", fn_name: "trace_start") if BCC.get_kprobe_functions('blk_start_request')
+b.attach_kprobe(event: "blk_mq_start_request", fn_name: "trace_start")
+b.attach_kprobe(event: "blk_account_io_completion", fn_name: "trace_completion")
+
+# header
+puts("%-18s %-2s %-7s %8s" % ["TIME(s)", "T", "BYTES", "LAT(ms)"])
+
+# format output
+loop do
+  begin
+    task, pid, cpu, flags, ts, msg = b.trace_fields
+    bytes_s, bflags_s, us_s = msg.split
+
+    if (bflags_s.to_i(16) & REQ_WRITE).nonzero?
+      type_s = "W"
+    elsif bytes_s == "0" # see blk_fill_rwbs() for logic
+      type_s = "M"
+    else
+      type_s = "R"
+    end
+    ms = us_s.to_i.to_f / 1000
+
+    puts("%-18.9f %-2s %-7s %8.2f" % [ts, type_s, bytes_s, ms])
+  rescue Interrupt
+    exit
+  end
+end

data/docs/answers/07-hello_perf_output.rb

@@ -0,0 +1,59 @@
+#!/usr/bin/env ruby
+#
+# This is a Hello World example that uses BPF_PERF_OUTPUT.
+# Ported from hello_perf_output.py
+
+require 'rbbcc'
+include RbBCC
+
+# define BPF program
+prog = """
+#include <linux/sched.h>
+
+// define output data structure in C
+struct data_t {
+    u32 pid;
+    u64 ts;
+    char comm[TASK_COMM_LEN];
+};
+BPF_PERF_OUTPUT(events);
+
+int hello(struct pt_regs *ctx) {
+    struct data_t data = {};
+
+    data.pid = bpf_get_current_pid_tgid();
+    data.ts = bpf_ktime_get_ns();
+    bpf_get_current_comm(&data.comm, sizeof(data.comm));
+
+    events.perf_submit(ctx, &data, sizeof(data));
+
+    return 0;
+}
+"""
+
+# load BPF program
+b = BCC.new(text: prog)
+b.attach_kprobe(event: b.get_syscall_fnname("clone"), fn_name: "hello")
+
+# header
+puts("%-18s %-16s %-6s %s" % ["TIME(s)", "COMM", "PID", "MESSAGE"])
+
+# process event
+start = 0
+print_event = lambda { |cpu, data, size|
+  event = b["events"].event(data)
+  if start == 0
+    start = event.ts
+  end
+
+  time_s = ((event.ts - start).to_f) / 1000000000
+  puts("%-18.9f %-16s %-6d %s" % [time_s, event.comm, event.pid,
+                                  "Hello, perf_output!"])
+}
+
+# loop with callback to print_event
+b["events"].open_perf_buffer(&print_event)
+
+loop do
+  b.perf_buffer_poll()
+end

data/docs/answers/08-sync_perf_output.rb

@@ -0,0 +1,60 @@
+#!/usr/bin/env ruby
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require "rbbcc"
+include RbBCC
+
+# load BPF program
+b = BCC.new(text: <<BPF)
+#include <uapi/linux/ptrace.h>
+
+struct data_t {
+    u32 pid;
+    u64 ts;
+    u64 delta;
+};
+BPF_PERF_OUTPUT(events);
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0;
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != 0) {
+        struct data_t data = {};
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            data.pid = bpf_get_current_pid_tgid();
+            data.ts = bpf_ktime_get_ns();
+            data.delta = delta;
+            events.perf_submit(ctx, &data, sizeof(data));
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+BPF
+
+b.attach_kprobe(event: b.get_syscall_fnname("sync"), fn_name: "do_trace")
+puts("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+b["events"].open_perf_buffer do |_, data, _|
+  event = b["events"].event(data)
+  if start == 0
+    start = event.ts
+  end
+
+  time_s = ((event.ts - start).to_f) / 1_000_000_000
+  puts("At time %.2f s: multiple syncs detected, last %s ms ago" % [time_s, event.delta / 1_000_000])
+end
+
+loop do
+  b.perf_buffer_poll()
+end