bpftrace icon indicating copy to clipboard operation
bpftrace copied to clipboard

Published 20 hours ago verified publisher icon ajor

C struct navigation

Open brendangregg opened this issue 6 years ago • 4 comments

Something like this should work:

bpftrace -e 'kprobe:sys_nanosleep { printf("secs: %d\n", arg0->tv_nsec); }

or

bpftrace -e 'kprobe:sys_nanosleep { printf("secs: %d\n", ((struct timespec *)arg0)->tv_nsec); }'

brendangregg avatar Mar 07 '18 01:03 brendangregg

I've done some work on this one already (in the headers branch). I think all the BPF/LLVM work is done, it just needs to use libclang to parse the header files now.

ajor avatar Mar 07 '18 21:03 ajor

My current implementation will end up looking like your second example there - the first one would be a bit harder as bpftrace would have to know what the arguments to each system call etc. are.

ajor avatar Mar 07 '18 21:03 ajor

Ok; there's also the new CTF work that I think @iamkafai has been working on (@4ast would know), for converting debuginfo into a more compact format for tools to use. I don't know enough about it to say whether you should use that directly, or if libbcc will use it (once it's done) and you should use it via that. If you're currently getting it to work via kernel headers, then I think that's ok (that's how bcc currently works), just bear in mind that there might be another way in the future.

brendangregg avatar Mar 07 '18 21:03 brendangregg

The CTF stuff is now called BTF, and has merged into net-next (so I assume will be into Linux 4.18):

http://www.spinics.net/lists/netdev/msg496560.html

brendangregg avatar Apr 29 '18 17:04 brendangregg