ply icon indicating copy to clipboard operation
ply copied to clipboard

Published 20 hours ago verified publisher icon iovisor

Plans for uprobe support?

Open billtohara opened this issue 6 years ago • 5 comments

My current understanding is that ply doesn't support uprobes yet. Is that planned, or is anyone working on it?

Looking at the providers, the support to add say profiling provide in kprobes was wonderfully concise. Might uprobes be similar, or is it a quite different undertaking? Apologies in advance for my lack of understanding there.

billtohara avatar Mar 01 '18 18:03 billtohara

I'm working on a new version of ply which has a better compiler foundation with a proper type system and so on (ply was my first compiler project, ever :smile:). I'm convinced that we need this to move forward. So uprobes is lower on my list at the moment.

The hard part about uprobes is that you need some way of reading DWARF symbols in order to do anything meaningful. With the kernel we can get by with /proc/kallsyms. There is nothing similar on the userspace side, without debug symbols you are blind. Ideally we would also have something like CTF on Linux.

wkz avatar Mar 02 '18 09:03 wkz

I've got a rough prototype of uprobe support working; however it relies on specifying the instruction address currently, rather than resolving it for the user. For example, according to "objdump -j .text -T /usr/bin/bash |grep shell_execve", bash's shell_execve() function is at 000000000042fbd0. And if we cat /proc//maps |grep /usr/bin/bash |grep r-xp 00400000-004dd000 r-xp 00000000 fc:00 12433 /usr/bin/bash

...we see that the text section starts at 400000. So that means our address is 0x2fbd0 (42fbd0 - 400000). So we can run the following to see which commands bash is executing:

ply -c 'uprobe:/usr/bin/bash:0x2fbd0 { @c[mem(arg(0),"128s")].count(); }'

1 probe active ^Cde-activating probes

@c: /usr/bin/find 1 /usr/bin/ls 1

A pain to do all this I know, but it might make sense to tackle uprobe support in two stages: first add basic uprobe support as above, then tackle symbol resolution. What do you think?

alan-maguire avatar Mar 13 '18 14:03 alan-maguire

Does uprobe support get enabled on ply?

Kullu14 avatar Jul 26 '19 09:07 Kullu14

I've been allocating my spare time to other projects lately, so it is not there yet.

uprobes are definitely on the roadmap. Basic support is easy to add, i.e. specifying probes via raw addresses. But the way I see it, you would need some DWARF/CTF/BTF support to get something useful.

wkz avatar Aug 12 '19 18:08 wkz

I would like to work on it. If someone can guide me through it.

Kullu14 avatar Aug 22 '19 06:08 Kullu14