Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / bcc / c08c431ae1e373316ef2f9d534503e19719f7b28 / . / tools / trace.py
blob: b159510b1a1aca8dc4f0a6644b4ff4f3d196ff77 [file] [log] [blame]
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]1#!/usr/bin/env python
2#
3# trace Trace a function and print a trace message based on its
4# parameters, with an optional filter.
5#
6# USAGE: trace [-h] [-p PID] [-v] [-Z STRING_SIZE] [-S] [-M MAX_EVENTS] [-o]
7# probe [probe ...]
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]8#
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]9# Licensed under the Apache License, Version 2.0 (the "License")
10# Copyright (C) 2016 Sasha Goldshtein.
11
Sasha Goldshteinc08c4312016-03-21 03:52:09 -0700[diff] [blame^]12from bcc import BPF, Tracepoint, Perf
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]13from time import sleep, strftime
14import argparse
15import re
16import ctypes as ct
17import os
18import traceback
19import sys
20
21class Time(object):
22 # BPF timestamps come from the monotonic clock. To be able to filter
23 # and compare them from Python, we need to invoke clock_gettime.
24 # Adapted from http://stackoverflow.com/a/1205762
25 CLOCK_MONOTONIC_RAW = 4 # see <linux/time.h>
26
27 class timespec(ct.Structure):
28 _fields_ = [
29 ('tv_sec', ct.c_long),
30 ('tv_nsec', ct.c_long)
31 ]
32
33 librt = ct.CDLL('librt.so.1', use_errno=True)
34 clock_gettime = librt.clock_gettime
35 clock_gettime.argtypes = [ct.c_int, ct.POINTER(timespec)]
36
37 @staticmethod
38 def monotonic_time():
39 t = Time.timespec()
40 if Time.clock_gettime(
41 Time.CLOCK_MONOTONIC_RAW, ct.pointer(t)) != 0:
42 errno_ = ct.get_errno()
43 raise OSError(errno_, os.strerror(errno_))
44 return t.tv_sec * 1e9 + t.tv_nsec
45
46class Probe(object):
47 probe_count = 0
48 max_events = None
49 event_count = 0
50 first_ts = 0
51 use_localtime = True
52
53 @classmethod
54 def configure(cls, args):
55 cls.max_events = args.max_events
56 cls.use_localtime = not args.offset
57 cls.first_ts = Time.monotonic_time()
58
59 def __init__(self, probe, string_size):
60 self.raw_probe = probe
61 self.string_size = string_size
62 Probe.probe_count += 1
63 self._parse_probe()
64 self.probe_num = Probe.probe_count
65 self.probe_name = "probe_%s_%d" % \
66 (self.function, self.probe_num)
67
68 def __str__(self):
69 return "%s:%s`%s FLT=%s ACT=%s/%s" % (self.probe_type,
70 self.library, self.function, self.filter,
71 self.types, self.values)
72
73 def is_default_action(self):
74 return self.python_format == ""
75
76 def _bail(self, error):
77 raise ValueError("error parsing probe '%s': %s" %
78 (self.raw_probe, error))
79
80 def _parse_probe(self):
81 text = self.raw_probe
82
83 # Everything until the first space is the probe specifier
84 first_space = text.find(' ')
85 spec = text[:first_space] if first_space >= 0 else text
86 self._parse_spec(spec)
87 if first_space >= 0:
88 text = text[first_space:].lstrip()
89 else:
90 text = ""
91
92 # If we now have a (, wait for the balanced closing ) and that
93 # will be the predicate
94 self.filter = None
95 if len(text) > 0 and text[0] == "(":
96 balance = 1
97 for i in range(1, len(text)):
98 if text[i] == "(":
99 balance += 1
100 if text[i] == ")":
101 balance -= 1
102 if balance == 0:
103 self._parse_filter(text[:i+1])
104 text = text[i+1:]
105 break
106 if self.filter is None:
107 self._bail("unmatched end of predicate")
108
109 if self.filter is None:
110 self.filter = "1"
111
112 # The remainder of the text is the printf action
113 self._parse_action(text.lstrip())
114
115 def _parse_spec(self, spec):
116 parts = spec.split(":")
117 # Two special cases: 'func' means 'p::func', 'lib:func' means
118 # 'p:lib:func'. Other combinations need to provide an empty
119 # value between delimiters, e.g. 'r::func' for a kretprobe on
120 # the function func.
121 if len(parts) == 1:
122 parts = ["p", "", parts[0]]
123 elif len(parts) == 2:
124 parts = ["p", parts[0], parts[1]]
125 if len(parts[0]) == 0:
126 self.probe_type = "p"
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]127 elif parts[0] in ["p", "r", "t"]:
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]128 self.probe_type = parts[0]
129 else:
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]130 self._bail("expected '', 'p', 't', or 'r', got '%s'" %
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]131 parts[0])
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]132 if self.probe_type == "t":
133 self.tp_category = parts[1]
134 self.tp_event = parts[2]
Sasha Goldshteinc08c4312016-03-21 03:52:09 -0700[diff] [blame^]135 self.tp = Tracepoint.enable_tracepoint(
136 self.tp_category, self.tp_event)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]137 self.library = "" # kernel
138 self.function = "perf_trace_%s" % self.tp_event
139 else:
140 self.library = parts[1]
141 self.function = parts[2]
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]142
143 def _parse_filter(self, filt):
144 self.filter = self._replace_args(filt)
145
146 def _parse_types(self, fmt):
147 for match in re.finditer(
148 r'[^%]%(s|u|d|llu|lld|hu|hd|x|llx|c)', fmt):
149 self.types.append(match.group(1))
150 fmt = re.sub(r'([^%]%)(u|d|llu|lld|hu|hd)', r'\1d', fmt)
151 fmt = re.sub(r'([^%]%)(x|llx)', r'\1x', fmt)
152 self.python_format = fmt.strip('"')
153
154 def _parse_action(self, action):
155 self.values = []
156 self.types = []
157 self.python_format = ""
158 if len(action) == 0:
159 return
160
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]161 action = action.strip()
162 match = re.search(r'(\".*\"),?(.*)', action)
163 if match is None:
164 self._bail("expected format string in \"s")
165
166 self.raw_format = match.group(1)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]167 self._parse_types(self.raw_format)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]168 for part in match.group(2).split(','):
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]169 part = self._replace_args(part)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]170 if len(part) > 0:
171 self.values.append(part)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]172
173 aliases = {
174 "retval": "ctx->ax",
175 "arg1": "ctx->di",
176 "arg2": "ctx->si",
177 "arg3": "ctx->dx",
178 "arg4": "ctx->cx",
179 "arg5": "ctx->r8",
180 "arg6": "ctx->r9",
181 "$uid": "(unsigned)(bpf_get_current_uid_gid() & 0xffffffff)",
182 "$gid": "(unsigned)(bpf_get_current_uid_gid() >> 32)",
183 "$pid": "(unsigned)(bpf_get_current_pid_tgid() & 0xffffffff)",
184 "$tgid": "(unsigned)(bpf_get_current_pid_tgid() >> 32)",
185 "$cpu": "bpf_get_smp_processor_id()"
186 }
187
188 def _replace_args(self, expr):
189 for alias, replacement in Probe.aliases.items():
190 expr = expr.replace(alias, replacement)
191 return expr
192
193 p_type = { "u": ct.c_uint, "d": ct.c_int,
194 "llu": ct.c_ulonglong, "lld": ct.c_longlong,
195 "hu": ct.c_ushort, "hd": ct.c_short,
196 "x": ct.c_uint, "llx": ct.c_ulonglong,
197 "c": ct.c_ubyte }
198
199 def _generate_python_field_decl(self, idx, fields):
200 field_type = self.types[idx]
201 if field_type == "s":
202 ptype = ct.c_char * self.string_size
203 else:
204 ptype = Probe.p_type[field_type]
205 fields.append(("v%d" % idx, ptype))
206
207 def _generate_python_data_decl(self):
208 self.python_struct_name = "%s_%d_Data" % \
209 (self.function, self.probe_num)
210 fields = [
211 ("timestamp_ns", ct.c_ulonglong),
212 ("pid", ct.c_uint),
213 ("comm", ct.c_char * 16) # TASK_COMM_LEN
214 ]
215 for i in range(0, len(self.types)):
216 self._generate_python_field_decl(i, fields)
217 return type(self.python_struct_name, (ct.Structure,),
218 dict(_fields_=fields))
219
220 c_type = { "u": "unsigned int", "d": "int",
221 "llu": "unsigned long long", "lld": "long long",
222 "hu": "unsigned short", "hd": "short",
223 "x": "unsigned int", "llx": "unsigned long long",
224 "c": "char" }
225 fmt_types = c_type.keys()
226
227 def _generate_field_decl(self, idx):
228 field_type = self.types[idx]
229 if field_type == "s":
230 return "char v%d[%d];\n" % (idx, self.string_size)
231 if field_type in Probe.fmt_types:
232 return "%s v%d;\n" % (Probe.c_type[field_type], idx)
233 self._bail("unrecognized format specifier %s" % field_type)
234
235 def _generate_data_decl(self):
236 # The BPF program will populate values into the struct
237 # according to the format string, and the Python program will
238 # construct the final display string.
239 self.events_name = "%s_events" % self.probe_name
240 self.struct_name = "%s_data_t" % self.probe_name
241
242 data_fields = ""
243 for i, field_type in enumerate(self.types):
244 data_fields += " " + \
245 self._generate_field_decl(i)
246
247 text = """
248struct %s
249{
250 u64 timestamp_ns;
251 u32 pid;
252 char comm[TASK_COMM_LEN];
253%s
254};
255
256BPF_PERF_OUTPUT(%s);
257"""
258 return text % (self.struct_name, data_fields, self.events_name)
259
260 def _generate_field_assign(self, idx):
261 field_type = self.types[idx]
262 expr = self.values[idx]
263 if field_type == "s":
264 return """
265 if (%s != 0) {
266 bpf_probe_read(&__data.v%d, sizeof(__data.v%d), (void *)%s);
267 }
268""" % (expr, idx, idx, expr)
269 # return ("bpf_probe_read(&__data.v%d, " + \
270 # "sizeof(__data.v%d), (char*)%s);\n") % (idx, idx, expr)
271 # return ("__builtin_memcpy(&__data.v%d, (void *)%s, " + \
272 # "sizeof(__data.v%d));\n") % (idx, expr, idx)
273 if field_type in Probe.fmt_types:
274 return " __data.v%d = (%s)%s;\n" % \
275 (idx, Probe.c_type[field_type], expr)
276 self._bail("unrecognized field type %s" % field_type)
277
278 def generate_program(self, pid, include_self):
279 data_decl = self._generate_data_decl()
280 self.pid = pid
281 # kprobes don't have built-in pid filters, so we have to add
282 # it to the function body:
283 if len(self.library) == 0 and pid != -1:
284 pid_filter = """
285 u32 __pid = bpf_get_current_pid_tgid();
286 if (__pid != %d) { return 0; }
287""" % pid
288 elif not include_self:
289 pid_filter = """
290 u32 __pid = bpf_get_current_pid_tgid();
291 if (__pid == %d) { return 0; }
292""" % os.getpid()
293 else:
294 pid_filter = ""
295
296 data_fields = ""
297 for i, expr in enumerate(self.values):
298 data_fields += self._generate_field_assign(i)
299
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]300 prefix = ""
301 if self.probe_type == "t":
Sasha Goldshteinc08c4312016-03-21 03:52:09 -0700[diff] [blame^]302 data_decl += self.tp.generate_struct()
303 prefix = self.tp.generate_get_struct()
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]304
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]305 text = """
306int %s(struct pt_regs *ctx)
307{
308 %s
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]309 %s
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]310 if (!(%s)) return 0;
311
312 struct %s __data = {0};
313 __data.timestamp_ns = bpf_ktime_get_ns();
314 __data.pid = bpf_get_current_pid_tgid();
315 bpf_get_current_comm(&__data.comm, sizeof(__data.comm));
316%s
317 %s.perf_submit(ctx, &__data, sizeof(__data));
318 return 0;
319}
320"""
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]321 text = text % (self.probe_name, pid_filter, prefix,
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]322 self.filter, self.struct_name,
323 data_fields, self.events_name)
324
325 return data_decl + "\n" + text
326
327 @classmethod
328 def _time_off_str(cls, timestamp_ns):
329 return "%.6f" % (1e-9 * (timestamp_ns - cls.first_ts))
330
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]331 auto_includes = {
332 "linux/time.h" : ["time"],
333 "linux/fs.h" : ["fs", "file"],
334 "linux/blkdev.h" : ["bio", "request"],
335 "linux/slab.h" : ["alloc"],
336 "linux/netdevice.h" : ["sk_buff"]
337 }
338
339 @classmethod
340 def generate_auto_includes(cls, probes):
341 headers = ""
342 for header, keywords in cls.auto_includes.items():
343 for keyword in keywords:
344 for probe in probes:
345 if keyword in probe:
346 headers += "#include <%s>\n" \
347 % header
348 return headers
349
350 def _display_function(self):
351 if self.probe_type != 't':
352 return self.function
353 else:
354 return self.function.replace("perf_trace_", "")
355
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]356 def print_event(self, cpu, data, size):
357 # Cast as the generated structure type and display
358 # according to the format string in the probe.
359 event = ct.cast(data, ct.POINTER(self.python_struct)).contents
360 values = map(lambda i: getattr(event, "v%d" % i),
361 range(0, len(self.values)))
362 msg = self.python_format % tuple(values)
363 time = strftime("%H:%M:%S") if Probe.use_localtime else \
364 Probe._time_off_str(event.timestamp_ns)
365 print("%-8s %-6d %-12s %-16s %s" % \
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]366 (time[:8], event.pid, event.comm[:12],
367 self._display_function(), msg))
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]368
369 Probe.event_count += 1
370 if Probe.max_events is not None and \
371 Probe.event_count >= Probe.max_events:
372 exit()
373
374 def attach(self, bpf, verbose):
375 if len(self.library) == 0:
376 self._attach_k(bpf)
377 else:
378 self._attach_u(bpf)
379 self.python_struct = self._generate_python_data_decl()
380 bpf[self.events_name].open_perf_buffer(self.print_event)
381
382 def _attach_k(self, bpf):
383 if self.probe_type == "r":
384 bpf.attach_kretprobe(event=self.function,
385 fn_name=self.probe_name)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]386 elif self.probe_type == "p" or self.probe_type == "t":
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]387 bpf.attach_kprobe(event=self.function,
388 fn_name=self.probe_name)
389
390 def _attach_u(self, bpf):
391 libpath = BPF.find_library(self.library)
392 if libpath is None:
393 # This might be an executable (e.g. 'bash')
394 with os.popen("/usr/bin/which %s 2>/dev/null" %
395 self.library) as w:
396 libpath = w.read().strip()
397 if libpath is None or len(libpath) == 0:
398 self._bail("unable to find library %s" % self.library)
399
400 if self.probe_type == "r":
401 bpf.attach_uretprobe(name=libpath,
402 sym=self.function,
403 fn_name=self.probe_name,
404 pid=self.pid)
405 else:
406 bpf.attach_uprobe(name=libpath,
407 sym=self.function,
408 fn_name=self.probe_name,
409 pid=self.pid)
410
411class Tool(object):
412 examples = """
413EXAMPLES:
414
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]415trace do_sys_open
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]416 Trace the open syscall and print a default trace message when entered
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]417trace 'do_sys_open "%s", arg2'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]418 Trace the open syscall and print the filename being opened
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]419trace 'sys_read (arg3 > 20000) "read %d bytes", arg3'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]420 Trace the read syscall and print a message for reads >20000 bytes
421trace 'r::do_sys_return "%llx", retval'
422 Trace the return from the open syscall and print the return value
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]423trace 'c:open (arg2 == 42) "%s %d", arg1, arg2'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]424 Trace the open() call from libc only if the flags (arg2) argument is 42
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]425trace 'c:malloc "size = %d", arg1'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]426 Trace malloc calls and print the size being allocated
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]427trace 'p:c:write (arg1 == 1) "writing %d bytes to STDOUT", arg3'
428 Trace the write() call from libc to monitor writes to STDOUT
429trace 'r::__kmalloc (retval == 0) "kmalloc failed!"
430 Trace returns from __kmalloc which returned a null pointer
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]431trace 'r:c:malloc (retval) "allocated = %p", retval
432 Trace returns from malloc and print non-NULL allocated buffers
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]433trace 't:block:block_rq_complete "sectors=%d", tp.nr_sector'
434 Trace the block_rq_complete kernel tracepoint and print # of tx sectors
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]435"""
436
437 def __init__(self):
438 parser = argparse.ArgumentParser(description=
439 "Attach to functions and print trace messages.",
440 formatter_class=argparse.RawDescriptionHelpFormatter,
441 epilog=Tool.examples)
442 parser.add_argument("-p", "--pid", type=int,
443 help="id of the process to trace (optional)")
444 parser.add_argument("-v", "--verbose", action="store_true",
445 help="print resulting BPF program code before executing")
446 parser.add_argument("-Z", "--string-size", type=int,
447 default=80, help="maximum size to read from strings")
448 parser.add_argument("-S", "--include-self", action="store_true",
449 help="do not filter trace's own pid from the trace")
450 parser.add_argument("-M", "--max-events", type=int,
451 help="number of events to print before quitting")
452 parser.add_argument("-o", "--offset", action="store_true",
453 help="use relative time from first traced message")
454 parser.add_argument(metavar="probe", dest="probes", nargs="+",
455 help="probe specifier (see examples)")
456 self.args = parser.parse_args()
457
458 def _create_probes(self):
459 Probe.configure(self.args)
460 self.probes = []
461 for probe_spec in self.args.probes:
462 self.probes.append(Probe(
463 probe_spec, self.args.string_size))
464
465 def _generate_program(self):
466 self.program = """
467#include <linux/ptrace.h>
468#include <linux/sched.h> /* For TASK_COMM_LEN */
469
470"""
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]471 self.program += Probe.generate_auto_includes(
472 map(lambda p: p.raw_probe, self.probes))
473 self.program += Tracepoint.generate_decl()
474 self.program += Tracepoint.generate_entry_probe()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]475 for probe in self.probes:
476 self.program += probe.generate_program(
477 self.args.pid or -1, self.args.include_self)
478
479 if self.args.verbose:
480 print(self.program)
481
482 def _attach_probes(self):
483 self.bpf = BPF(text=self.program)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]484 Tracepoint.attach(self.bpf)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]485 for probe in self.probes:
486 if self.args.verbose:
487 print(probe)
488 probe.attach(self.bpf, self.args.verbose)
489
490 def _main_loop(self):
491 all_probes_trivial = all(map(Probe.is_default_action,
492 self.probes))
493
494 # Print header
495 print("%-8s %-6s %-12s %-16s %s" % \
496 ("TIME", "PID", "COMM", "FUNC",
497 "-" if not all_probes_trivial else ""))
498
499 while True:
500 self.bpf.kprobe_poll()
501
502 def run(self):
503 try:
504 self._create_probes()
505 self._generate_program()
506 self._attach_probes()
507 self._main_loop()
508 except:
509 if self.args.verbose:
510 traceback.print_exc()
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]511 elif sys.exc_type is not SystemExit:
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]512 print(sys.exc_value)
513
514if __name__ == "__main__":
515 Tool().run()