Re: [RFC] Full syscall argument decode in "perf trace"

From: Arnaldo Carvalho de Melo
Date: Tue Sep 17 2013 - 13:52:22 EST

Next message: John Stultz: "[GIT PULL] First set of timekeeping changes for 3.13"
Previous message: Chris Metcalf: "Re: [GIT PULL] additional arch/tile changes for v3.12"
In reply to: Denys Vlasenko: "[RFC] Full syscall argument decode in "perf trace""
Next in thread: Arnaldo Carvalho de Melo: "Re: [RFC] Full syscall argument decode in "perf trace""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Em Tue, Sep 17, 2013 at 05:10:55PM +0200, Denys Vlasenko escreveu:
> I'm trying to figure out how to extend "perf trace".

> Currently, it shows syscall names and arguments, and only them.
> Meaning that syscalls such as open(2) are shown as:

> open(filename: 140736118412184, flags: 0, mode: 140736118403776) = 3

> The problem is, of course, that user wants to see the filename
> per se, not the address of its first byte.

> To improve that, we need to fetch the pointed-to data.
> There are two approaches to this: extending
> "raw_syscalls:sys_{enter,exit}" tracepoint so that it returns this data,
> or selectively stopping the traced process when it reaches the thacepoint.

We don't want to stop the process at all, this is one of the major
advantages of 'perf trace' over 'strace'.

Look at the tmp.perf/trace2 branch in my git repo, tglx and Ingo added a
tracepoint to vfs_getname to use that.

> First solution is attractive performance-wise, but requires a lot
> of new code: *ALL* syscalls will need to know which arguments are pointers,
> how large their pointed-to data structures are, and (remember
> readv and friends!) some of pointed-to structures themselves
> contain pointers which reference even more data.

Well, we can look at DWARF to get the function signatures, types,
librarize 'perf probe' and insert probes in the syscalls we want
decoding.

That for the cases where we don't have a tracepoint or when adding a new
tracepoint is not an option.

And this all with what we have in the kernel right now.

Also for 'perf trace' look at my perf/core branch, where we have more
syscall arg beautifiers and the machinery that is getting in place to
allow that.

Longer term we could have something like dtrace's CTF to have a more
compact type only ELF section that always go with the kernel, like we
have CFI in binaries these days.

- Arnaldo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Stultz: "[GIT PULL] First set of timekeeping changes for 3.13"
Previous message: Chris Metcalf: "Re: [GIT PULL] additional arch/tile changes for v3.12"
In reply to: Denys Vlasenko: "[RFC] Full syscall argument decode in "perf trace""
Next in thread: Arnaldo Carvalho de Melo: "Re: [RFC] Full syscall argument decode in "perf trace""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]