
Kernel analysis with bpftrace - Twirrim
https://lwn.net/SubscriberLink/793749/a5a7c5282076c094/
======
_wmd
The joy with bpftrace (and dtrace before it) for me is this ease with which
'synthetic' profiling events can be constructed from multiple underlying
events. This can be used to, for example, only record the latency of malloc()
while at least one TCP connection has been accepted and some particular
function in your binary has already run at least once with its third parameter
having a particular value

The offwake.bt example from the article is the closest to that, but it doesn't
hook any userspace functions (like malloc). That's totally possible and
extremely easy -- events can be mixed from wherever in the same script and,
barring some knowledge like the fact the script is running on every CPU
simultaneously, things just magically work

The main problem with bpftrace is that it's a pain in the ass to compile from
source just now. A tool as useful as this really wants to be available on
every machine by default

~~~
brendangregg
It depends on your distro; last I checked an "apt-get install bpftrace" worked
fine on Ubuntu 18.04. Debian has a package as well. We're tracking them in the
INSTALL.md.

Companies like Netflix and Facebook have internal bpftrace packages -- it's a
default install on the Netflix BaseAMI, so it's always there.

~~~
helper
It doesn't look like bpftrace is available in the default repos for Ubuntu
18.04.

------
linsomniac
The examples in this article are spectacular! I _REALLY_ need to learn
bpftrace.

