Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plans for uprobe support? #38

Open
billtohara opened this issue Mar 1, 2018 · 5 comments
Open

Plans for uprobe support? #38

billtohara opened this issue Mar 1, 2018 · 5 comments

Comments

@billtohara
Copy link

My current understanding is that ply doesn't support uprobes yet. Is that planned, or is anyone working on it?

Looking at the providers, the support to add say profiling provide in kprobes was wonderfully concise. Might uprobes be similar, or is it a quite different undertaking? Apologies in advance for my lack of understanding there.
@wkz
Copy link
Collaborator

wkz commented Mar 2, 2018

I'm working on a new version of ply which has a better compiler foundation with a proper type system and so on (ply was my first compiler project, ever 😄). I'm convinced that we need this to move forward. So uprobes is lower on my list at the moment.

The hard part about uprobes is that you need some way of reading DWARF symbols in order to do anything meaningful. With the kernel we can get by with /proc/kallsyms. There is nothing similar on the userspace side, without debug symbols you are blind. Ideally we would also have something like CTF on Linux.

@alan-maguire
Copy link

I've got a rough prototype of uprobe support working; however it relies on specifying the instruction address currently, rather than resolving it for the user. For example, according to "objdump -j .text -T /usr/bin/bash |grep shell_execve", bash's shell_execve() function is at 000000000042fbd0. And if we cat /proc//maps |grep /usr/bin/bash |grep r-xp
00400000-004dd000 r-xp 00000000 fc:00 12433 /usr/bin/bash

...we see that the text section starts at 400000. So that means our address is 0x2fbd0 (42fbd0 - 400000). So we can run the following to see which commands bash is executing:

ply -c 'uprobe:/usr/bin/bash:0x2fbd0 { @c[mem(arg(0),"128s")].count(); }'

1 probe active
^Cde-activating probes

@c:
/usr/bin/find 1
/usr/bin/ls 1

A pain to do all this I know, but it might make sense to tackle uprobe support in two stages: first add basic uprobe support as above, then tackle symbol resolution. What do you think?

@Kullu14
Copy link

Kullu14 commented Jul 26, 2019

Does uprobe support get enabled on ply?

@wkz
Copy link
Collaborator

wkz commented Aug 12, 2019

I've been allocating my spare time to other projects lately, so it is not there yet.

uprobes are definitely on the roadmap. Basic support is easy to add, i.e. specifying probes via raw addresses. But the way I see it, you would need some DWARF/CTF/BTF support to get something useful.

@Kullu14
Copy link

Kullu14 commented Aug 22, 2019

I would like to work on it. If someone can guide me through it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wkz @Kullu14 @alan-maguire @billtohara