Book Description
BPF and related observability tools give software professionals unprecedented visibility into software, helping them analyze operating system and application performance, troubleshoot code, and strengthen security. BPF Performance Tools: Linux System and Application Observability is the industry’s most comprehensive guide to using these tools for observability. Brendan Gregg, author of the industry’s definitive guide to system performance, introduces powerful new methods and tools for doing analysis that leads to more robust, reliable, and safer code.
This authoritative guide:
Explores a wide spectrum of software and hardware targets
Thoroughly covers open source BPF tools from the Linux Foundation iovisor project’s bcc and bpftrace repositories
Summarizes performance engineering and kernel internals you need to understand
Provides and discusses 150+ bpftrace tools, including 80 written specifically for this book: tools you can run as-is, without programming — or customize and develop further, using diverse interfaces and the bpftrace front-end
You’ll learn how to use BPF (eBPF) tracing tools to analyze CPUs, memory, disks, file systems, networking, languages, applications, containers, hypervisors, security, and the Linux kernel. You’ll move from basic to advanced tools and techniques, producing new metrics, stack traces, custom latency histograms, and more. It’s like having a superpower: with Gregg’s guidance and tools, you can analyze virtually everything that impacts system performance, so you can improve virtually any Linux operating system or application.
Table of Contents
- Cover Page
- About This eBook
- Half Title Page
- Title Page
- Copyright Page
- Contents at a Glance
- Contents
- Foreword
- Preface
- Acknowledgments
- About the Author
-
Part I: Technologies
-
Chapter 1. Introduction
- 1.1 What Are BPF and eBPF?
- 1.2 What Are Tracing, Snooping, Sampling, Profiling, and Observability?
- 1.3 What Are BCC, bpftrace, and IO Visor?
- 1.4 A First Look at BCC: Quick Wins
- 1.5 BPF Tracing Visibility
- 1.6 Dynamic Instrumentation: kprobes and uprobes
- 1.7 Static Instrumentation: Tracepoints and USDT
- 1.8 A First Look at bpftrace: Tracing open()
- 1.9 Back to BCC: Tracing open()
- 1.10 Summary
- Chapter 2. Technology Background
- Chapter 3. Performance Analysis
- Chapter 4. BCC
-
Chapter 5. bpftrace
- 5.1 bpftrace Components
- 5.2 bpftrace Features
- 5.3 bpftrace Installation
- 5.4 bpftrace Tools
- 5.5 bpftrace One-Liners
- 5.6 bpftrace Documentation
- 5.7 bpftrace Programming
- 5.8 bpftrace Usage
- 5.9 bpftrace Probe Types
- 5.10 bpftrace Flow Control
- 5.11 bpftrace Operators
- 5.12 bpftrace Variables
- 5.13 bpftrace Functions
- 5.14 bpftrace Map Functions
- 5.15 bpftrace Future Work
- 5.16 bpftrace Internals
- 5.17 bpftrace Debugging
- 5.18 Summary
-
Chapter 1. Introduction
- Part II: Using BPF Tools
-
Part III: Additional Topics
- Chapter 17. Other BPF Performance Tools
-
Chapter 18. Tips, Tricks, and Common Problems
- 18.1 Typical Event Frequency and Overhead
- 18.2 Sample at 49 or 99 Hertz
- 18.3 Yellow Pigs and Gray Rats
- 18.4 Write Target Software
- 18.5 Learn Syscalls
- 18.6 Keep It Simple
- 18.7 Missing Events
- 18.8 Missing Stacks Traces
- 18.9 Missing Symbols (Function Names) When Printing
- 18.10 Missing Functions When Tracing
- 18.11 Feedback Loops
- 18.12 Dropped Events
- Part IV: Appendixes
- Glossary
- Bibliography
- Index
- Code Snippets
Product Information
- Title: BPF Performance Tools: Linux System and Application Observability
- Author(s):
- Release date: December 2019
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780136588870