book

BPF Performance Tools

Name: BPF Performance Tools
Author: Brendan Gregg
ISBN: 9780136624523

by Brendan Gregg

December 2019

Intermediate to advanced

880 pages

28h 2m

English

Addison-Wesley Professional

Read now

Unlock full access

Cover Page
About This eBook
Half Title Page
Title Page
Copyright Page
Contents at a Glance
Contents
Foreword
Preface
Why Do You Need BPF Performance Tools?About This BookNew ToolsAbout GUIsAbout Linux VersionsWhat This Book Does Not CoverHow This Book Is StructuredIntended AudienceSource Code CopyrightSupplemental Material and ReferencesConventions Used in This Book
Acknowledgments

About the Author
Part I: Technologies
Chapter 1. Introduction
1.1 What Are BPF and eBPF?1.2 What Are Tracing, Snooping, Sampling, Profiling, and Observability?1.3 What Are BCC, bpftrace, and IO Visor?1.4 A First Look at BCC: Quick Wins1.5 BPF Tracing Visibility1.6 Dynamic Instrumentation: kprobes and uprobes1.7 Static Instrumentation: Tracepoints and USDT1.8 A First Look at bpftrace: Tracing open()1.9 Back to BCC: Tracing open()1.10 Summary
Chapter 2. Technology Background
2.1 BPF Illustrated2.2 BPF2.3 Extended BPF (eBPF)2.4 Stack Trace Walking2.5 Flame Graphs2.6 Event Sources2.7 kprobes2.8 uprobes2.9 Tracepoints2.10 USDT2.11 Dynamic USDT2.12 PMCs2.13 perf_events2.14 Summary
Chapter 3. Performance Analysis
3.1 Overview3.2 Performance Methodologies3.3 Linux 60-Second Analysis3.4 BCC Tool Checklist3.5 Summary
Chapter 4. BCC
4.1 BCC Components4.2 BCC Features4.3 BCC Installation4.4 BCC Tools4.5 funccount4.6 stackcount4.7 trace4.8 argdist4.9 Tool Documentation4.10 Developing BCC Tools4.11 BCC Internals4.12 BCC Debugging4.13 Summary
Chapter 5. bpftrace
5.1 bpftrace Components5.2 bpftrace Features5.3 bpftrace Installation5.4 bpftrace Tools5.5 bpftrace One-Liners5.6 bpftrace Documentation5.7 bpftrace Programming5.8 bpftrace Usage5.9 bpftrace Probe Types5.10 bpftrace Flow Control5.11 bpftrace Operators5.12 bpftrace Variables5.13 bpftrace Functions5.14 bpftrace Map Functions5.15 bpftrace Future Work5.16 bpftrace Internals5.17 bpftrace Debugging5.18 Summary
Part II: Using BPF Tools
Chapter 6. CPUs
6.1 Background6.2 Traditional Tools6.3 BPF Tools6.4 BPF One-Liners6.5 Optional Exercises6.6 Summary
Chapter 7. Memory
7.1 Background7.2 Traditional Tools7.3 BPF Tools7.4 BPF One-Liners7.5 Optional Exercises7.6 Summary
Chapter 8. File Systems
8.1 Background8.2 Traditional Tools8.3 BPF Tools8.4 BPF One-Liners8.5 Optional Exercises8.6 Summary
Chapter 9. Disk I/O
9.1 Background9.2 Traditional Tools9.3 BPF Tools9.4 BPF One-Liners9.5 Optional Exercises9.6 Summary
Chapter 10. Networking
10.1 Background10.2 Traditional Tools10.3 BPF Tools10.4 BPF One-Liners10.5 Optional Exercises10.6 Summary
Chapter 11. Security
11.1 Background11.2 BPF Tools11.3 BPF One-Liners11.4 Summary
Chapter 12. Languages
12.1 Background12.2 C12.3 Java12.4 Bash Shell12.5 Other Languages12.6 Summary
Chapter 13. Applications
13.1 Background13.2 BPF Tools13.3 BPF One-Liners13.4 BPF One-Liners Examples13.5 Summary
Chapter 14. Kernel
14.1 Background14.2 Strategy14.3 Traditional Tools14.4 BPF Tools14.5 BPF One-Liners14.6 BPF One-Liners Examples14.7 Challenges14.8 Summary
Chapter 15. Containers
15.1 Background15.2 Traditional Tools15.3 BPF Tools15.4 BPF One-Liners15.5 Optional Exercises15.6 Summary
Chapter 16. Hypervisors
16.1 Background16.2 Traditional Tools16.3 Guest BPF Tools16.4 Host BPF Tools16.5 Summary
Part III: Additional Topics
Chapter 17. Other BPF Performance Tools
17.1 Vector and Performance Co-Pilot (PCP)17.2 Grafana and Performance Co-Pilot (PCP)17.3 Cloudflare eBPF Prometheus Exporter (with Grafana)17.4 kubectl-trace17.5 Other Tools17.6 Summary
Chapter 18. Tips, Tricks, and Common Problems
18.1 Typical Event Frequency and Overhead18.2 Sample at 49 or 99 Hertz18.3 Yellow Pigs and Gray Rats18.4 Write Target Software18.5 Learn Syscalls18.6 Keep It Simple18.7 Missing Events18.8 Missing Stacks Traces18.9 Missing Symbols (Function Names) When Printing18.10 Missing Functions When Tracing18.11 Feedback Loops18.12 Dropped Events
Part IV: Appendixes
Appendix A. bpftrace One-Liners
Chapter 6 CPUsChapter 7 MemoryChapter 8 File SystemsChapter 9 Disk I/OChapter 10 NetworkingChapter 11 SecurityChapter 13 ApplicationsChapter 14 Kernel
Appendix B. bpftrace Cheat Sheet
SynopsisProbesProbe AliasesVarsActionsAsynchronous ActionsSwitches
Appendix C. BCC Tool Development
ResourcesFive TipsTool ExamplesMore Info
Appendix D. C BPF
Why Program in C?Five TipsC Programsperf CMore Info
Appendix E. BPF Instructions
Helper MacrosInstructionsEncodingReferences
Glossary
Bibliography
Index
Code Snippets

Overview

Use BPF Tools to Optimize Performance, Fix Problems, and See Inside Running Systems

BPF-based performance tools give you unprecedented visibility into systems and applications, so you can optimize performance, troubleshoot code, strengthen security, and reduce costs. BPF Performance Tools: Linux System and Application Observability is the definitive guide to using these tools for observability.

Pioneering BPF expert Brendan Gregg presents more than 150 ready-to-run analysis and debugging tools, expert guidance on applying them, and step-by-step tutorials on developing your own. You’ll learn how to analyze CPUs, memory, disks, file systems, networking, languages, applications, containers, hypervisors, security, and the kernel. Gregg guides you from basic to advanced tools, helping you generate deeper, more useful technical insights for improving virtually any Linux system or application.

Learn essential tracing concepts and both core BPF front-ends: BCC and bpftrace
Master 150+ powerful BPF tools, including dozens created just for this book, and available for download
Discover practical strategies, tips, and tricks for more effective analysis
Analyze compiled, JIT-compiled, and interpreted code in multiple languages: C, Java, bash shell, and more
Generate metrics, stack traces, and custom latency histograms
Use complementary tools when they offer quick, easy wins
Explore advanced tools built on BPF: PCP and Grafana for remote monitoring, eBPF Exporter, and kubectl-trace for tracing Kubernetes
Foreword by Alexei Starovoitov, creator of the new BPF

BPF Performance Tools will be an indispensable resource for all administrators, developers, support staff, and other IT professionals working with any recent Linux distribution in any enterprise or cloud environment.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780136588870

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills