Appendix A. bpftrace One-Liners

This is a selection of one-liners used throughout this book.

Chapter 6 CPUs

New processes with arguments:

Click here to view code image

bpftrace -e 'tracepoint:syscalls:sys_enter_execve { join(args->argv); }'

Syscall count by process:

Click here to view code image

bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[pid, comm] = count(); }'

Sample running process name at 99 Hertz:

Click here to view code image

bpftrace -e 'profile:hz:99 { @[comm] = count(); }'

Sample user-level stacks at 49 Hertz, for PID 189:

Click here to view code image

bpftrace -e 'profile:hz:49 /pid == 189/ { @[ustack] = count(); }'

Trace new threads via pthread_create():

Click here to view code image

bpftrace -e 'u:/lib/x86_64-linux-gnu/libpthread-2.27.so:pthread_create ...

Get BPF Performance Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial