Hi Brendan, thanks for the update and the work on this! Coming from dtrace, the main thing missing in bpftrace when doing kernel debugging is being able to navigate structs.<p>You've mentioned that we do have BTF now in Linux 4.18. I've tried to find if it was leveraged in bpftrace, but it looks like it isn't yet. I see you've opened an issue in one of the bpftrace forks related to this here: <a href="https://github.com/ajor/bpftrace/issues/30" rel="nofollow">https://github.com/ajor/bpftrace/issues/30</a>.<p>Do you know if there's been any update on this? Support for BTF/CTF would be amazing.
Seeing this come together makes me super happy.<p>Now the next time the hot rage of an audio xrun overcomes me I will have a path forward!<p>In general audio xruns actually is an area that could use a permanent userspace program.<p>Musicians need low latency audio processing which Jack2 can provide but the random xrun and the internet flimflam/mummery of how to sort it out is waaaaay beyond most of us (I have less of an excuse but yah its a vibe killer when you are trying to make music).<p>The goal would be "hey you had a/some xrun and its might be mostly this disk or process or..."<p>Maybe this needs hard ai but maybe it just needs a compass like tool...
This is a great update. I'd wondered how ply differed from bpftrace. And structs support is a huge step in achieving parity with DTrace.<p>DTrace has really helped me out* on macOS. To be without it is to lose a superpower, so I'm really rooting for bpftrace to bring the same tracing experience to Linux.
I've been excitedly following bcc, too. It's just the right tool for HTTP metrics. But my most basic experiments so far have failed, and I don't know how to get support.<p>* DTrace is a real swiss army-knife. It seems intended for observing production systems, but I've found it indispensible for local development. The mysqld provider is great for tracing queries and perf. Opensnoop answers all sorts of questions. And DTrace saved a C++ project of mine: explaining a deadlock that would've otherwise spelled the end of the software. The most fun I've had is using the pid provider to hook text out of visual novels (in WiNE!).
Hey Brendan! Super exciting - I'm already updating some internal documentation to point people towards this :)<p>When are we getting a Linux performance engineering book with all the bpf/bcc/bpftrace stuff in it?
The 2 major problems (ie the Elefant in the room) compared to DTrace are missing:<p>1. security: eBPF still supports arrays and and is therefore inherently insecure to be used in the kernel. DTrace didn't support that feature on purpose and not because they couldn't do it. see spectre/meltdown.<p>2. availability: eBPF probes only work within the kernel. DTrace extends the same interface to the libc level and the user space level. you can trace not only kernel calls, also lib calls and with its high-level language support (Java, python, perl, ruby,...) into userspace. Linux-only eBPF will never be able to support that seemless integration. thanksfully we now have Oracle Linux with proper DTrace support on Linux.