eBPF tracing programs are executed at tracepoints, kprobes, or uprobes, so they are entirely language agnostic, have access to the data structures only available to the kernel, persist across processes/threads, are nearly guaranteed not to crash the system (by the verifier), and write to data structures that appear in well-known locations in the sysfs filesystem.<p>BSD and Solaris variants have had this type of thing for years with DTrace, which is “the way” to do observability on those systems. Now Linux has an even better way.<p>I highly encourage you to try out any of the tools scripts in the BCC repo. They’re just Python scripts that do really cool things that have never been done before! BPF is not that hard to get started with!<p><a href="https://github.com/iovisor/bcc/tree/master/tools" rel="nofollow">https://github.com/iovisor/bcc/tree/master/tools</a>