ply v2.3 releases: Dynamic Tracing for Linux
ply
ply is a light-weight dynamic tracer for Linux that leverages the kernel’s BPF VM in concert with kprobes and tracepoints to attach probes to arbitrary points in the kernel. Most tracers that generate BPF bytecode are based on the LLVM based BCC toolchain. ply on the other hand has no required external dependencies except for libc. In addition to x86_64, ply also runs on aarch64, arm, and powerpc. Adding support for more ISAs is easy.
ply follows the Little Language approach of yore, compiling ply scripts into Linux BPF programs that are attached to kprobes and tracepoints in the kernel. The scripts have a C-like syntax, heavily inspired by dtrace(1) and, by extension, awk(1).
The primary goals of ply are:
- Expose most of the BPF tracing feature-set in such a way that new scripts can be whipped up very quickly to test different hypotheses.
- Keep dependencies to a minimum. Right now Flex and Bison are required at build-time, leaving libc as the only runtime dependency. Thus, ply is well suited for embedded targets.
If you need more fine-grained control over the kernel/userspace interaction in your tracing, checkout the bcc project which compiles C programs to BPF using LLVM in combination with a python userspace recipient to give you the full six degrees of freedom.
Feature
$_ flexible
Type inference in combination with a compact C-like syntax means scripts can be written and edited in seconds, directly in your favorite shell. The language is heavily inspired by, though not nearly as powerful as, awk(1) and dtrace(1).
>< small
Designed with embedded systems in mind. Written in C, all ply needs to run is libc and a modern kernel with Linux BPF support. No external kernel modules, no LLVM, no python. Works on aarch64, arm, powerpc, and x86_64 today — adding an ISA is easy.
<3 efficient
Data gathering and aggregation are done in the kernel using Linux BPF programs that are JIT compiled to native instructions on most common architectures. Thus, ply runs with very low overhead, allowing it to probe even the hottest code paths.
Changelog v2.3
Add support for riscv64. Minimum supported kernel version is now 5.5.
Changed
- New implementation of
BEGIN/ENDwhich is more reliable across
architectures. (Mingzheng Xing)
Added
- New architecture: riscv64 (Mingzheng Xing)
Install
git clone https://github.com/wkz/ply.git
./autogen.sh # to generate the configure script
./configure
make
make install # you probably need to be root for this
Use
Tutorial
Copyright 2018 Tobias Waldekranz
