ADMINISTERIA: Dtrace & tmux
Deep down inside, Valentine Sinitsyn feared Linux tracing was subpar to DTrace, so he was happy to discover that’s no longer the case!
Deep down inside, Valentine Sinitsyn feared Linux tracing was subpar to DTrace, so he was happy to discover that’s no longer the case.
System tracing, eBPF and the like are trending topics in the Linux community. The reason is bpftrace ( https://github.com/iovisor/ bpftrace), a new toolkit that went public early October 2018. Linux doesn’t come short of this type of tool. SystemTap ( https://sourceware.org/systemtap/) isn’t eBPF based and has not yet fully entered into the mainline kernel. BCC ( https://github.com/iovisor/ bcc) is popular, but not so friendly for quick one-liners. Ply ( https://github.com/iovisor/ply) is the opposite: a high-level tool that hasn’t gained the attention it deserves. And this list is by no means complete. So in this light, what sets bpftrace aside enough for Brendan Gregg to call it “DTrace 2.0” in his blog1 post?
Brendan is one of two bpftrace authors; the other is Alastair Robertson, the project’s creator. Obviously, it’s not the only reason. bpftrace provides a high-level syntax similar to awk. It’s not new, but this already makes bpftrace a good choice for one-liners. Once we had a performance issue in a preproduction cluster. While I was struggling with C and raw eBPF, a colleague of mine put together a one-liner in SystemTap and recognised the CPU core was busy blinking a cursor. BCC is C interspersed with Python ( LXF231); bpftrace feel much like DTrace. They aren’t syntax-compatible: DTrace uses D (not that D, which is C++’s successor). Whether you type this->var or $var is usually not a big deal, though. More important is that bpftools can do what DTrace does, and more. Minor features ( sizeof() ) are missing, but they can be added if necessary. Yet bpftools can collect call stacks which requires post-processing in DTrace. All of these factors earn bpftrace its “DTrace 2.0” badge.
This is yet-to-be seen though, as bpftrace is a relatively young project. It relies on LLVM to convert its high-level syntax into eBPF code, and this could prove problematic. The foundation (eBPF) is years old and production-proven technology. Perhaps one day bpftrace will come pre-installed in all self-respecting Linux distros, as it was with DTrace in Solaris.