From 0950d0550cba36165f59d6ef41e3d487587c31d6 Mon Sep 17 00:00:00 2001
From: Pragyansh Chaturvedi <pragyansh.chaturvedi@canonical.com>
Date: Fri, 12 Sep 2025 04:24:03 +0530
Subject: [PATCH] Add side by side view

---
 demo/bcc.py   | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 demo/pybpf.py | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 demo/bcc.py
 create mode 100644 demo/pybpf.py

diff --git a/demo/bcc.py b/demo/bcc.py
new file mode 100644
index 0000000..f9f4d28
--- /dev/null
+++ b/demo/bcc.py
@@ -0,0 +1,46 @@
+from __future__ import print_function
+from bcc import BPF
+from bcc.utils import printb
+
+# load BPF program
+b = BPF(text="""
+#include <uapi/linux/ptrace.h>
+
+BPF_HASH(last);
+
+int do_trace(struct pt_regs *ctx) {
+    u64 ts, *tsp, delta, key = 0;
+
+    // attempt to read stored timestamp
+    tsp = last.lookup(&key);
+    if (tsp != NULL) {
+        delta = bpf_ktime_get_ns() - *tsp;
+        if (delta < 1000000000) {
+            // output if time is less than 1 second
+            bpf_trace_printk("%d\\n", delta / 1000000);
+        }
+        last.delete(&key);
+    }
+
+    // update stored timestamp
+    ts = bpf_ktime_get_ns();
+    last.update(&key, &ts);
+    return 0;
+}
+""")
+
+b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace")
+print("Tracing for quick sync's... Ctrl-C to end")
+
+# TODO
+# format output
+start = 0
+while 1:
+    try:
+        (task, pid, cpu, flags, ts, ms) = b.trace_fields()
+        if start == 0:
+            start = ts
+        ts = ts - start
+        printb(b"At time %.2f s: multiple syncs detected, last %s ms ago" % (ts, ms))
+    except KeyboardInterrupt:
+        exit()
diff --git a/demo/pybpf.py b/demo/pybpf.py
new file mode 100644
index 0000000..f6a7ac7
--- /dev/null
+++ b/demo/pybpf.py
@@ -0,0 +1,34 @@
+from pythonbpf import bpf, map, section, bpfglobal, compile
+from pythonbpf.helpers import ktime
+from pythonbpf.maps import HashMap
+
+from ctypes import c_void_p, c_int64, c_uint64
+
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key_type=c_uint64, value_type=c_uint64, max_entries=3)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_sync")
+def do_trace(ctx: c_void_p) -> c_int64:
+    key = 0
+    tsp = last().lookup(key)
+    if tsp:
+        delta = (ktime() - tsp)
+        if delta < 1000000000:
+            time_ms = (delta // 1000000)
+            print(f"sync called within last second, last {time_ms} ms ago")
+        last().delete(key)
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()