From 2bd8e73724f0f4d6f636721931404be654312530 Mon Sep 17 00:00:00 2001 From: Pragyansh Chaturvedi Date: Tue, 9 Dec 2025 00:36:29 +0530 Subject: [PATCH] Add symbolization example --- blazesym-example/Cargo.lock | 405 +++++++++++++++++++++++++++++++ blazesym-example/Cargo.toml | 14 ++ blazesym-example/src/main.rs | 333 +++++++++++++++++++++++++ blazesym-example/stack_traces.py | 49 ++++ 4 files changed, 801 insertions(+) create mode 100644 blazesym-example/Cargo.lock create mode 100644 blazesym-example/Cargo.toml create mode 100644 blazesym-example/src/main.rs create mode 100644 blazesym-example/stack_traces.py diff --git a/blazesym-example/Cargo.lock b/blazesym-example/Cargo.lock new file mode 100644 index 0000000..737a386 --- /dev/null +++ b/blazesym-example/Cargo.lock @@ -0,0 +1,405 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "adler2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" + +[[package]] +name = "anstream" +version = "0.6.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43d5b281e737544384e969a5ccad3f1cdd24b48086a0fc1b2a5262a26b8f4f4a" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78" + +[[package]] +name = "anstyle-parse" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys", +] + +[[package]] +name = "anyhow" +version = "1.0.100" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" + +[[package]] +name = "bitflags" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3" + +[[package]] +name = "blazesym" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ace0ab71bbe9a25cb82f6d0e513ae11aebd1a38787664475bb2ed5cbe2329736" +dependencies = [ + "cpp_demangle", + "gimli", + "libc", + "memmap2", + "miniz_oxide", + "rustc-demangle", +] + +[[package]] +name = "cc" +version = "1.2.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97463e1064cb1b1c1384ad0a0b9c8abd0988e2a91f52606c80ef14aadb63e36" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + +[[package]] +name = "clap" +version = "4.5.51" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.5.51" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.5.49" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0b5487afeab2deb2ff4e03a807ad1a03ac532ff5a2cee5d86884440c7f7671" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d" + +[[package]] +name = "colorchoice" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75" + +[[package]] +name = "cpp_demangle" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0667304c32ea56cb4cd6d2d7c0cfe9a2f8041229db8c033af7f8d69492429def" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "fallible-iterator" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" + +[[package]] +name = "find-msvc-tools" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a3076410a55c90011c298b04d0cfa770b00fa04e1e3c97d3f6c9de105a03844" + +[[package]] +name = "gimli" +version = "0.32.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" +dependencies = [ + "fallible-iterator", + "indexmap", + "stable_deref_trait", +] + +[[package]] +name = "hashbrown" +version = "0.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "indexmap" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6717a8d2a5a929a1a2eb43a12812498ed141a0bcfb7e8f7844fbdbe4303bba9f" +dependencies = [ + "equivalent", + "hashbrown", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "libbpf-rs" +version = "0.24.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93edd9cd673087fa7518fd63ad6c87be2cd9b4e35034b1873f3e3258c018275b" +dependencies = [ + "bitflags", + "libbpf-sys", + "libc", + "vsprintf", +] + +[[package]] +name = "libbpf-sys" +version = "1.6.2+v1.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba0346fc595fa2c8e274903e8a0e3ed5e6a29183af167567f6289fd3b116881b" +dependencies = [ + "cc", + "nix", + "pkg-config", +] + +[[package]] +name = "libc" +version = "0.2.177" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976" + +[[package]] +name = "memmap2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "744133e4a0e0a658e1374cf3bf8e415c4052a15a111acd372764c55b4177d490" +dependencies = [ + "libc", +] + +[[package]] +name = "miniz_oxide" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" +dependencies = [ + "adler2", + "simd-adler32", +] + +[[package]] +name = "nix" +version = "0.30.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" +dependencies = [ + "bitflags", + "cfg-if", + "cfg_aliases", + "libc", +] + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "plain" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6" + +[[package]] +name = "proc-macro2" +version = "1.0.103" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "blazesym-example" +version = "0.1.0" +dependencies = [ + "anyhow", + "blazesym", + "clap", + "libbpf-rs", + "libc", + "plain", +] + +[[package]] +name = "quote" +version = "1.0.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "simd-adler32" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe" + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "syn" +version = "2.0.110" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "vsprintf" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aec2f81b75ca063294776b4f7e8da71d1d5ae81c2b1b149c8d89969230265d63" +dependencies = [ + "cc", + "libc", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] diff --git a/blazesym-example/Cargo.toml b/blazesym-example/Cargo.toml new file mode 100644 index 0000000..b1de0b9 --- /dev/null +++ b/blazesym-example/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "blazesym-example" +version = "0.1.0" +edition = "2024" + +[dependencies] +libbpf-rs = "0.24" +blazesym = "0.2.0-rc.4" +anyhow = "1.0" +clap = { version = "4.5", features = ["derive"] } +libc = "0.2" +plain = "0.2" + +[build-dependencies] diff --git a/blazesym-example/src/main.rs b/blazesym-example/src/main.rs new file mode 100644 index 0000000..88aa098 --- /dev/null +++ b/blazesym-example/src/main.rs @@ -0,0 +1,333 @@ +// src/main.rs - Fixed imports and error handling +use std::mem; +use std::path::PathBuf; +use std::time::Duration; + +use anyhow::{anyhow, Context, Result}; +use blazesym::symbolize::{CodeInfo, Input, Symbolized, Symbolizer}; +use blazesym::symbolize::source::{Source, Kernel, Process}; +use clap::Parser; +use libbpf_rs::{MapCore, ObjectBuilder, RingBufferBuilder}; // Added MapCore + +// Match your Python struct exactly +#[repr(C)] +#[derive(Debug, Copy, Clone)] +struct ExecEvent { + pid: i64, + cpu: i32, + timestamp: i64, + comm: [u8; 16], + kstack_sz: i64, + ustack_sz: i64, + kstack: [u8; 128], // str(128) in Python + ustack: [u8; 128], // str(128) in Python +} + +unsafe impl plain::Plain for ExecEvent {} + +// Define perf_event constants (not in libc on all platforms) +const PERF_TYPE_HARDWARE: u32 = 0; +const PERF_TYPE_SOFTWARE: u32 = 1; +const PERF_COUNT_HW_CPU_CYCLES: u64 = 0; +const PERF_COUNT_SW_CPU_CLOCK: u64 = 0; + +#[repr(C)] +struct PerfEventAttr { + type_: u32, + size: u32, + config: u64, + sample_period_or_freq: u64, + sample_type: u64, + read_format: u64, + flags: u64, + // ... rest can be zeroed + _padding: [u64; 64], +} + +#[derive(Parser, Debug)] +struct Args { + /// Path to the BPF object file + #[arg(default_value = "stack_traces.o")] + object_file: PathBuf, + + /// Sampling frequency + #[arg(short, long, default_value_t = 50)] + freq: u64, + + /// Use software events + #[arg(long)] + sw_event: bool, + + /// Verbose output + #[arg(short, long)] + verbose: bool, +} + +fn open_perf_event(cpu: i32, freq: u64, sw_event: bool) -> Result { + let mut attr: PerfEventAttr = unsafe { mem::zeroed() }; + + attr.size = mem::size_of::() as u32; + attr.type_ = if sw_event { + PERF_TYPE_SOFTWARE + } else { + PERF_TYPE_HARDWARE + }; + attr.config = if sw_event { + PERF_COUNT_SW_CPU_CLOCK + } else { + PERF_COUNT_HW_CPU_CYCLES + }; + + // Use frequency-based sampling + attr.sample_period_or_freq = freq; + attr.flags = 1 << 10; // freq = 1, disabled = 1 + + let fd = unsafe { + libc::syscall( + libc::SYS_perf_event_open, + &attr as *const _, + -1, // pid = -1 (all processes) + cpu, // cpu + -1, // group_fd + 0, // flags + ) + }; + + if fd < 0 { + Err(anyhow!("Failed to open perf event on CPU {}: {}", cpu, + std::io::Error::last_os_error())) + } else { + Ok(fd as i32) + } +} + +fn print_stack_trace( + addrs: &[u64], + symbolizer: &Symbolizer, + pid: u32, + is_kernel: bool, +) { + if addrs.is_empty() { + return; + } + + let src = if is_kernel { + Source::Kernel(Kernel::default()) + } else { + Source::Process(Process::new(pid.into())) + }; + + let syms = match symbolizer.symbolize(&src, Input::AbsAddr(addrs)) { + Ok(syms) => syms, + Err(e) => { + eprintln!(" Failed to symbolize: {}", e); + for addr in addrs { + println!("0x{:016x}: ", addr); + } + return; + } + }; + + for (addr, sym) in addrs.iter().zip(syms.iter()) { + match sym { + Symbolized::Sym(sym_info) => { + print!("0x{:016x}: {} @ 0x{:x}+0x{:x}", + addr, sym_info.name, sym_info.addr, sym_info.offset); + + if let Some(ref code_info) = sym_info.code_info { + print_code_info(code_info); + } + println!(); + + // Print inlined frames + for inlined in &sym_info.inlined { + print!(" {} (inlined)", inlined.name); + if let Some(ref code_info) = inlined.code_info { + print_code_info(code_info); + } + println!(); + } + } + Symbolized::Unknown(..) => { + println!("0x{:016x}: ", addr); + } + } + } +} + +fn print_code_info(code_info: &CodeInfo) { + let path = code_info.to_path(); + let path_str = path.display(); + + match (code_info.line, code_info.column) { + (Some(line), Some(col)) => print!(" {}:{}:{}", path_str, line, col), + (Some(line), None) => print!(" {}:{}", path_str, line), + (None, _) => print!(" {}", path_str), + } +} + +fn handle_event(symbolizer: &Symbolizer, data: &[u8]) -> i32 { + let event = plain::from_bytes::(data).expect("Invalid event data"); + + // Extract comm string + let comm = std::str::from_utf8(&event.comm) + .unwrap_or("") + .trim_end_matches('\0'); + + println!("[{:.9}] COMM: {} (pid={}) @ CPU {}", + event.timestamp as f64 / 1_000_000_000.0, + comm, + event.pid, + event.cpu); + + // Handle kernel stack + if event.kstack_sz > 0 { + println!("Kernel:"); + let num_frames = (event.kstack_sz / 8) as usize; + let kstack_u64 = unsafe { + std::slice::from_raw_parts( + event.kstack.as_ptr() as *const u64, + num_frames.min(16), + ) + }; + + // Filter out zero addresses + let kstack: Vec = kstack_u64.iter() + .copied() + .take_while(|&addr| addr != 0) + .collect(); + + print_stack_trace(&kstack, symbolizer, 0, true); + } else { + println!("No Kernel Stack"); + } + + // Handle user stack + if event.ustack_sz > 0 { + println!("Userspace:"); + let num_frames = (event.ustack_sz / 8) as usize; + let ustack_u64 = unsafe { + std::slice::from_raw_parts( + event.ustack.as_ptr() as *const u64, + num_frames.min(16), + ) + }; + + // Filter out zero addresses + let ustack: Vec = ustack_u64.iter() + .copied() + .take_while(|&addr| addr != 0) + .collect(); + + print_stack_trace(&ustack, symbolizer, event.pid as u32, false); + } else { + println!("No Userspace Stack"); + } + + println!(); + 0 +} + +fn main() -> Result<()> { + let args = Args::parse(); + + if !args.object_file.exists() { + return Err(anyhow!("Object file not found: {:?}", args.object_file)); + } + + println!("Loading BPF object: {:?}", args.object_file); + + // Load BPF object + let mut obj_builder = ObjectBuilder::default(); + obj_builder.debug(args.verbose); + + let open_obj = obj_builder + .open_file(&args.object_file) + .context("Failed to open BPF object")?; + + let mut obj = open_obj.load().context("Failed to load BPF object")?; + + println!("✓ BPF object loaded"); + + // Find the program + let prog = obj + .progs_mut() + .find(|p| p.name() == "trace_exec_enter") + .ok_or_else(|| anyhow!("Program 'trace_exec_enter' not found"))?; + + println!("✓ Found program: trace_exec_enter"); + + // Find the map + let map = obj + .maps() + .find(|m| m.name() == "exec_events") + .ok_or_else(|| anyhow!("Map 'exec_events' not found"))?; + + println!("✓ Found map: exec_events"); + + // Get number of CPUs + let num_cpus = libbpf_rs::num_possible_cpus()?; + println!("✓ Detected {} CPUs\n", num_cpus); + + // Open perf events and attach BPF program + println!("Setting up perf events..."); + let mut links = Vec::new(); + + for cpu in 0..num_cpus { + match open_perf_event(cpu as i32, args.freq, args.sw_event) { + Ok(perf_fd) => { + match prog.attach_perf_event(perf_fd) { + Ok(link) => { + links.push(link); + if args.verbose { + println!(" ✓ Attached to CPU {}", cpu); + } + } + Err(e) => { + eprintln!(" ✗ Failed to attach to CPU {}: {}", cpu, e); + unsafe { libc::close(perf_fd); } + } + } + } + Err(e) => { + if args.verbose { + eprintln!(" ✗ Failed to open perf event on CPU {}: {}", cpu, e); + } + } + } + } + + println!("✓ Attached to {} CPUs\n", links.len()); + + if links.is_empty() { + return Err(anyhow!("Failed to attach to any CPU")); + } + + // Initialize symbolizer + let symbolizer = Symbolizer::new(); + + // Set up ring buffer + let mut builder = RingBufferBuilder::new(); + + builder.add(&map, move |data: &[u8]| -> i32 { + handle_event(&symbolizer, data) + })?; + + let ringbuf = builder.build()?; + + println!("========================================"); + println!("Profiling started. Press Ctrl+C to stop."); + println!("========================================\n"); + + // Poll for events - just keep polling until error + loop { + if let Err(e) = ringbuf.poll(Duration::from_millis(100)) { + // Any error breaks the loop (including Ctrl+C) + eprintln!("\nStopping: {}", e); + break; + } + } + + println!("Done."); + Ok(()) +} diff --git a/blazesym-example/stack_traces.py b/blazesym-example/stack_traces.py new file mode 100644 index 0000000..c59521f --- /dev/null +++ b/blazesym-example/stack_traces.py @@ -0,0 +1,49 @@ +# tests/passing_tests/ringbuf_advanced.py +from pythonbpf import bpf, map, section, bpfglobal, struct, compile +from pythonbpf.maps import RingBuffer +from pythonbpf.helper import ktime, pid, smp_processor_id, comm, get_stack +from ctypes import c_void_p, c_int32, c_int64 +import logging + + +@bpf +@struct +class exec_event: + pid: c_int64 + cpu: c_int32 + timestamp: c_int64 + comm: str(16) # type: ignore [valid-type] + kstack_sz: c_int64 + ustack_sz: c_int64 + kstack: str(128) # type: ignore [valid-type] + ustack: str(128) # type: ignore [valid-type] + + +@bpf +@map +def exec_events() -> RingBuffer: + return RingBuffer(max_entries=1048576) + + +@bpf +@section("perf_event") +def trace_exec_enter(ctx: c_void_p) -> c_int64: + evt = exec_event() + evt.pid = pid() + evt.cpu = smp_processor_id() + evt.timestamp = ktime() + comm(evt.comm) + evt.kstack_sz = get_stack(evt.kstack) + evt.ustack_sz = get_stack(evt.ustack, 256) + exec_events.output(evt) + print(f"Submitted exec_event for pid: {evt.pid}, cpu: {evt.cpu}") + return 0 # type: ignore [return-value] + + +@bpf +@bpfglobal +def LICENSE() -> str: + return "GPL" + + +compile(logging.INFO)