BCC 是一个开源的 Linux 动态跟踪工具。无第三方模块依赖,该工具继承 BPF 这个强大的内核中虚拟机的功能,可对程序进行高效而且安全的跟踪。BPF 内建于 Linux 内核。
下面是对一个磁盘 IO 核心函数的跟踪截图:
# ./bitehist.py Tracing... Hit Ctrl-C to end. ^C kbytes : count distribution 0 -> 1 : 3 | | 2 -> 3 : 0 | | 4 -> 7 : 211 |********** | 8 -> 15 : 0 | | 16 -> 31 : 0 | | 32 -> 63 : 0 | | 64 -> 127 : 1 | | 128 -> 255 : 800 |**************************************|
工具结构图:
包含的工具有:
tools/argdist: Display function parameter values as a histogram or frequency count. Examples.
tools/bashreadline: Print entered bash commands system wide. Examples.
tools/biolatency: Summarize block device I/O latency as a histogram. Examples.
tools/biotop: Top for disks: Summarize block device I/O by process. Examples.
tools/biosnoop: Trace block device I/O with PID and latency. Examples.
tools/bitesize: Show per process I/O size histogram. Examples.
tools/btrfsdist: Summarize btrfs operation latency distribution as a histogram. Examples.
tools/btrfsslower: Trace slow btrfs operations. Examples.
tools/cachestat: Trace page cache hit/miss ratio. Examples.
tools/dcsnoop: Trace directory entry cache (dcache) lookups. Examples.
tools/dcstat: Directory entry cache (dcache) stats. Examples.
tools/execsnoop: Trace new processes via exec() syscalls. Examples.
tools/ext4dist: Summarize ext4 operation latency distribution as a histogram. Examples.
tools/ext4slower: Trace slow ext4 operations. Examples.
tools/filelife: Trace the lifespan of short-lived files. Examples.
tools/fileslower: Trace slow synchronous file reads and writes. Examples.
tools/filetop: File reads and writes by filename and process. Top for files. Examples.
tools/funccount: Count kernel function calls. Examples.
tools/funclatency: Time kernel functions and show their latency distribution. Examples.
tools/gethostlatency: Show latency for getaddrinfo/gethostbyname[2] calls. Examples.
tools/hardirqs: Measure hard IRQ (hard interrupt) event time. Examples.
tools/killsnoop: Trace signals issued by the kill() syscall. Examples.
tools/mdflush: Trace md flush events. Examples.
tools/memleak: Display outstanding memory allocations to find memory leaks. Examples.
tools/offcputime: Summarize off-CPU time by kernel stack trace. Examples.
tools/offwaketime: Summarize blocked time by kernel off-CPU stack and waker stack. Examples.
tools/oomkill: Trace the out-of-memory (OOM) killer. Examples.
tools/opensnoop: Trace open() syscalls. Examples.
tools/pidpersec: Count new processes (via fork). Examples.
tools/runqlat: Run queue (scheduler) latency as a histogram. Examples.
tools/softirqs: Measure soft IRQ (soft interrupt) event time. Examples.
tools/solisten: Trace TCP socket listen. Examples.
tools/stackcount: Count kernel function calls and their stack traces. Examples.
tools/stacksnoop: Trace a kernel function and print all kernel stack traces. Examples.
tools/statsnoop: Trace stat() syscalls. Examples.
tools/syncsnoop: Trace sync() syscall. Examples.
tools/tcpaccept: Trace TCP passive connections (accept()). Examples.
tools/tcpconnect: Trace TCP active connections (connect()). Examples.
tools/tcpconnlat: Trace TCP active connection latency (connect()). Examples.
tools/tcpretrans: Trace TCP retransmits and TLPs. Examples.
tools/tplist: Display kernel tracepoints or USDT probes and their formats. Examples.
tools/trace: Trace arbitrary functions, with filters. Examples
tools/vfscount tools/vfscount.c: Count VFS calls. Examples.
tools/vfsstat tools/vfsstat.c: Count some VFS calls, with column output. Examples.
tools/wakeuptime: Summarize sleep to wakeup time by waker kernel stack. Examples.
tools/xfsdist: Summarize XFS operation latency distribution as a histogram. Examples.
tools/xfsslower: Trace slow XFS operations. Examples.
tools/zfsdist: Summarize ZFS operation latency distribution as a histogram. Examples.
tools/zfsslower: Trace slow ZFS operations. Examples.
