Pull Request: eBPF-based CPU Cycle Sampling Module

.pre-commit-config.yaml

@@ -6,6 +6,12 @@ repos:
         args: [--style=google]
     -   id: cpplint
         args: [--filter=-build/include_order]
+        exclude: |
+          (?x)^(
+            subprojects/.*/include/.*\.skel\.h|
+            subprojects/.*/src/vmlinux\.h|
+            include/third-party/.*
+          )$
 -   repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.1.0
     hooks:

examples/csv-testing.cpp

@@ -6,12 +6,12 @@
  * @copyright Copyright (c) 2024. See License for Licensing
  */
 
+#include <efimon/logger/csv.hpp>
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <vector>
 
-#include <efimon/logger/csv.hpp>
-
 using namespace efimon;  // NOLINT
 
 int main(int /*argc*/, char** /*argv*/) {

examples/frequency-query.cpp

@@ -6,12 +6,12 @@
  * @copyright Copyright (c) 2024. See License for Licensing
  */
 
-#include <efimon/proc/cpuinfo.hpp>
-
 #include <unistd.h>
 
+#include <efimon/proc/cpuinfo.hpp>
 #include <iostream>
 #include <utility>
+#include <vector>
 
 int main(int, char **) {
   efimon::CPUInfo info{};

examples/meson.build

@@ -160,3 +160,15 @@ if enable_ptrace_capstone
             install : false,
   )
 endif
+
+if enable_sampling_by_pid
+  executable('sampling-by-pid-testing',
+            [
+              files('sampling-by-pid-testing.cpp')
+            ],
+            cpp_args : cpp_args,
+            include_directories : [project_inc],
+            dependencies: [project_deps, libefimon_dep],
+            install : false,
+  )
+endif

examples/process-manager-threaded.cpp

@@ -6,12 +6,11 @@
  * @copyright Copyright (c) 2024. See License for Licensing
  */
 
-#include <efimon/arg-parser.hpp>
-#include <efimon/process-manager.hpp>
-
 #include <algorithm>
 #include <chrono>              // NOLINT
 #include <condition_variable>  // NOLINT
+#include <efimon/arg-parser.hpp>
+#include <efimon/process-manager.hpp>
 #include <iostream>
 #include <mutex>  // NOLINT
 #include <string>

examples/process-manager.cpp

@@ -6,10 +6,9 @@
  * @copyright Copyright (c) 2024. See License for Licensing
  */
 
+#include <algorithm>
 #include <efimon/arg-parser.hpp>
 #include <efimon/process-manager.hpp>
-
-#include <algorithm>
 #include <iostream>
 #include <string>
 #include <vector>

examples/process-tracking.cpp

@@ -9,13 +9,12 @@
 #include <unistd.h>
 
 #include <algorithm>
+#include <efimon/proc/list.hpp>
 #include <iomanip>
 #include <iostream>
 #include <string>
 #include <vector>
 
-#include <efimon/proc/list.hpp>
-
 int main(int argc, char **argv) {
   std::vector<std::string> users;
 

examples/process-tree.cpp

@@ -9,6 +9,7 @@
 #include <efimon/arg-parser.hpp>
 #include <efimon/logger/macros.hpp>
 #include <efimon/proc/process-tree.hpp>
+#include <iostream>
 #include <string>
 #include <unordered_map>
 #include <vector>

examples/sampling-by-pid-testing.cpp

@@ -0,0 +1,67 @@
+/**
+ * @file sampling-by-pid-testing.cpp
+ * @author Diego Avila (diego.avila@uned.cr)
+ * @brief Example of eBPF Sampling-by-PID observer testing
+ *
+ * @copyright Copyright (c) 2024. See License for Licensing
+ */
+
+#include <unistd.h>
+
+#include <efimon/ebpf-modules/cpu-assembly-sampler/sampling-by-pid.hpp>
+#include <iostream>
+#include <string>
+
+using namespace efimon;  // NOLINT
+
+int main(int argc, char **argv) {
+  if (argc <= 1) {
+    std::cerr << "No PID specified" << std::endl;
+    return -1;
+  }
+
+  uint u_pid = std::atoi(argv[1]);
+  std::cout << "PID: " << u_pid << std::endl;
+
+  SamplingByPIDObserver ob_sampling{u_pid};
+  ob_sampling.SetInterval(2000);
+
+  std::cout << "Sampling for 2 seconds..." << std::endl;
+  auto st_ret = ob_sampling.Trigger();
+  if (st_ret.code != Status::OK) {
+    std::cerr << "ERROR: " << st_ret.msg << std::endl;
+    return -1;
+  }
+
+  std::cout << "Raw eBPF samples collected: "
+            << ob_sampling.GetCollectedSamplesCount() << std::endl;
+  std::cout << "Decoded userspace samples: "
+            << ob_sampling.GetDecodedSamplesCount() << std::endl;
+
+  auto *p_readings_ann =
+      dynamic_cast<InstructionReadings *>(ob_sampling.GetReadings()[0]);
+
+  std::cout << "Histogram:" << std::endl;
+  for (const auto &kv_histogram : p_readings_ann->histogram) {
+    std::cout << "\t" << std::get<0>(kv_histogram) << ": "
+              << std::get<1>(kv_histogram) << std::endl;
+  }
+
+  std::cout << "Classification:" << std::endl;
+  for (const auto &kv_type : p_readings_ann->classification) {
+    std::cout << "\t" << AsmClassifier::TypeString(kv_type.first) << ": "
+              << std::endl;
+    for (const auto &kv_family : kv_type.second) {
+      std::cout << "\t\t" << AsmClassifier::FamilyString(kv_family.first)
+                << ": " << std::endl;
+      for (const auto &kv_origin : kv_family.second) {
+        std::cout << "\t\t\t" << AsmClassifier::OriginString(kv_origin.first)
+                  << ": " << kv_origin.second << std::endl;
+      }
+    }
+  }
+
+  st_ret = ob_sampling.Trigger();
+
+  return 0;
+}

examples/sqlite-testing.cpp

@@ -6,12 +6,12 @@
  * @copyright Copyright (c) 2024. See License for Licensing
  */
 
+#include <efimon/logger/sqlite.hpp>
+#include <memory>
 #include <string>
 #include <unordered_map>
 #include <vector>
 
-#include <efimon/logger/sqlite.hpp>
-
 using namespace efimon;  // NOLINT
 
 int main(int /*argc*/, char** /*argv*/) {

include/efimon/asm-classifier.hpp

@@ -92,8 +92,9 @@ enum class DataOrigin {
  * The first type determines the instruction type, the second the family or
  * group and the third the data origin
  */
-using InstructionPair =
-    std::tuple<assembly::InstructionType, assembly::InstructionFamily, uint8_t>;
+using InstructionPair = std::tuple<assembly::InstructionType,
+                                   assembly::InstructionFamily,  // NOLINT
+                                   uint8_t>;                     // NOLINT
 
 /**
  * Interface to classify the instructions into families and types
@@ -108,18 +109,17 @@ class AsmClassifier {
    * @param operands operands types
    * @return InstructionPair
    */
-  virtual InstructionPair Classify(const std::string &inst,
-                                   const std::string &operands) const
-      noexcept = 0;
+  virtual InstructionPair Classify(
+      const std::string &inst, const std::string &operands) const noexcept = 0;
 
   /**
    * Determines if the operands belong to memory, immediate or register values
    *
    * @param operands as it comes from objdump
    * @return string with r, i or m symbolising the type of operands
    */
-  virtual const std::string OperandTypes(const std::string &operands) const
-      noexcept = 0;
+  virtual const std::string OperandTypes(
+      const std::string &operands) const noexcept = 0;
 
   /**
    * Default destructor for inheritance (implementation)

include/efimon/asm-classifier/x86-classifier.hpp

@@ -37,8 +37,8 @@ class x86Classifier : public AsmClassifier {
    * @param operands as it comes from objdump
    * @return string with r, i or m symbolising the type of operands
    */
-  const std::string OperandTypes(const std::string &operands) const
-      noexcept override;
+  const std::string OperandTypes(
+      const std::string &operands) const noexcept override;
 
   /**
    * Default destructor for inheritance (implementation)

include/efimon/ebpf-modules/cpu-assembly-sampler/meson.build

@@ -0,0 +1,13 @@
+#
+# See LICENSE for more information about licensing
+#  Copyright 2026
+#
+# Author: Diego Avila <diego.avila@uned.cr>
+#
+
+lib_sampling_by_pid_headers = []
+if enable_sampling_by_pid
+  lib_sampling_by_pid_headers += [
+    files('sampling-by-pid.hpp'),
+  ]
+endif