Workshop: Introduction to the Linux kernel tracing libraries
Ftrace has been the official tracer of the Linux kernel since its introduction in 2009. Its infrastructure is used by other observability features within the kernel including perf and eBPF. The interface to ftrace is very simple and uses reads and writes to the tracefs file system, where most features can be executed from the command line. This interaction is not always that easy to use from within a program. Keeping track of the files to write to and read from requires an understanding of the tracing framework that is not intuitive.
New libraries have been created to facilitate accessing and controlling the ftrace infrastructure file system. Introducing libtracefs, a C library which has a more intuitive interface for enabling and reading trace events. There is also libtraceevent which parses the binary tracing data into human readable format, and a growing libtracecmd that creates and reads a trace.dat file that can be used to transfer saved traces across machines and to even view in visual applications like KernelShark. There is also work to include theses libraries in a python tool called trace-cruncher that will allow your python applications to have the same level of control.
This workshop will describe the interfaces to theses libraries and give examples to allow you to start writing code that enables Linux kernel tracing, and how to make useful use of it.
- Basic understanding of C
- Pre-downloaded/cloned copies of the following repositories and confirm you can build / install them with make; sudo make install
Pre-downloaded/cloned copies of the following repositories and confirm you can build / install them with make libs; sudo make install_libs
You can download the examples used in this presentation here: