Argh. This talk reinforced my existing view of Linux tracing: it's really fragmented.
Five years ago I tried to make some sense of this by researching all of the existing technologies. In the kernel I found:
- ftrace (https://lwn.net/Articles/290277/)
- tracepoints (https://www.kernel.org/doc/Documentation/trace/tracepoints.txt)
- kprobes (https://www.kernel.org/doc/Documentation/kprobes.txt)
- events (https://www.kernel.org/doc/Documentation/trace/events.txt)
Now apparently we can add: - BPF, a packet filter that grew into a tracing framework
(https://lwn.net/Articles/599755/)
In user-space we have: - perf
- systemtap
- lttng
- other, random, fragmented things
This talk seems to add a bunch of other fragmented user-space tools.I don't mean to put down anybody's work, but this stuff will never be user-friendly as long as it remains so fragmented, IMHO.
He didn't mention this in this snippet, but the BCC (BPF Compiler Collection) intends to make this much simpler[1]. In particular it lets you write a tracer in Python (with the BPF program written in C) that attaches the BPF program to whatever types of probe points you like. So while internally there might be all this fragmentation a user shouldn't have to deal with it as much.