[pzakha]

Hi Brendan, thanks for the update and the work on this! Coming from dtrace, the main thing missing in bpftrace when doing kernel debugging is being able to navigate structs.

You've mentioned that we do have BTF now in Linux 4.18. I've tried to find if it was leveraged in bpftrace, but it looks like it isn't yet. I see you've opened an issue in one of the bpftrace forks related to this here: https://github.com/ajor/bpftrace/issues/30.

Do you know if there's been any update on this? Support for BTF/CTF would be amazing.

[brendangregg]

That's the old repo (we should add a note to it pointing people to https://github.com/iovisor/bpftrace instead!)

Alastair added struct support for kprobes yesterday, based on the functionality in bcc (which bpftrace uses). That was the final missing piece, and why I'm posting about it now. See the last example here:

https://github.com/iovisor/bpftrace/blob/master/docs/referen...

It's the same struct support we had in bcc, using linux kernel headers. Some things are available, some are not. Just like in bcc, we sometimes need to define some of a missing struct.

BTF will mean that all structs are available, plus, bpftrace should be able to automatically figure out the arguments so you don't have to cast them. It'll be great, but in the meantime, I am able to do tons of stuff.

[pzakha]

Fair enough. Having to include headers is one thing I found tricky with BCC, as there's sometimes non-trivial dependencies between various header files, especially for kernel modules that aren't included in the mainline kernel. That said I'm very excited to see all the progress that's been done in bpftrace, and looking forward to what's to come.