SlideShare a Scribd company logo

Performance analysis of production systems using DTrace

Download as PPTX, PDF
G
Graeme Jenkinson

The document provides an overview of performance analysis tools like tracing and profiling. It discusses different tracing approaches like print statements, logging frameworks, and debuggers. It introduces DTrace as a dynamic instrumentation tool that allows tracing production systems with zero probe effect. A case study demonstrates using DTrace to analyze NFS latency issues. The document also discusses tracing tools for Linux like ftrace, perf, SystemTap, and eBPF.

Technology
1 of 51
Performance analysis and troubleshooting using DTrace “I keep six honest serving-men (They taught me all I knew); Their names are What and Why and When And How and Where and Who.” - Rudyard Kipling Graeme Jenkinson - Computer Laboratory
Today’s lecture Overview of tracing and profiling DTrace: Dynamic Instrumentation of Production Systems Performance analysis with DTrace - case study Tracing and profiling on Linux Wrap up and questions
Overview of tracing and profiling • A profile provides an inventory of performance events and timings for the execution as a whole. • Sampling at a fixed time interval • Aggregated results - requests/per second • Absolute chronology of events is ignored • A trace records the chronology, often with timestamps: • Absolute chronology of events is preserved • Trace increasing at runtime - must be periodically Focus on tracing
Who did what to who? 04 Intuition library Address of task
Tracing software as a black box • print statements: • printf(“Here”); • #ifndef NDEBUG printf(“State: Connected”); #endif • Logging frameworks: • info!(“State: connected”); • logger.error(“Failed: to write file”); Can declaratively turn on/off logging at compile time Can declaratively turn on/off logging at runtime
Tracing software as a black box - summary Print statements Logging framework Pros • As simple as it gets • Declarative control at compile time • Declarative control at runtime or compile time • Finer grained control of logging (per class/module) • Structured output • Flexibility Cons • Adding tracing requires a recompile (in some case) • Ad-hoc adoption • Inflexible (requiring compile time decisions) • Tiny bit more effort to adopt • Added dependency to codebase
Logging can only get you so far • Errors frequently the result of complex interactions across the software stack • Logging limited to a single layer of the the software stack • Logging frameworks don’t capture the events you want to see
Debuggers • When logging really doesn’t cut it we often break out the debugger • Set breakpoints, single step code, watch variables/registers • Debuggers often struggle when facing certain types of problems: • Heisenbug: “a software bug that seems to disappear or alter its behaviour when one attempts to study it"
Probe effects • Probe effect - act of measuring disturbs system • Electronics - probes introduce additional capacitance, resistance or inductance • Software tracing - probes take time to execute • Bugs from subtle timing effects are common, probe effects can rarely be ignored
Observability/transparency • Rather than treating the system as a black box we need observability into the system when executing • What’s needed is more flexible less intrusive tools, thankful there are plenty of them • Do these tools have a probe effect?
Observability/transparency tools
Observability tools: top NAME top - display Linux processes top (table of processes) - reads kernel state from /proc filesystem (on Linux, FreeBSD); procfs is a pseudo-filesystem that presents information about processes and other system information in a hierarchical filesystem- like structure. Note: procfs doesn’t come free (probe effect). What operations need to be performed?
Observability tools: strace (dtruss Mac OS X, truss FreeBSD) Linux strace - trace system calls and signals Mac OS X (requires disabling System Integrity Protection - El Capitan+) dtruss - process system call details. Uses DTrace. FreeBSD truss - trace system calls
Utilization, Saturation and Errors (USE) • Utilization: the average time that the resource was busy servicing work • Saturation: the degree to which the resource has extra work which it can't service, often queued • Errors: the error count • Resources: • CPUs: sockets, cores, hardware threads (virtual CPUs) • Memory: capacity • Network interfaces • Storage devices: I/O, capacity • Controllers: storage, network cards • Interconnects: CPUs, memory, I/O
Layered architectures and observability • System performance problems are typically introduced at the highest layers of abstraction • Effects are often first encountered and attributed at the lowest layers of abstraction • Observability is required across all layers of the stack
In production analysis • As software engineers we graduate from screwing up our own system to screwing up other peoples • In production tracing must be safe • Probe effect must be zero when disabled - “low” when tracing
DTrace: one tool to rule them all • Developed by Bryan Cantrill, Mike Shapiro, and Adam Leventhal at Sun Microsystems • Release in 2005 by Sun Microsystems • “Performance analysis infrastructure has generally not kept pace with the shift to in- production performance analysis” - Cantrill et al Illumos, FreeBSD, NetBSD, MacOS X Linux (ish), Windows (yuck)
DTrace overview (Cantrill ’04) • Dynamic instrumentation • Zero probe effect when disabled • Unified instrumentation • Instruments both user and kernel level software • Arbitrary-context kernel instrumentation • Can instrument any aspect of the kernel including delicate sub- systems such as the scheduler and synchronisation facilities As a result probes can’t block What is the impact when enabled?
DTrace overview (cont) • Data integrity • Records may be dropped under load - but never silently • High-level control language • Scriptable “arbitrary” actions on probe firing • Predicates that determine whether a probe fires • Scripts executed by in-kernel virtual machine • Production safe • Aborts when system is heavily loaded • Scalable in kernel aggregations (profiling) How is safety preserved?
DTrace overview - anatomy of a dynamic tracer Consum er Compiler fbt::vm_fault:entry { fault_count += 1; } Probes Userspace Buffers (per-CPU) Kernel Results D script
DTrace providers • fbt: Function Boundary Tracing • syscall: System Calls • pid: User space processes • proc: Process Operations • sched: Scheduler • Network Protocols • IP, UDP, TCP • lock: Kernel locking points • io: I/O calls • vfs: Filesystem Routines • profile: Timing source • mac_framework: Mandatory Access Control framework
DTrace providers (cont) dtrace -l List all registered probes dtrace -l -P fbt List probes registered by Function Boundary Tracing provider dtrace -l -f vm_fault List probes for function vm_fault provider:module:function:name kernel module DTrace provider function to trace probe name
DTrace providers (cont) • Statically added probes - added by developers • Known useful points of instrumentation: starting new threads, TCP state machine transitions • Dynamically added - probes automatically work out where to insert probes • Static probes are stable instrumentation points, dynamic probes depend on the specifics of the implementation and therefore are subject to change
DTrace tracing example syscall:::entry /execname == “ls”/ { printf(“syscall = %sn”, probefunc); } dtrace -c ls -n ‘…’ Predicate - only for the ls command Action - Print the probes function Built in variable
DTrace profiling example BEGIN { syscall_count = 0; } syscall:::entry /execname == “ls”/ { syscall_count++; } END { printf(“syscall_count = %dn”, syscall_count); } Initialize the count (global) Print the count Instrument all syscall entries Only for the ls command
DTrace profiling example 2 syscall:::entry /execname == “ls”/ { t[probefunc] = timestamp; } syscall:::return /t[probefunc] != 0/ { @funct[probefunc] = sum(timestamp - t[probefunc]); t[probefunc] = 0; } Other useful profiling probes include profile-199 - why 199 seconds?
DTrace user land example 1 • pid (process ID) provider • Allow tracing of and arbitrary process such as a Web browser of databases • Process does not need to be restarted (important in production) dtrace -n ‘pid$target:::entry { trace(timestamp); }’ - c ls dtrace -n ‘pid$target:::entry { trace(timestamp); }’ - p … process id to trace
DTrace internals - overview
DTrace internals • DTrace core framework • Interfaces to userspace through ioctl() to /dev/dtrace/* • Majority of the code (dtrace.c) is generic framework code • Delegates instrumentation to providers • Implements a virtual machine for the D Intermediate Format (DIF) • Ensures safety of D scripts • Analogous to Java bytecode
DTrace internals • Provider • Holds the knowledge about specific instrumentation techniques • Enables probes when consumer says so (specific to each provider) • Transfer control to DTrace framework by calling dtrace_probe(probe_id) somehow • Then, DTrace framework can performs actions associated with probe • dtrace_probe() • Runs in specialized context known as probe context • Interrupts are disabled for the CPU executing the probe • Does no memory allocation and takes no locks
DTrace internals • D compiler: • Compiles D scripts to D Intermediate Format (DIF) • Assembles DIF into DIFOs (for predicate and actions) • Merges DIFOs into DOF (D Object Format) • DIF has a RISC-like instruction set that supports D language constructs dtrace -S -n 'syscall:freebsd:open:entry {printf("%s %sn", execname, copyinstr(arg0)); }' There’s no spec but we are working on it
DTrace internals • Enabling Control Blocks (ECBs) • Kernel data structure that represents an enabled probe • Each ECB contains DIFO for predicates and actions associated with probe enabling • Can be chained together if multiple consumers are interested in a given probe Probe ECB ECB Predicate DIFO Action DIFO Action DIFO
DTrace internals - Function Boundary Tracing (FBT) • sys_getpid, no DTrace <sys_getpid> push %rbp <sys_getpid+1> mov %rsp,%rbp <sys_getpid+4> mov 0x8(%rdi),%rax <sys_getpid+8> movslq 0xbc(%rax),%rax • sys_getpid, while running dtrace -n ‘fbt:kernel:sys_getpid:entry' • int3 replaces first sys_getpid instruction • push instruction is emulated in the kernel • original push instruction is restored after dtrace exits <sys_getpid> int3 <sys_getpid+1> mov %rsp,%rbp <sys_getpid+4> mov 0x8(%rdi),%rax <sys_getpid+8> movslq 0xbc(%rax),%rax Used by debuggers to set breakpoints - architecture dependent DTrace uses CTF Compressed Type Format) to identify function entry point
DTrace in the real world • How many software engineers are there in the world working in systems? • Boem estimates 700k work in “infrastructure”, which is a fairly broad definition • How many people have used DTrace? ~1000s. • How many people have written DTrace scripts? <1000 • How many people now how DTrace works in any detail? ~100
DTrace case study - Customers are not the enemy • Scenario: Customer system reporting terrible performance • NFS server • SAN backend • ~ 300 Mb/s • 4 socket, 6 cores per socket • Symptoms: Latency is “bad”, our customers are angry. Your product sucks https://www.infoq.com/presentations/dtrace Customers don’t report details like latency is twice average specified in service level agreement!
DTrace case study - Performance goals • Why work isn’t being done? • Thread not being schedule • Queue of work isn’t being processed • Get idle into the system • Identify work being done inefficiently • Identify where cycles are wasted doing the wrong thing Useful DTrace probes of-cpu
DTrace case study - Measuring NFS latency • Analysis: Develop DTrace scripts for measuring NFS latency nfsv3:::op-read-start, nfsv3:::op-write-start { self->ts = timestamp } nfsv3:::op-read-done, nfsv3:::op-write-done { @[probename == “op-write-done” ? “write” : “read” = quantize(timestamp - self.ts); self.ts = 0; } quantize
DTrace case study Synchronous nfsv3:::op-write-start { self->sync = args[2]->stable != 0; } Cache miss sdt:::arc-miss, sdt:::blocked-read { self->io = 1; } Cached, synchronous and asynchronous read/writes very different performance - different populations
DTrace case study - synchronous write • Average latency looks pretty good
DTrace case study - synchronous write Average latency not so useful - outliers dominate Linear Log
DTrace case study - summary • Instrumentation with DTrace identified issues with… • Throttling, inefficiencies in code and a heavily contented lock • Lessons learnt • Need to analyse performance on real-world systems • Right tools, right questions • Remedies without analysis don’t work and antagonise customers • Systems shouldn't absorb all the pain
DTrace in the real world • DTrace Toolkit • http://www.brendangregg.com/dtracetoolkit.html • DTrace one liners • http://www.brendangregg.com/DTrace/dtrace_oneliners. txt • https://wiki.freebsd.org/DTrace/One-Liners
One tool to rule them all… • In 2017 in production means a distributed system • Gap opened up once again between the types of in-production analysis we’d like to perform and available tools • Distributed DTrace - see CADETS project • Tracing internode flows? • Volumes of data • Security? • What about heterogenous environments? • Need to instrument Linux, Ilumos, FreeBSD environments seamlessly
Linux: One tool to rule them all… not so much
ftrace and perf • ftrace • Tracing utility built directly into the Linux kernel # cd /sys/kernel/debug/tracing # cat available_tracers • To enable tracer: # echo function_graph > current_tracer
perf • perf - instruments "events", which are a unified interface for different kernel instrumentation frameworks. • Hardware Events: These instrument low-level processor activity based on CPU performance counters. For example, CPU cycles, instructions retired, memory stall cycles, level 2 cache misses, etc. Some will be listed as Hardware Cache Events. • Software Events: These are low level events based on kernel counters. For example, CPU migrations, minor faults, major faults, etc.
perf (cont) • perf - instruments "events", which are a unified interface for different kernel instrumentation frameworks. • Tracepoint Events: This are kernel-level events based on the ftrace framework. These tracepoints are placed in interesting and logical locations of the kernel, so that higher-level behavior can be easily traced. For example, system calls, TCP events, file system I/O, disk I/O, etc. These are grouped into libraries of tracepoints; eg, "sock:" for socket events, "sched:" for CPU scheduler events. • Dynamic Tracing: Software can be dynamically instrumented, creating events in any location. For kernel software, this uses the kprobes framework. For user- level software, uprobes. • Timed Profiling: Snapshots can be collected at an arbitrary frequency, using perf record -FHz. This is commonly used for CPU usage profiling, and works by creating custom timed interrupt events.
SystemTap • Scripting language and tool for dynamically instrumenting running production Linux kernel-based operating systems • stap -v -e 'probe vfs.read {printf("read performedn"); exit()}' virtual file system read • “safe to use in production?” “yes” https://sourceware.org/systemtap/wiki/SystemtapDtraceComparison
BPF (nee eBPF) • Berkley Packet Filter (PBF) • Interface to data link layers to capture raw packets (tcpdump) • BPF virtual machine executes user scripts to filter packets • JIT BPF instructions to native code - to improve performance • Bytecode Probe Framework (maybe?) • DTrace-like facilities attaching BPF scripts to tracepoints: kprobes, uprobes, tracepoints (soon) • bcc front-end (and others) • What can we do with BPF? • “crazy stuff” Designed for tracing 10GbE networking - highly performant Walk stacks…
Bytecode Probe Framework BPF kprobes uprobes tracepoints maps KernelUserland BPF bytecode per-event data statistics generate load async read perf output per-event output and in-kernel summarisation
Any questions? Tracing tools quickly outperform log based analysis in production Vast array of tracing tools in Linux and BSD-based operating systems DTrace provides unified tracing with guaranteed safety in production All tracing mechanisms introduce probe effects Probe effects can change the very behaviour we are investigating Measure (on the real system), analyse and remediate - don’t guess DTrace on Linux isn’t production ready but other tools such as SystemTap and eBPF are roughly equivalent

Recommended

Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Nikolay Savvinov
 
Linux Instrumentation
Linux InstrumentationLinux Instrumentation
Linux InstrumentationDarkStarSword
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorSam Bowne
 
Gnu linux for safety related systems
Gnu linux for safety related systemsGnu linux for safety related systems
Gnu linux for safety related systemsDTQ4
 
Real Time Kernels
Real Time KernelsReal Time Kernels
Real Time KernelsArnav Soni
 
Networking Architecture of Warframe
Networking Architecture of WarframeNetworking Architecture of Warframe
Networking Architecture of WarframeMaciej Siniło
 
RT linux
RT linuxRT linux
RT linuxSARITHA REDDY
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 

Recommended

Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Using the big guns: Advanced OS performance tools for troubleshooting databas...
Using the big guns: Advanced OS performance tools for troubleshooting databas...Nikolay Savvinov
 
Linux Instrumentation
Linux InstrumentationLinux Instrumentation
Linux InstrumentationDarkStarSword
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorSam Bowne
 
Gnu linux for safety related systems
Gnu linux for safety related systemsGnu linux for safety related systems
Gnu linux for safety related systemsDTQ4
 
Real Time Kernels
Real Time KernelsReal Time Kernels
Real Time KernelsArnav Soni
 
Networking Architecture of Warframe
Networking Architecture of WarframeNetworking Architecture of Warframe
Networking Architecture of WarframeMaciej Siniło
 
RT linux
RT linuxRT linux
RT linuxSARITHA REDDY
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
Real time Linux
Real time LinuxReal time Linux
Real time Linuxnavid ashrafi
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidE Hacking
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel ExploitationzeroSteiner
 
Rt linux-lab1
Rt linux-lab1Rt linux-lab1
Rt linux-lab1JOLLUSUDARSHANREDDY
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronizationWelly Dian Astika
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?zeroSteiner
 
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...peknap
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals哲豪 康哲豪
 
Operating Systems 1 (8/12) - Concurrency
Operating Systems 1 (8/12) - ConcurrencyOperating Systems 1 (8/12) - Concurrency
Operating Systems 1 (8/12) - ConcurrencyPeter Tröger
 
Demo
DemoDemo
Demosean chen
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationzeroSteiner
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & MeltdownMurray Security Services
 
Ravel: Pinpointing Vulnerabilities
Ravel: Pinpointing VulnerabilitiesRavel: Pinpointing Vulnerabilities
Ravel: Pinpointing VulnerabilitiesYue Chen
 
Uvm dac2011 final_color
Uvm dac2011 final_colorUvm dac2011 final_color
Uvm dac2011 final_colorJamal EL HAITOUT
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr BrownzeroSteiner
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgSam Bowne
 
Android Mind Reading: Android Live Memory Analysis with LiME and Volatility
Android Mind Reading: Android Live Memory Analysis with LiME and VolatilityAndroid Mind Reading: Android Live Memory Analysis with LiME and Volatility
Android Mind Reading: Android Live Memory Analysis with LiME and VolatilityJoe Sylve
 
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012TEST Huddle
 
1230 Rtf Final
1230 Rtf Final1230 Rtf Final
1230 Rtf Finalluisotaviomedici
 
Mastering Real-time Linux
Mastering Real-time LinuxMastering Real-time Linux
Mastering Real-time LinuxJean-François Deverge
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
Language for teaching a language
Language for teaching a languageLanguage for teaching a language
Language for teaching a languageBabylen Arit
 

More Related Content

What's hot

Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidE Hacking
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel ExploitationzeroSteiner
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?zeroSteiner
 
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...peknap
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals哲豪 康哲豪
 
Operating Systems 1 (8/12) - Concurrency
Operating Systems 1 (8/12) - ConcurrencyOperating Systems 1 (8/12) - Concurrency
Operating Systems 1 (8/12) - ConcurrencyPeter Tröger
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationzeroSteiner
 
Ravel: Pinpointing Vulnerabilities
Ravel: Pinpointing VulnerabilitiesRavel: Pinpointing Vulnerabilities
Ravel: Pinpointing VulnerabilitiesYue Chen
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr BrownzeroSteiner
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgSam Bowne
 
Android Mind Reading: Android Live Memory Analysis with LiME and Volatility
Android Mind Reading: Android Live Memory Analysis with LiME and VolatilityAndroid Mind Reading: Android Live Memory Analysis with LiME and Volatility
Android Mind Reading: Android Live Memory Analysis with LiME and VolatilityJoe Sylve
 
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012TEST Huddle
 

What's hot (20)

Real time Linux
Real time LinuxReal time Linux
Real time Linux
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in Android
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
 
Rt linux-lab1
Rt linux-lab1Rt linux-lab1
Rt linux-lab1
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronization
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?
 
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals
 
Operating Systems 1 (8/12) - Concurrency
Operating Systems 1 (8/12) - ConcurrencyOperating Systems 1 (8/12) - Concurrency
Operating Systems 1 (8/12) - Concurrency
 
Demo
DemoDemo
Demo
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel Exploitation
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Ravel: Pinpointing Vulnerabilities
Ravel: Pinpointing VulnerabilitiesRavel: Pinpointing Vulnerabilities
Ravel: Pinpointing Vulnerabilities
 
Uvm dac2011 final_color
Uvm dac2011 final_colorUvm dac2011 final_color
Uvm dac2011 final_color
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr Brown
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbg
 
Android Mind Reading: Android Live Memory Analysis with LiME and Volatility
Android Mind Reading: Android Live Memory Analysis with LiME and VolatilityAndroid Mind Reading: Android Live Memory Analysis with LiME and Volatility
Android Mind Reading: Android Live Memory Analysis with LiME and Volatility
 
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012
 
1230 Rtf Final
1230 Rtf Final1230 Rtf Final
1230 Rtf Final
 
Mastering Real-time Linux
Mastering Real-time LinuxMastering Real-time Linux
Mastering Real-time Linux
 

Viewers also liked

Language for teaching a language
Language for teaching a languageLanguage for teaching a language
Language for teaching a languageBabylen Arit
 
The Kipling-Zachman lens
The Kipling-Zachman lensThe Kipling-Zachman lens
The Kipling-Zachman lensRichard Veryard
 
SIO Workshop: Course Design 2 - Alternatives to Lecture
SIO Workshop: Course Design 2 - Alternatives to LectureSIO Workshop: Course Design 2 - Alternatives to Lecture
SIO Workshop: Course Design 2 - Alternatives to LecturePeter Newbury
 
Basicsofmri 090416164546-phpapp01
Basicsofmri 090416164546-phpapp01Basicsofmri 090416164546-phpapp01
Basicsofmri 090416164546-phpapp01Mukhtar Khan
 
Webstock 2013: An Animating Spark
Webstock 2013: An Animating SparkWebstock 2013: An Animating Spark
Webstock 2013: An Animating SparkTom Coates
 
Multiplication as repeated addition and Division as repeated subtraction
Multiplication as repeated addition and Division as repeated subtractionMultiplication as repeated addition and Division as repeated subtraction
Multiplication as repeated addition and Division as repeated subtractionBabylen Arit
 
Quality Assurance of Knowledge
Quality Assurance of KnowledgeQuality Assurance of Knowledge
Quality Assurance of KnowledgeAlan Cann
 
Social Cognitive Theory, Observational Learning
Social Cognitive Theory, Observational LearningSocial Cognitive Theory, Observational Learning
Social Cognitive Theory, Observational LearningBabylen Arit
 
Process skills in Science
Process skills in ScienceProcess skills in Science
Process skills in ScienceBabylen Arit
 
Language description (Applied Linguistics)
Language description (Applied Linguistics) Language description (Applied Linguistics)
Language description (Applied Linguistics) Khaleel Al Bataineh
 
Esp.section 1.chapter 2
Esp.section 1.chapter 2Esp.section 1.chapter 2
Esp.section 1.chapter 2Gerta Davidhi
 
Historical theories of language development
Historical theories of language developmentHistorical theories of language development
Historical theories of language developmentBabylen Arit
 
Math lesson problem solving
Math lesson problem solvingMath lesson problem solving
Math lesson problem solvingBabylen Arit
 

Viewers also liked (20)

Index chrome
Index chromeIndex chrome
Index chrome
 
Language for teaching a language
Language for teaching a languageLanguage for teaching a language
Language for teaching a language
 
The Kipling-Zachman lens
The Kipling-Zachman lensThe Kipling-Zachman lens
The Kipling-Zachman lens
 
Pcos presentation
Pcos presentationPcos presentation
Pcos presentation
 
SIO Workshop: Course Design 2 - Alternatives to Lecture
SIO Workshop: Course Design 2 - Alternatives to LectureSIO Workshop: Course Design 2 - Alternatives to Lecture
SIO Workshop: Course Design 2 - Alternatives to Lecture
 
Basicsofmri 090416164546-phpapp01
Basicsofmri 090416164546-phpapp01Basicsofmri 090416164546-phpapp01
Basicsofmri 090416164546-phpapp01
 
Webstock 2013: An Animating Spark
Webstock 2013: An Animating SparkWebstock 2013: An Animating Spark
Webstock 2013: An Animating Spark
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Multiplication as repeated addition and Division as repeated subtraction
Multiplication as repeated addition and Division as repeated subtractionMultiplication as repeated addition and Division as repeated subtraction
Multiplication as repeated addition and Division as repeated subtraction
 
6 Ws
6 Ws6 Ws
6 Ws
 
Quality Assurance of Knowledge
Quality Assurance of KnowledgeQuality Assurance of Knowledge
Quality Assurance of Knowledge
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Social Cognitive Theory, Observational Learning
Social Cognitive Theory, Observational LearningSocial Cognitive Theory, Observational Learning
Social Cognitive Theory, Observational Learning
 
Moovaxis
MoovaxisMoovaxis
Moovaxis
 
Process skills in Science
Process skills in ScienceProcess skills in Science
Process skills in Science
 
High voltage module
High voltage moduleHigh voltage module
High voltage module
 
Language description (Applied Linguistics)
Language description (Applied Linguistics) Language description (Applied Linguistics)
Language description (Applied Linguistics)
 
Esp.section 1.chapter 2
Esp.section 1.chapter 2Esp.section 1.chapter 2
Esp.section 1.chapter 2
 
Historical theories of language development
Historical theories of language developmentHistorical theories of language development
Historical theories of language development
 
Math lesson problem solving
Math lesson problem solvingMath lesson problem solving
Math lesson problem solving
 

Similar to Performance analysis of production systems using DTrace

Solaris DTrace, An Introduction
Solaris DTrace, An IntroductionSolaris DTrace, An Introduction
Solaris DTrace, An Introductionsatyajit_t
 
Découvrir dtrace en ligne de commande.
Découvrir dtrace en ligne de commande.Découvrir dtrace en ligne de commande.
Découvrir dtrace en ligne de commande.CocoaHeads France
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment isc2-hellenic
 
dtrace_topics_intro.pdf
dtrace_topics_intro.pdfdtrace_topics_intro.pdf
dtrace_topics_intro.pdfssuser785ce21
 
Systems Performance: Enterprise and the Cloud
Systems Performance: Enterprise and the CloudSystems Performance: Enterprise and the Cloud
Systems Performance: Enterprise and the CloudBrendan Gregg
 
Computer system organization
Computer system organizationComputer system organization
Computer system organizationSyed Zaid Irshad
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingRISC-V International
 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017OpenEBS
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
how-to-bypass-AM-PPL
how-to-bypass-AM-PPLhow-to-bypass-AM-PPL
how-to-bypass-AM-PPLnitinscribd
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisBrendan Gregg
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsHeroku
 
Week1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC BeginWeek1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC Begin敬倫 林
 
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slapDEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slapFelipe Prado
 
HPC Application Profiling & Analysis
HPC Application Profiling & AnalysisHPC Application Profiling & Analysis
HPC Application Profiling & AnalysisRishi Pathak
 

Similar to Performance analysis of production systems using DTrace (20)

Solaris DTrace, An Introduction
Solaris DTrace, An IntroductionSolaris DTrace, An Introduction
Solaris DTrace, An Introduction
 
Découvrir dtrace en ligne de commande.
Découvrir dtrace en ligne de commande.Découvrir dtrace en ligne de commande.
Découvrir dtrace en ligne de commande.
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
dtrace_topics_intro.pdf
dtrace_topics_intro.pdfdtrace_topics_intro.pdf
dtrace_topics_intro.pdf
 
Systems Performance: Enterprise and the Cloud
Systems Performance: Enterprise and the CloudSystems Performance: Enterprise and the Cloud
Systems Performance: Enterprise and the Cloud
 
Computer system organization
Computer system organizationComputer system organization
Computer system organization
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testing
 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
how-to-bypass-AM-PPL
how-to-bypass-AM-PPLhow-to-bypass-AM-PPL
how-to-bypass-AM-PPL
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Os lectures
Os lecturesOs lectures
Os lectures
 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
 
Week1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC BeginWeek1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC Begin
 
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slapDEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
 
Defending Your "Gold"
Defending Your "Gold"Defending Your "Gold"
Defending Your "Gold"
 
HPC Application Profiling & Analysis
HPC Application Profiling & AnalysisHPC Application Profiling & Analysis
HPC Application Profiling & Analysis
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Performance analysis of production systems using DTrace

  • 1. Performance analysis and troubleshooting using DTrace “I keep six honest serving-men (They taught me all I knew); Their names are What and Why and When And How and Where and Who.” - Rudyard Kipling Graeme Jenkinson - Computer Laboratory
  • 2. Today’s lecture Overview of tracing and profiling DTrace: Dynamic Instrumentation of Production Systems Performance analysis with DTrace - case study Tracing and profiling on Linux Wrap up and questions
  • 3. Overview of tracing and profiling • A profile provides an inventory of performance events and timings for the execution as a whole. • Sampling at a fixed time interval • Aggregated results - requests/per second • Absolute chronology of events is ignored • A trace records the chronology, often with timestamps: • Absolute chronology of events is preserved • Trace increasing at runtime - must be periodically Focus on tracing
  • 4. Who did what to who? 04 Intuition library Address of task
  • 5. Tracing software as a black box • print statements: • printf(“Here”); • #ifndef NDEBUG printf(“State: Connected”); #endif • Logging frameworks: • info!(“State: connected”); • logger.error(“Failed: to write file”); Can declaratively turn on/off logging at compile time Can declaratively turn on/off logging at runtime
  • 6. Tracing software as a black box - summary Print statements Logging framework Pros • As simple as it gets • Declarative control at compile time • Declarative control at runtime or compile time • Finer grained control of logging (per class/module) • Structured output • Flexibility Cons • Adding tracing requires a recompile (in some case) • Ad-hoc adoption • Inflexible (requiring compile time decisions) • Tiny bit more effort to adopt • Added dependency to codebase
  • 7. Logging can only get you so far • Errors frequently the result of complex interactions across the software stack • Logging limited to a single layer of the the software stack • Logging frameworks don’t capture the events you want to see
  • 8. Debuggers • When logging really doesn’t cut it we often break out the debugger • Set breakpoints, single step code, watch variables/registers • Debuggers often struggle when facing certain types of problems: • Heisenbug: “a software bug that seems to disappear or alter its behaviour when one attempts to study it"
  • 9. Probe effects • Probe effect - act of measuring disturbs system • Electronics - probes introduce additional capacitance, resistance or inductance • Software tracing - probes take time to execute • Bugs from subtle timing effects are common, probe effects can rarely be ignored
  • 10. Observability/transparency • Rather than treating the system as a black box we need observability into the system when executing • What’s needed is more flexible less intrusive tools, thankful there are plenty of them • Do these tools have a probe effect?
  • 12. Observability tools: top NAME top - display Linux processes top (table of processes) - reads kernel state from /proc filesystem (on Linux, FreeBSD); procfs is a pseudo-filesystem that presents information about processes and other system information in a hierarchical filesystem- like structure. Note: procfs doesn’t come free (probe effect). What operations need to be performed?
  • 13. Observability tools: strace (dtruss Mac OS X, truss FreeBSD) Linux strace - trace system calls and signals Mac OS X (requires disabling System Integrity Protection - El Capitan+) dtruss - process system call details. Uses DTrace. FreeBSD truss - trace system calls
  • 14. Utilization, Saturation and Errors (USE) • Utilization: the average time that the resource was busy servicing work • Saturation: the degree to which the resource has extra work which it can't service, often queued • Errors: the error count • Resources: • CPUs: sockets, cores, hardware threads (virtual CPUs) • Memory: capacity • Network interfaces • Storage devices: I/O, capacity • Controllers: storage, network cards • Interconnects: CPUs, memory, I/O
  • 15. Layered architectures and observability • System performance problems are typically introduced at the highest layers of abstraction • Effects are often first encountered and attributed at the lowest layers of abstraction • Observability is required across all layers of the stack
  • 16. In production analysis • As software engineers we graduate from screwing up our own system to screwing up other peoples • In production tracing must be safe • Probe effect must be zero when disabled - “low” when tracing
  • 17. DTrace: one tool to rule them all • Developed by Bryan Cantrill, Mike Shapiro, and Adam Leventhal at Sun Microsystems • Release in 2005 by Sun Microsystems • “Performance analysis infrastructure has generally not kept pace with the shift to in- production performance analysis” - Cantrill et al Illumos, FreeBSD, NetBSD, MacOS X Linux (ish), Windows (yuck)
  • 18. DTrace overview (Cantrill ’04) • Dynamic instrumentation • Zero probe effect when disabled • Unified instrumentation • Instruments both user and kernel level software • Arbitrary-context kernel instrumentation • Can instrument any aspect of the kernel including delicate sub- systems such as the scheduler and synchronisation facilities As a result probes can’t block What is the impact when enabled?
  • 19. DTrace overview (cont) • Data integrity • Records may be dropped under load - but never silently • High-level control language • Scriptable “arbitrary” actions on probe firing • Predicates that determine whether a probe fires • Scripts executed by in-kernel virtual machine • Production safe • Aborts when system is heavily loaded • Scalable in kernel aggregations (profiling) How is safety preserved?
  • 20. DTrace overview - anatomy of a dynamic tracer Consum er Compiler fbt::vm_fault:entry { fault_count += 1; } Probes Userspace Buffers (per-CPU) Kernel Results D script
  • 21. DTrace providers • fbt: Function Boundary Tracing • syscall: System Calls • pid: User space processes • proc: Process Operations • sched: Scheduler • Network Protocols • IP, UDP, TCP • lock: Kernel locking points • io: I/O calls • vfs: Filesystem Routines • profile: Timing source • mac_framework: Mandatory Access Control framework
  • 22. DTrace providers (cont) dtrace -l List all registered probes dtrace -l -P fbt List probes registered by Function Boundary Tracing provider dtrace -l -f vm_fault List probes for function vm_fault provider:module:function:name kernel module DTrace provider function to trace probe name
  • 23. DTrace providers (cont) • Statically added probes - added by developers • Known useful points of instrumentation: starting new threads, TCP state machine transitions • Dynamically added - probes automatically work out where to insert probes • Static probes are stable instrumentation points, dynamic probes depend on the specifics of the implementation and therefore are subject to change
  • 24. DTrace tracing example syscall:::entry /execname == “ls”/ { printf(“syscall = %sn”, probefunc); } dtrace -c ls -n ‘…’ Predicate - only for the ls command Action - Print the probes function Built in variable
  • 25. DTrace profiling example BEGIN { syscall_count = 0; } syscall:::entry /execname == “ls”/ { syscall_count++; } END { printf(“syscall_count = %dn”, syscall_count); } Initialize the count (global) Print the count Instrument all syscall entries Only for the ls command
  • 26. DTrace profiling example 2 syscall:::entry /execname == “ls”/ { t[probefunc] = timestamp; } syscall:::return /t[probefunc] != 0/ { @funct[probefunc] = sum(timestamp - t[probefunc]); t[probefunc] = 0; } Other useful profiling probes include profile-199 - why 199 seconds?
  • 27. DTrace user land example 1 • pid (process ID) provider • Allow tracing of and arbitrary process such as a Web browser of databases • Process does not need to be restarted (important in production) dtrace -n ‘pid$target:::entry { trace(timestamp); }’ - c ls dtrace -n ‘pid$target:::entry { trace(timestamp); }’ - p … process id to trace
  • 28. DTrace internals - overview
  • 29. DTrace internals • DTrace core framework • Interfaces to userspace through ioctl() to /dev/dtrace/* • Majority of the code (dtrace.c) is generic framework code • Delegates instrumentation to providers • Implements a virtual machine for the D Intermediate Format (DIF) • Ensures safety of D scripts • Analogous to Java bytecode
  • 30. DTrace internals • Provider • Holds the knowledge about specific instrumentation techniques • Enables probes when consumer says so (specific to each provider) • Transfer control to DTrace framework by calling dtrace_probe(probe_id) somehow • Then, DTrace framework can performs actions associated with probe • dtrace_probe() • Runs in specialized context known as probe context • Interrupts are disabled for the CPU executing the probe • Does no memory allocation and takes no locks
  • 31. DTrace internals • D compiler: • Compiles D scripts to D Intermediate Format (DIF) • Assembles DIF into DIFOs (for predicate and actions) • Merges DIFOs into DOF (D Object Format) • DIF has a RISC-like instruction set that supports D language constructs dtrace -S -n 'syscall:freebsd:open:entry {printf("%s %sn", execname, copyinstr(arg0)); }' There’s no spec but we are working on it
  • 32. DTrace internals • Enabling Control Blocks (ECBs) • Kernel data structure that represents an enabled probe • Each ECB contains DIFO for predicates and actions associated with probe enabling • Can be chained together if multiple consumers are interested in a given probe Probe ECB ECB Predicate DIFO Action DIFO Action DIFO
  • 33. DTrace internals - Function Boundary Tracing (FBT) • sys_getpid, no DTrace <sys_getpid> push %rbp <sys_getpid+1> mov %rsp,%rbp <sys_getpid+4> mov 0x8(%rdi),%rax <sys_getpid+8> movslq 0xbc(%rax),%rax • sys_getpid, while running dtrace -n ‘fbt:kernel:sys_getpid:entry' • int3 replaces first sys_getpid instruction • push instruction is emulated in the kernel • original push instruction is restored after dtrace exits <sys_getpid> int3 <sys_getpid+1> mov %rsp,%rbp <sys_getpid+4> mov 0x8(%rdi),%rax <sys_getpid+8> movslq 0xbc(%rax),%rax Used by debuggers to set breakpoints - architecture dependent DTrace uses CTF Compressed Type Format) to identify function entry point
  • 34. DTrace in the real world • How many software engineers are there in the world working in systems? • Boem estimates 700k work in “infrastructure”, which is a fairly broad definition • How many people have used DTrace? ~1000s. • How many people have written DTrace scripts? <1000 • How many people now how DTrace works in any detail? ~100
  • 35. DTrace case study - Customers are not the enemy • Scenario: Customer system reporting terrible performance • NFS server • SAN backend • ~ 300 Mb/s • 4 socket, 6 cores per socket • Symptoms: Latency is “bad”, our customers are angry. Your product sucks https://www.infoq.com/presentations/dtrace Customers don’t report details like latency is twice average specified in service level agreement!
  • 36. DTrace case study - Performance goals • Why work isn’t being done? • Thread not being schedule • Queue of work isn’t being processed • Get idle into the system • Identify work being done inefficiently • Identify where cycles are wasted doing the wrong thing Useful DTrace probes of-cpu
  • 37. DTrace case study - Measuring NFS latency • Analysis: Develop DTrace scripts for measuring NFS latency nfsv3:::op-read-start, nfsv3:::op-write-start { self->ts = timestamp } nfsv3:::op-read-done, nfsv3:::op-write-done { @[probename == “op-write-done” ? “write” : “read” = quantize(timestamp - self.ts); self.ts = 0; } quantize
  • 38. DTrace case study Synchronous nfsv3:::op-write-start { self->sync = args[2]->stable != 0; } Cache miss sdt:::arc-miss, sdt:::blocked-read { self->io = 1; } Cached, synchronous and asynchronous read/writes very different performance - different populations
  • 39. DTrace case study - synchronous write • Average latency looks pretty good
  • 40. DTrace case study - synchronous write Average latency not so useful - outliers dominate Linear Log
  • 41. DTrace case study - summary • Instrumentation with DTrace identified issues with… • Throttling, inefficiencies in code and a heavily contented lock • Lessons learnt • Need to analyse performance on real-world systems • Right tools, right questions • Remedies without analysis don’t work and antagonise customers • Systems shouldn't absorb all the pain
  • 42. DTrace in the real world • DTrace Toolkit • http://www.brendangregg.com/dtracetoolkit.html • DTrace one liners • http://www.brendangregg.com/DTrace/dtrace_oneliners. txt • https://wiki.freebsd.org/DTrace/One-Liners
  • 43. One tool to rule them all… • In 2017 in production means a distributed system • Gap opened up once again between the types of in-production analysis we’d like to perform and available tools • Distributed DTrace - see CADETS project • Tracing internode flows? • Volumes of data • Security? • What about heterogenous environments? • Need to instrument Linux, Ilumos, FreeBSD environments seamlessly
  • 44. Linux: One tool to rule them all… not so much
  • 45. ftrace and perf • ftrace • Tracing utility built directly into the Linux kernel # cd /sys/kernel/debug/tracing # cat available_tracers • To enable tracer: # echo function_graph > current_tracer
  • 46. perf • perf - instruments "events", which are a unified interface for different kernel instrumentation frameworks. • Hardware Events: These instrument low-level processor activity based on CPU performance counters. For example, CPU cycles, instructions retired, memory stall cycles, level 2 cache misses, etc. Some will be listed as Hardware Cache Events. • Software Events: These are low level events based on kernel counters. For example, CPU migrations, minor faults, major faults, etc.
  • 47. perf (cont) • perf - instruments "events", which are a unified interface for different kernel instrumentation frameworks. • Tracepoint Events: This are kernel-level events based on the ftrace framework. These tracepoints are placed in interesting and logical locations of the kernel, so that higher-level behavior can be easily traced. For example, system calls, TCP events, file system I/O, disk I/O, etc. These are grouped into libraries of tracepoints; eg, "sock:" for socket events, "sched:" for CPU scheduler events. • Dynamic Tracing: Software can be dynamically instrumented, creating events in any location. For kernel software, this uses the kprobes framework. For user- level software, uprobes. • Timed Profiling: Snapshots can be collected at an arbitrary frequency, using perf record -FHz. This is commonly used for CPU usage profiling, and works by creating custom timed interrupt events.
  • 48. SystemTap • Scripting language and tool for dynamically instrumenting running production Linux kernel-based operating systems • stap -v -e 'probe vfs.read {printf("read performedn"); exit()}' virtual file system read • “safe to use in production?” “yes” https://sourceware.org/systemtap/wiki/SystemtapDtraceComparison
  • 49. BPF (nee eBPF) • Berkley Packet Filter (PBF) • Interface to data link layers to capture raw packets (tcpdump) • BPF virtual machine executes user scripts to filter packets • JIT BPF instructions to native code - to improve performance • Bytecode Probe Framework (maybe?) • DTrace-like facilities attaching BPF scripts to tracepoints: kprobes, uprobes, tracepoints (soon) • bcc front-end (and others) • What can we do with BPF? • “crazy stuff” Designed for tracing 10GbE networking - highly performant Walk stacks…
  • 50. Bytecode Probe Framework BPF kprobes uprobes tracepoints maps KernelUserland BPF bytecode per-event data statistics generate load async read perf output per-event output and in-kernel summarisation
  • 51. Any questions? Tracing tools quickly outperform log based analysis in production Vast array of tracing tools in Linux and BSD-based operating systems DTrace provides unified tracing with guaranteed safety in production All tracing mechanisms introduce probe effects Probe effects can change the very behaviour we are investigating Measure (on the real system), analyse and remediate - don’t guess DTrace on Linux isn’t production ready but other tools such as SystemTap and eBPF are roughly equivalent