Oracle Company about the work on transferring DTrace-related changes to the upstream and plans to implement DTrace dynamic debugging technology on top of the standard Linux kernel infrastructure, namely using subsystems such as eBPF. Initially, the main problem with using DTrace on Linux was license-level incompatibility, but in 2018 Oracle DTrace code under GPLv2.
DTrace already is offered as part of the extended kernel for the Oracle Linux distribution, but requires additional kernel patches for use in other distributions, which limits the use of this technology. As an example, Oracle detailed instructions for installing and using DTrace on Fedora Linux. Assembly required for installation and using a Linux kernel rebuilt from . To automate the execution of the kernel assembly with Oracle and Fedora patches, it is proposed .
eBPF is a bytecode interpreter built into the Linux kernel that allows you to create network operation handlers, monitor system activity, intercept system calls, control access, process events with preservation of timing (perf_event_open), calculate the frequency and time of operations, perform tracing using kprobes / uprobes /tracepoints. Thanks to the use of JIT compilation, bytecode is translated into machine instructions on the fly and executed with the performance of native code. DTrace can be implemented on top of eBPF, similar to how it is on top of eBPF existing tracing tools.
DTrace technology was developed for the Solaris operating system to solve problems of dynamic tracing of the system kernel and end applications, giving the user the ability to monitor system behavior in detail and diagnose problems in real time. During debugging, DTrace does not affect the operation of the studied applications and does not affect their performance in any way, which allows organizing the analysis of running systems on the fly. Of the strengths of DTrace, a high-level D language, similar to AWK, is noted, in which it is much easier to write trace scripts than when using the tools for writing handlers offered for eBPF in C, Python and Lua with external libraries.
Oracle engineers are also working on building an eBPF backend for GCC and have already published to integrate eBPF support into GCC and including code to support eBPF in GNU binutils. Initially, the backend for eBPF support is based on LLVM technologies, but Oracle is interested in the appearance in GCC of the regular ability to generate programs for eBPF, which will allow using one toolkit for both building the Linux kernel and building programs for eBPF.
In addition to the backend for generating bytecode, the patches proposed for GCC also include a port of libgcc for eBPF and tools for generating ELF files, making it possible to execute code in the eBPF virtual machine using kernel-provided loaders. For now, C code can be translated into bytecode (not all language features are available), but in the future it is expected to expand the C language features available for use, add support for other languages, create a simulator, and add GCC support for debugging eBPF programs without loading into the kernel.
Source: opennet.ru