Supporting bpf_asm syntax in strace
Eugene Syromiatnikov
esyr at redhat.com
Tue Jun 5 16:36:07 UTC 2018
On Tue, Jun 05, 2018 at 07:13:45PM +0300, Elazar Leibovich wrote:
> Hi,
>
> Currently the format in which BPF programs are printed, is an strace
> specific format.
>
> It's a fine format, but, except of being verbose, it's incompatible with
> kernel's tooling.
>
> Currently abbreviated format, and none-verbose format are identical.
>
> I therefor suggest the following:
>
> None-verbose format would remain as it is today. That is, printout of the
> BPF program address only without traversing it, like the man page says.
>
> Verbose and abbreviated format, would be the bpf_asm format of <len>,<op>
> <jt> <jf> <k>,.... which is indeed shorter.
>
> Verbose and none-abbreviated format would be the current format.
>
> The main advantage of my proposal is that in bpf_asm compatible mode, you
> can dump it to bpf_debug, run it, dump it etc. I'm not aware of tooling
> that supports the current format.
>
> I have a patch to submit, if you think this is a good solution.
>
> What do you think?
I'm actually planning to continue improving BPF program output format,
as there is a lot of work to do, and making it closer to verifier/bpftool
output is on my todo list, so, yeah, the patch like that will be pretty
much appreciated.
But, there are two things I have in my mind:
* We try to stick to C-like syntax as much as possible, so, for a BPF
assembly dump some syntax should be invented for printing those dumps
(like, enclose it in some combination of braces/quotes/...).
* I'm also thinking about (and leaning to) I/O dump-like format, when
program disassembly is printed after the syscall.
More information about the Strace-devel
mailing list