Paul Chaignon's GSoC status report - #9 of 12
Paul Chaignon
paul.chaignon at gmail.com
Tue Jul 30 10:10:09 UTC 2019
On Tue, Jul 30, 2019 at 10:13:08AM +0200, Eugene Syromyatnikov wrote:
> On Mon, Jul 29, 2019 at 9:21 PM Paul Chaignon <paul.chaignon at gmail.com> wrote:
> > - Finished implementing generation of bit matching BPF program. On a
> > first look, results are not as good as I expected. For instance, for
> > x86_64 personality, when tracing a single syscall (bpf(2)), linear BPF
> > program has 8 instructions whereas binary match program has 35
> > instructions. It would take a large number of traced syscalls to make
> > the binary match program the best choice...
> What about -e trace=%net, %file, or other (popular) syscall class?
I haven't checked those yet, but that's what I was planning on using to
have common/representative sets of traced syscalls in evals.
Even with those, it's not sure the binary match program will be better.
In the worst case, the linear program requires one more instruction per
new traced syscall, and often less (when there are continuous sequences of
syscalls to trace). So we would need at least 27 additional traced
syscalls to make the binary match worth it.
There may be a few opportunities to shorten the binary match program too
(i.e., skip bit arrays that are known to be empty).
Paul
More information about the Strace-devel
mailing list