Bpftrace fixes for s390x

[sumanthkorikkar]

The patch series provides register support for s390x. This also solves various issues that can occur in big-endian architectures.

1. bpftrace: Add s390x register support
2. bpftrace: Fix sarg support for s390x and other architectures
3. bpftrace: Fix type conversion in printf() builtin
4. bpftrace: Fix histogram output & stat output for big-endian systems
5. bpftrace: Add architecture specific testcase support
6. bpftrace: Introduce htonl, htons, ntohl, ntohs functions
7. bpftrace: Fix ntop builtin function
8. bpftrace: Fix variable assignment of 32 bit integers

[sumanthkorikkar]

Please review and request to merge into master.

Thank you.

[sumanthkorikkar]

Hello @fbs , @brendangregg @yonghong-song,

The last commit Fix variable assignment of 32 bit integers causes failure in tools-parsing-test.sh.

Other commits passes the tests.

Few questions:

1. Shall I again create a pull requests without the last commit?.
2. Or should I create a pull request per commit, so that it can be reviewed individually?

Any suggestions would be great. Thank you.

Best Regards
Sumanth

[danobi]

Hi @sumanthkorikkar , thanks for the PR. I'm skimming it and it seems reasonable (will look more closely next on monday) .

Shall I again create a pull requests without the last commit?.

It looks like it's hitting some kind of assertion. Do you think you can figure out what's going on?

If you wanna do partial merges of s390x support we can also go with a build flag that's off by default and fix the abort in another PR.

Or should I create a pull request per commit, so that it can be reviewed individually?

Usually we do it all in one PR, especially if the commits depend on each other. But see above if you wanna get most of the code in first so you don't have to keep fixing merge conflicts.

Other stuff:

• can you look at the clang-format build job failures and apply the suggestions there?
• might be a good time to decide what direction we wanna take static binaries. See inline comment

[sumanthkorikkar]

Hi @danobi

Hi @sumanthkorikkar , thanks for the PR. I'm skimming it and it seems reasonable (will look more closely next on monday) .

Ok. thank you.

Shall I again create a pull requests without the last commit?.

It looks like it's hitting some kind of assertion. Do you think you can figure out what's going on?

Sure. I will give it a try.

If you wanna do partial merges of s390x support we can also go with a build flag that's off by default and fix the abort in another PR.

Ok. I will separate s390 support and I will fix the abort in another PR

Or should I create a pull request per commit, so that it can be reviewed individually?

Usually we do it all in one PR, especially if the commits depend on each other. But see above if you wanna get most of the code in first so you don't have to keep fixing merge conflicts.

Other stuff:

• can you look at the clang-format build job failures and apply the suggestions there?

Ok. Sure I will conform it to clang-format and send. Thanks

• might be a good time to decide what direction we wanna take static binaries. See inline comment

Ok.

[fbs]

Thanks for working on this! :)

Haven't look closely either yet, but just some remarks:

---

As for the helpers. Having both a 'short/i16' and 'long/i32' versions is a bit different from the way most helpers currently work, which usually look at the input argument and derive stuff from it. Instead of having 4 helpers, cant we have one that just flips the byte order? Looking at the change that seems possible to do.

We're not 1.0 yet, but I'd rather not add any helpers that we don't need. If a good use case pops up we can always add more helpers (calls).

---

Re the current compiler issue:

bpftrace is not as strict with LLVM typing as LLVM wants us to be. While it "mostly works" you can run into weird issues like the crashes you're seeing now. A simple way to test that is running bpftrace -dd if it shows the before opt code but crashes during optimization it is likely a typing issue.

In this case it is caused by:

    $dport = $sk->__sk_common.skc_dport;
    $dport = ntohs($dport);

Which compiles down to

  %"$dport" = alloca i16
...
  %100 = load i16, i16* %"struct sock_common.skc_dport"
...
  %111 = or i16 %108, %110
  %112 = zext i16 %111 to i64
  store i64 %112, i16* %"$dport"

Doing a i64 store in a i16* causes the issue in this case. As a fix:

]$ diff /vagrant/tools/tcpconnect.bt tcpconnect.bt
46c46
<     $dport = $sk->__sk_common.skc_dport;
---
>     $dport = (uint64) $sk->__sk_common.skc_dport;

Lately I've been fixing most of these (e.g #1189) with #1231 and #1194 still open but there probably still are some left.

In this case the issue is mostly with the semantic analyser however. Your newly added functions have call.type set to i64 which appearently doesn't get checked properly during variable assignment as it only appears to check the type:

1481:  else if (search->second.type != assignment.expr->type.type) {

I want to start working on improving on this (#878) once the current codegen issues are fixed but that will take a while.

For now it will probably work if you make the return type of your new helpers match the input type, instead of casting it to i64.

---

Can you add codegen tests for the new helpers (after we've decided what to do with them, see fisrt part of comment).

---

What are your thoughts about testing this and making sure it keeps working? Are there any CI platforms that do s390. At least being able to do semi-regular (daily, weekly) builds would be a huge help.

[fbs]

As for splitting up, I having the first 4 or 5 commits going in first would be easier.

[sumanthkorikkar]

Hi @fbs,

Thanks for reviewing.

Thanks for working on this! :)

Haven't look closely either yet, but just some remarks:

As for the helpers. Having both a 'short/i16' and 'long/i32' versions is a bit different from the way most helpers currently work, which usually look at the input argument and derive stuff from it. Instead of having 4 helpers, cant we have one that just flips the byte order? Looking at the change that seems possible to do.

something like bswap() instead of hton*(). ?. Based on input type, Let me try that.
For user readability, I added these functions.

We're not 1.0 yet, but I'd rather not add any helpers that we don't need. If a good use case pops up we can always add more helpers (calls).

Re the current compiler issue:

bpftrace is not as strict with LLVM typing as LLVM wants us to be. While it "mostly works" you can run into weird issues like the crashes you're seeing now. A simple way to test that is running bpftrace -dd if it shows the before opt code but crashes during optimization it is likely a typing issue.

In this case it is caused by:

    $dport = $sk->__sk_common.skc_dport;
    $dport = ntohs($dport);

Which compiles down to

  %"$dport" = alloca i16
...
  %100 = load i16, i16* %"struct sock_common.skc_dport"
...
  %111 = or i16 %108, %110
  %112 = zext i16 %111 to i64
  store i64 %112, i16* %"$dport"

Doing a i64 store in a i16* causes the issue in this case. As a fix:

]$ diff /vagrant/tools/tcpconnect.bt tcpconnect.bt
46c46
<     $dport = $sk->__sk_common.skc_dport;
---
>     $dport = (uint64) $sk->__sk_common.skc_dport;

Ok. Thanks for mentioning this.

Lately I've been fixing most of these (e.g #1189) with #1231 and #1194 still open but there probably still are some left.

In this case the issue is mostly with the semantic analyser however. Your newly added functions have call.type set to i64 which appearently doesn't get checked properly during variable assignment as it only appears to check the type:

1481:  else if (search->second.type != assignment.expr->type.type) {

I want to start working on improving on this (#878) once the current codegen issues are fixed but that will take a while.

For now it will probably work if you make the return type of your new helpers match the input type, instead of casting it to i64.

Ok. I will check.

Can you add codegen tests for the new helpers (after we've decided what to do with them, see fisrt part of comment).

I will add this. But this is specific to little endian. [ llvm/*] datalayout is different for big endian. I will think about this and see how we improve codegen tests for both arch.

What are your thoughts about testing this and making sure it keeps working? Are there any CI platforms that do s390. At least being able to do semi-regular (daily, weekly) builds would be a huge help.

Ok. I need to check with my colleagues, if there is CI platforms for s390.

Thank you

[sumanthkorikkar]

Hi @fbs,

What are your thoughts about testing this and making sure it keeps working? Are there any CI platforms that do s390. At least being able to do semi-regular (daily, weekly) builds would be a huge help.

I have added bpftrace runtime-tests to our internal CI environment as of now. So, we run daily builds and runtime-tests.

[sumanthkorikkar]

Hi @fbs, @danobi

Made changes to initial 5 commits. Other commits related to hton* and later will be done in another PR. Request to merge this into master, if it is good. Thank you.

[danobi]

I can't seem to find where in the spec LE and BE are different for stack frame setup. Can you point me to it?

[sumanthkorikkar]

Powerpc64, little endian, See Power Architecture 64-Bit ELF V2 ABI Specification
https://members.openpowerfoundation.org/document/dl/576

• See parameter save area
  • When the caller allocates the Parameter Save Area, it will always be automatically quadword aligned because it must always start at SP + 32. It shall be at least 8 doublewords in length. If a function needs to pass more than 8 doublewords of arguments, the Parameter Save Area shall be large enough to spill all register-based parameters and to contain the arguments that the caller stores in it.

[danobi]

Hm I'm a little confused. Seems like the ABI changed starting at power ISA 2.07B. So why is only LE using the new ABI?

Won't block this PR on these questions. Realizing the sarg issue is a big win already.

[danobi]

I have added bpftrace runtime-tests to our internal CI environment as of now. So, we run daily builds and runtime-tests.

Sounds good. If you can find a way to set it up in the open source CI it would help us prevent future breakages at merge time. Not sure if it would be less work on the long run (depends on how much of our stuff implicitly depends on endianness, I guess).

[sumanthkorikkar]

I have added bpftrace runtime-tests to our internal CI environment as of now. So, we run daily builds and runtime-tests.

Sounds good. If you can find a way to set it up in the open source CI it would help us prevent future breakages at merge time. Not sure if it would be less work on the long run (depends on how much of our stuff implicitly depends on endianness, I guess).

Hi @danobi , @fbs

yes. that would be great for community. One of my colleague, referred me to this, So it should be possible.
https://blog.travis-ci.com/2019-11-12-multi-cpu-architecture-ibm-power-ibm-z

I can try this. But I would need some input from you people about the requirements - (os requirements, services, scripts) to run this.?

• Some docker scripts, travis yaml file which are currently used to run bpftrace
• The following seems to use LXD container instead of docker and verify if we can run bpftrace as root.

Ok. I will have a look at build scripts which are available here. Thanks

[danobi]

But I would need some input from you people about the requirements - (os requirements, services, scripts) to run this.?

I don't know if we have any hard requirements other than it functioning as expected. I don't think any of us are too picky on how tests get run, just that they run somehow. We have github actions and travis ci at our disposal.

The following seems to use LXD container instead of docker and verify if we can run bpftrace as root.

This seems like a pain. We also have github actions set up. I looked around and I found this: https://github.com/marketplace/actions/run-on-architecture . Looks much easier to get set up than lxd. Seems like it's powered by https://github.com/multiarch/qemu-user-static which looks quite powerful.

[fbs]

Looks mostly good to me. I'm not that sure about "bpftrace: Fix type conversion in printf() builtin". Using cast_type probably works ok in most cases but because structs are casts and casts are casts (obviously) but not all types are 8 bytes. E.g. cpid is 4bytes.

I think that the better way to fix this is to get rid of that resize the semantic analyser does and instead make sure everything is properly stored. Which is what I want to do with #1231.

I think the best we can do is to accept for now and revert it later (e.g. in #1231).

[sumanthkorikkar]

But I would need some input from you people about the requirements - (os requirements, services, scripts) to run this.?

I don't know if we have any hard requirements other than it functioning as expected. I don't think any of us are too picky on how tests get run, just that they run somehow. We have github actions and travis ci at our disposal.

The following seems to use LXD container instead of docker and verify if we can run bpftrace as root.

This seems like a pain. We also have github actions set up. I looked around and I found this: https://github.com/marketplace/actions/run-on-architecture . Looks much easier to get set up than lxd. Seems like it's powered by https://github.com/multiarch/qemu-user-static which looks quite powerful.

Hi @danobi,

My findings:

1. I gave qemu-user-static a try. I tried running bpftrace command, s390x/fedora with priviliged mode docker run.

• Run docker run -t -v /usr/src:/usr/src:ro -v /lib/modules/:/lib/modules:ro -v /sys/kernel/debug/:/sys/kernel/debug:rw --net=host --pid=host --privileged -t test-demo
• Dockerfile contains setup to run sys_open_read() probe
• Starting the script:
  Error creating printf map: Function not implemented
  Creation of the required BPF maps has failed.
  Make sure you have all the required permissions and are not confined (e.g. like
  snapcraft does). dmesg will likely have useful output for further troubleshooting
  ##[error]Process completed with exit code 1.
• Compilation is quite slow and may timeout when running runtime tests.

-Related issue : multiarch/qemu-user-static#17. Tried this, but same error message.

2. However the same works without qemu-user-static for x86

3. Using lxd containers may not be the option, as this does not provide access to /sys/kernel/debug:rw, which bpftrace needs

4. Should discuss about other options with the team. But this may need some time.

[sumanthkorikkar]

Looks mostly good to me. I'm not that sure about "bpftrace: Fix type conversion in printf() builtin". Using cast_type probably works ok in most cases but because structs are casts and casts are casts (obviously) but not all types are 8 bytes. E.g. cpid is 4bytes.

I think that the better way to fix this is to get rid of that resize the semantic analyser does and instead make sure everything is properly stored. Which is what I want to do with #1231.

I think the best we can do is to accept for now and revert it later (e.g. in #1231).

Ok. Thanks

[danobi]

We can keep the CI conversation going in parallel. I think this is good to merge. I'll merge tomorrow if there aren't any new comments.

[fbs]

+1. Lets get the 0.10 release out first and merge it first thing after