Pull Request: eBPF-based CPU Cycle Sampling Module#23
Open
Conversation
added vmlinux.h to .gitignore
cleaned unnecesary files from ebpf modules and started work on observers
This commit adds headers and definitions for ebpf sampling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces eBPF-based CPU cycle sampling support to efimon via a new SamplingByPIDObserver class and its underlying Sampling_by_PID subproject. It replaces the need for ptrace-based instruction sampling with a lower-overhead eBPF approach that attaches to a target process by PID.
Changes
New: SamplingByPIDObserver
Implements the Observer interface using an eBPF perf-event program to sample CPU cycles from a running process by PID.
Collects instruction pointers and decodes them via the AsmClassifier, producing InstructionReadings.
Supports configurable sampling frequency (Hz) and polling interval; the frequency is automatically capped to the kernel's perf_event_max_sample_rate.
Runs a background thread to periodically drain eBPF ring/perf buffers.
New: Sampling_by_PID subproject
Self-contained eBPF subproject providing the BPF program (prog.bpf.c) and the userspace sampler library (sampler_lib.cpp/.hpp).
Integrated into the efimon build via Meson.
New example: sampling-by-pid-testing
Demonstrates attaching SamplingByPIDObserver to a process, querying samples, and printing instruction mix results.
Build system updates
Added optional eBPF module build paths and linked the new subproject.
Updated include install targets for ebpf-modules/sampling-by-pid and ebpf-modules/moduloio-disk headers.
Housekeeping
Added vmlinux.h to .gitignore.
Cleaned stale files from existing eBPF module directories.
Minor fixes in proc observers, process manager, and tool sources.
Testing
A new example binary sampling-by-pid-testing is provided. Run it against any target PID to verify eBPF attach, sample collection, and instruction classification output.
Notes
Requires kernel support for perf_event_open and eBPF (CONFIG_BPF_SYSCALL, CONFIG_PERF_EVENTS). The observer will fail gracefully if the kernel caps or denies the requested sampling rate.
ObserverScope::SYSTEM is not supported; only ObserverScope::PROCESS is valid for this observer