sonde 0.1.2

A library to compile USDT probes into a Rust library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

<h1 align="center">
  <img src="./image/logo.jpg" width="300px" /><br />
  sonde
</h1>

[![crates.io](https://img.shields.io/crates/v/sonde)](https://crates.io/crates/sonde)
[![documentation](https://img.shields.io/badge/doc-sonde-green)](https://docs.rs/sonde)

`sonde` is a library to compile USDT probes into a Rust library, and
to generate a friendly Rust idiomatic API around it.

[Userland Statically Defined Tracing][usdt] probes (USDT for short) is
a technique inherited from [DTrace] (see [OpenDtrace] to learn
more). It allows user to define statically tracing probes in their own
application; while they are traditionally declared in the kernel.

USDT probes can be naturally consumed with DTrace, but also with
[eBPF] (`bcc`, `bpftrace`…).

## Lightweight probes by design

USDT probes for libraries and executables are defined in an ELF
section in the corresponding application binary. A probe is translated
into a `nop` instruction, and its metadata are stored in the ELF's
`.note.stapstd` section. When registering a probe, USDT tool (like
`dtrace`, `bcc`, `bpftrace` etc.) will read the ELF section, and
instrument the instruction from `nop` to `breakpoint`, and after that,
the attached tracing event is run. After deregistering the probe, USDT
will restore the `nop` instruction from `breakpoint`.

The overhead of using USDT probes is almost zero when no tool is
listening the probes, otherwise a tiny overhead can be noticed.

## The workflow

Everything is automated. `dtrace` must be present on the system at
compile-time though. Let's imagine the following `sonde-test`
fictitious project:

```
/sonde-test
├── src
│  ├── main.rs
├── build.rs
├── Cargo.toml
├── provider.d
```

Start with the obvious thing: let's add the following lines to the
`Cargo.toml` file:

```toml
[build-dependencies]
sonde = "0.1"
```

Now, let's see what is in the `provider.d` file. It's _not_ a `sonde`
specific vendor format, it's the canonical way to declare USDT probes
(see [Scripting][scripting])!

```d
provider hello {
    probe world(); 
    probe you(char*, int);
};
```

It describes a probe provider, `hello`, with two probes:

1. `world`,
2. `you` with 2 arguments: `char*` and `int`.

Be careful, D types aren't the same as C types, even if they look like
the same.

At this step, one needs to play with `dtrace -s` to compile the probes
into systemtrap headers or an object file, but forget about that,
`sonde` got you covered. Let's see what's in the `build.rs` script:

```rust
fn main() {
    sonde::Builder::new()
        .file("./provider.d")
        .compile();
}
```

That's all. That's the minimum one needs to write to make it
work.

Ultimately, we want to fire this probe from our code. Let's see what's
inside `src/main.rs` then:

```rust
// Include the friendly Rust idiomatic API automatically generated by
// `sonde`, inside a dedicated module, e.g. `tracing`.
mod tracing {
    include!(env!("SONDE_RUST_API_FILE"));
}

fn main() {
    tracing::hello::world();

    println!("Hello, World!");
}
```

What can we see here? The `tracing` module contains a `hello` module,
corresponding to the `hello` provider. And this module contains a
`world` function, corresponding to the `world` probe. Nice!

<details>
<summary>See what's contained by the file pointed by <code>SONDE_RUST_API_FILE</code>:</summary>

```rust
/// Bindings from Rust to the C FFI small library that calls the
/// probes.

use std::os::raw::*;

extern "C" {
    #[doc(hidden)]
    fn hello_probe_world();

    #[doc(hidden)]
    fn hello_probe_you(arg0: *mut c_char, arg1: c_int);
}

/// Probes for the `hello` provider.
pub mod r#hello {
    use std::os::raw::*;

    /// Call the `world` probe of the `hello` provider.
    pub fn r#world() {
        unsafe { super::hello_probe_world() };
    }

    /// Call the `you` probe of the `hello` provider.
    pub fn r#you(arg0: *mut c_char, arg1: c_int) {
        unsafe { super::hello_probe_you(arg0, arg1) };
    }
}
```

</details>

Let's see it in action:

```sh
$ cargo build --release
$ sudo dtrace -l -c ./target/release/sonde-test | rg sonde-test
123456 hello98765 sonde-test hello_probe_world world
```

Neat! Our `sonde-test` binary contains a `world` probe from the
`hello` provider!

```sh
$ # Let's execute `sonde-test` as usual.
$ ./target/release/sonde-test
Hello, World!
$
$ # Now, let's execute it with `dtrace` (or any other tracing tool).
$ # Let's listen the `world` probe and prints `gotcha!` when it's executed.
$ sudo dtrace -n 'hello*:::world { printf("gotcha!\n"); }' -q -c ./target/release/sonde-test
Hello, World!
gotcha!
```

Eh, it works! Let's try with the `you` probe now:

```rust
fn main() {
    {
        let who = std::ffi::CString::new("Gordon").unwrap();
        tracing::hello::you(who.as_ptr() as *mut _, who.as_bytes().len() as _);
    }

    println!("Hello, World!");
}
```

Time to show off:

```sh
$ cargo build --release
$ sudo dtrace -n 'hello*:::you { printf("who=`%s`\n", stringof(copyin(arg0, arg1))); }' -q -c ./target/release/sonde-test
Hello, World!
who=`Gordon`
```

Successfully reading a string from Rust inside a USDT probe!

With `sonde`, you can add as many probes inside your Rust library or
binary as you need by simply editing your canonical `.d` file.

Bonus: `sonde` generates documentation for your probes
automatically. Run `cargo doc --open` to check.

## Possible limitations

### Types

DTrace has its own type system (close to C) (see [Data Types and
Sizes][data-types]). `sonde` tries to map it to the Rust system as
much as possible, but it's possible that some types could not
match. The following types are supported:

| Type Name in D | Type Name in Rust |
|-|-|
| `char` | `std::os::raw::c_char` |
| `short` | `std::os::raw::c_short` |
| `int` | `std::os::raw::c_int` |
| `long` | `std::os::raw::c_long` |
| `long long` | `std::os::raw::c_longlong` |
| `int8_t` | `i8` |
| `int16_t` | `i16` |
| `int32_t` | `i32` |
| `int64_t` | `i64` |
| `intptr_t` | `isize` |
| `uint8_t` | `u8` |
| `uint16_t` | `u16` |
| `uint32_t` | `u32` |
| `uint64_t` | `u64` |
| `uintptr_t` | `usize` |
| `float` | `std::os::raw::c_float` |
| `double` | `std::os::raw::c_double` |
| `T*` | `*mut T` |
| `T**` | `*mut *mut T` (and so on) |

### Parser

The `.d` files are parsed by `sonde`. For the moment, only the
`provider` blocks are parsed, which declare the `probe`s. All the
pragma (`#pragma`) directives are ignored for the moment.

## License

`BSD-3-Clause`, see `LICENSE.md`.


[usdt]: https://illumos.org/books/dtrace/chp-usdt.html
[DTrace]: https://en.wikipedia.org/wiki/DTrace
[OpenDtrace]: https://github.com/opendtrace/opendtrace
[eBPF]: http://www.brendangregg.com/blog/2019-01-01/learn-ebpf-tracing.html
[data-types]: https://illumos.org/books/dtrace/chp-typeopexpr.html#chp-typeopexpr-2
[`std::os::raw`]: https://doc.rust-lang.org/std/os/raw/index.html
[scripting]: https://illumos.org/books/dtrace/chp-script.html#chp-script