Revision as of 20:34, 5 March 2007 by RBot (Bot (Edward's framework))
This is documentation for using KFI.
README.kfi inside the kfi user-space tarfile for a quick overview.
- Description - Theory of operation - callout instrumentation - gcc option - -finstrument_functions - static run vs. dynamic run - initiating and terminating a trace run - reading the data from the trace buffer - trace buffer size issues - tracing overhead issues
- Apply patch found at Kernel Function Instrumentation - configure kernel - decide whether to do a static or dynamic run - edit kfistatic.conf - compile kfi for target - Makefile uses $CROSS_COMPILE to indicate toolchain prefix (same as Linux kernel) - set this in environment variable, and run make - make device node on target - execute the command
mknod /dev/kfi c 10 51on the target
- run kernel - run
kfito collect trace buffer - run post-trace tools to examine data
- run kernel - run
kfito set up a trace - run
kfito read a trace - run post-trace tools to examine data
Using the post-trace analysis tools
- kfiresolve.py - resolves numeric addresses to function names, in a kfiboot log - requires System.map for kernel from which dump was made - kd - kfiboot dump - filters and formats a kfiboot log - finds time spent locally and in sub-functions, to isolate where time is being spent - kt - kfi tree (not finished yet) - generates call tree from kfiboot log, and reports time spent in branches
Configuring a kfi trace
- kfistatic.conf - filters: - start - stop - time threshold (duration) - interrupt - user id (not implemented yet)
- DEV/NONE - system call??? - TIME - time since boot or start of trace - FUNC_ENTRY - function entry - FUNC_EXIT - function exit - LOG_FULL - trace buffer full - multiple trace buffers??
- creating a static run - creating a dynamic run
- trace structures: - trigger structure: - type (one of: DEV, NONE, TIME, ENTRY, EXIT, FULL) - time or func_addr - mark - time at which this trigger occurred - filter structure - min_delta - max_delta - no_ints - only_ints - func_list - list of functions - trace entry structure - va - VA of instrumented function - call_site - where this func was called from - time - function entry time since trigger start time, in usec - delta - delta time from entry to exit, in usec - pid - process ID at time of call - run structure - int triggered; - int complete; - struct kfi_trigger start_trigger; - struct kfi_trigger stop_trigger; - struct kfi_filters filters; - struct kfi_entry* log; - int num_entries; - int next_entry; - int id; - struct kfi_run * next;