commit | f410f490c7b684609546e168a4e241fed33171b5 | [log] [tgz] |
---|---|---|
author | Svilen Kanev <skanev@google.com> | Wed Nov 03 11:05:48 2021 -0700 |
committer | GitHub <noreply@github.com> | Wed Nov 03 11:05:48 2021 -0700 |
tree | 58d8dfe1067e86b2ede52b022f23e80d138ffc05 | |
parent | 5d978cc81daf3bea01cc0009901b2419f5ef28d6 [diff] |
Extend GetBase heuristics for PIE kernels. (#660) We are seeing kernels on Aarch64 with ET_DYN Elf headers. Extend the current ET_EXEC heuristics to handle ET_DYN as well. Add tests for these exemplars. Empirical example PIE: Header: ET_DYN ProgHeader: &{Off: 0x10000 Vaddr: 0xffff000010080000 Align: 0x10000} 103424: ffff000010080000 0 NOTYPE GLOBAL DEFAULT 1 _text PERF_RECORD_MMAP -1/0: [0xffff000010080000(0xffffeff7ffff) @ 0xffff000010080000]: x [kernel.kallsyms]_text Empirical example ASLR: Header: ET_DYN ProgHeader: &{Off: 0x10800 Vaddr: ffffffc010080800 Align: 0x10000} 98865: ffffffc010080800 0 NOTYPE GLOBAL DEFAULT 2 _stext PERF_RECORD_MMAP -1/0: [0xffffffdb5d680800(0xb7f800) @ 0xffffffdb5d680800]: x [kernel.kallsyms]_stext Empirical example remapped ChromeOS: Header: ET_DYN ProgHeader: &{Off: 0x10800 Vaddr: ffffff8008080800 Align: 0x10000} 149888: ffffff8008080800 0 NOTYPE GLOBAL DEFAULT 2 _stext mapping start: 0x800 lenght: 0xb7f800 offset: 0
pprof is a tool for visualization and analysis of profiling data.
pprof reads a collection of profiling samples in profile.proto format and generates reports to visualize and help analyze the data. It can generate both text and graphical reports (through the use of the dot visualization package).
profile.proto is a protocol buffer that describes a set of callstacks and symbolization information. A common usage is to represent a set of sampled callstacks from statistical profiling. The format is described on the proto/profile.proto file. For details on protocol buffers, see https://developers.google.com/protocol-buffers
Profiles can be read from a local file, or over http. Multiple profiles of the same type can be aggregated or compared.
If the profile samples contain machine addresses, pprof can symbolize them through the use of the native binutils tools (addr2line and nm).
This is not an official Google product.
Prerequisites:
Go development kit of a supported version. Follow these instructions to install the go tool and set up GOPATH.
Graphviz: http://www.graphviz.org/ Optional, used to generate graphic visualizations of profiles
To build and install it, use the go get
tool.
go get -u github.com/google/pprof
Remember to set GOPATH to the directory where you want pprof to be installed. The binary will be in $GOPATH/bin
and the sources under $GOPATH/src/github.com/google/pprof
.
pprof can read a profile from a file or directly from a server via http. Specify the profile input(s) in the command line, and use options to indicate how to format the report.
% pprof -top [main_binary] profile.pb.gz Where main_binary: Local path to the main program binary, to enable symbolization profile.pb.gz: Local path to the profile in a compressed protobuf, or URL to the http service that serves a profile.
pprof -web [main_binary] profile.pb.gz
If no output formatting option is specified, pprof runs on interactive mode, where reads the profile and accepts interactive commands for visualization and refinement of the profile.
pprof [main_binary] profile.pb.gz This will open a simple shell that takes pprof commands to generate reports. Type 'help' for available commands/options.
If the -http
flag is specified, pprof starts a web server at the specified host:port that provides an interactive web-based interface to pprof. Host is optional, and is “localhost” by default. Port is optional, and is a random available port by default. -http=":"
starts a server locally at a random port.
pprof -http=[host]:[port] [main_binary] profile.pb.gz
The preceding command should automatically open your web browser at the right page; if not, you can manually visit the specified port in your web browser.
pprof can read perf.data
files generated by the Linux perf tool by using the perf_to_profile
program from the perf_data_converter package.
To view disassembly of profiles collected from Go programs compiled as Windows executables, the executable must be built with go build -buildmode=exe
. LLVM or GCC must be installed, so required tools like addr2line
and nm
are available to pprof
.
See doc/README.md for more detailed end-user documentation.
See CONTRIBUTING.md for contribution documentation.
See proto/README.md for a description of the profile.proto format.