Bpftrace

July 11, 2024 - 1 min read

hugo

Bpftrace

While trying to compile bpftrace I faced a lot of difficulties due to poor documentation of the build dependencies for any particular version of the bpftrace application. You pick a version of the bpftrace and then compile it with a certain version of llvm, either it won’t compile due to unmet dependencies not available in the version of ubuntu (22.04) on which I am trying to compile, or it compiles successfully but won’t run due to llvm not being backward compatible.

For example I am getting the following error while trying to run execsnoop:

root@abhi-Latitude-3580:/home/abhi/code/git/bpftrace/build# export PATH=$PATH:$PWD/install/usr/bin/
root@abhi-Latitude-3580:/home/abhi/code/git/bpftrace/build# ../tools/execsnoop.bt
Attaching 3 probes...
ERROR: Error loading program: tracepoint:syscalls:sys_enter_execve (try -v)