Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ruby x BPF in Action / RubyKaigi 2022

KONDO Uchio
September 09, 2022
Technology
0
120

Ruby x BPF in Action / RubyKaigi 2022

Google Slide version with demo movies working: https://docs.google.com/presentation/d/1z9fGEL2eordrMifVLh7DcHw8M9tfhJVZgTpkTbMfp-k/edit?usp=sharing

KONDO Uchio

September 09, 2022
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.1k
Narrative of Ruby & Rust
udzura
0
140
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.3k
Talk of RBS
udzura
0
310
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
640
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
580
Device access filtering in cgroup v2
udzura
1
670
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
560
生産性を可視化したい! / SUZURI's four keys
udzura
11
5.2k

Other Decks in Technology

See All in Technology
VS CodeでAWSを操作しよう
smt7174
7
1.6k
Algyan イベント振り返り
linyixian
0
210
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
370
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
200
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
150
ServiceNow Knowledge Learning Rise up
manarobot
0
200
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.7k
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
610
DevOpsDays History and my DevOps story
kawaguti
PRO
9
2.4k
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
200

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
175
21k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
It's Worth the Effort
3n
180
27k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Happy Clients
brianwarren
92
6.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
The Cult of Friendly URLs
andyhume
74
5.7k
Practical Orchestrator
shlominoach
182
9.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
42k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
The Cost Of JavaScript in 2023
addyosmani
16
3.8k

Transcript

  1. Ruby x BPF in Action Uchio Kondo from Mirrativ, Inc.

    @ RubyKaigi 2022.09.09

  2. Uchio Kondo Infra & Streaming team @ Mirrativ, Inc Speaker

    @ RubyKaigi 2016, 2018, 2019, 2021 “Hacker” Supporter @ Engineer’s Café Fukuoka Ruby & Rust enthuasist, Linux freak Live in Fukuoka

  3. (After all,) What can BPF do? §1

  4. e.g. Visualize “SYN queue” From cloudflare’s blog “SYN packet handling

    in the wild”: https://blog.cloudflare.com/syn-packet-handling-in-the-wild/

  5. 2 servers in different config • Same server (WEBRick 1.7.0,

    ruby 3.1.2) ◦ • Same bench parameter: ◦ • Different value of net.core.somaxconn ◦ 4,096 vs 500, how this makes effect?

  6. Compare results somaxconn = 500 somaxconn = 4096

  7. Tool to Visualize “SYN queue”

  8. C to Visualize “SYN queue”

  9. Let’s watch queue satuation somaxconn = 500 somaxconn = 4096

  10. demo

  11. Now, you’ve completely understood BPF! …OK. Let me keep going.

  12. Quick Introduction to BPF §2

  13. Big picture first https://whimsical.com/bpf-ABAvCvJFLcSie2ML9ee2fn

  14. #1 History

  15. #1 History https://www.tcpdump.org/papers/bpf-usenix93.pdf

  16. #1 History https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commi t/?id=bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8

  17. #2 How it works

  18. #2 How it works ref. https://speakerdeck.com/chikuwait/learn-ebpf?slide=17 by Yuki Nakata, 2020

    emoji from https://github.com/twitter/twemoji/tree/master/assets (*) Very simplified Scripting Bytecode BPF VM BPF Map User Interface Collectiong Kernel Data… … or perf buffer, etc. The Userland The Kingdom of Kernel

  19. #2 How it works BTF requires: Kernel version >= 5.6

    && CONFIG_DEBUG_INFO_BTF should be enabled

  20. #3 Comparison

  21. #3 Comparison

  22. #3 Comparison

  23. #4 (Expanding) Use cases…

  24. #4 (Expanding) Use cases… • BPF-based network & security for

    containers • the de facto Kubernetes threat detection engine using BPF

  25. #4 (Expanding) Use cases… rbperf (https://github.com/javierhonduco/rbperf) by Jabier H. Coto

    with

  26. RbBCC and BPF: Observe Everything §3

  27. What is RbBCC? • A: BCC for Ruby (libbcc FFI

    binding for Ruby) • WHAT is BCC? ◦ BPF Compiler Collection: ◦ An SDK to make BPF tools, using Script Languages (Python/Lua supported officially) ◦ But - Ruby is not in its support list, so I’m developping I’m going to show How to use – How to write BPF Ruby codes.

  28. RbBCC’s “4 Keys”

  29. #1 kprobe • kprobe - (mainly) function trace in Linux

    Kernel • e.g. __ARCH_sys_execve() ◦ The substantial function called when execve(2) is invoked

  30. Example RbBCC Program:

  31. Example RbBCC Program: C Part: tracing function run inside kernel

  32. Example RbBCC Program: Ruby Part: Load the C part above

    and Get feedback and data from BPF program inside kernel

  33. demo

  34. #1 kprobe • ex.2 tcp_v4_conn_request (the first demo)

  35. Trace the connect • Also has 2 parts: ◦ BPF

    DSL in C ◦ Load program & handle data in Ruby

  36. Return to first demo

  37. #2 tracepoint (for kernel) • Different stuff from Ruby’s TracePoint

    class • A static entrypoint to trace kernel events • It won’t change in the future version of Linux ◦ kprobe traces an exported symbol of kernel, so it should be changed and maybe unstable.

  38. #2 tracepoint (for kernel) • Tracing syscall invocations: • raw_syscalls/sys_enter

    • raw_syscalls/sys_exit

  39. tracepoint demo • Example output (compared with strace -w):

  40. • Example: tracing WEBrick (again): ◦ ruby: ◦ ab: •

    Tracing command: ◦ ruby: ◦ strace: FYI: Performance sideeffect

  41. FYI: Performance sideeffect w/ RbBCC w/ strace

  42. #3 uprobe • uprobe: A mechanism to attach to user

    space function calls

  43. #3 uprobe • Using uprobe (and USDT afterwards) with ease,

    build a special Ruby binary with a specific option:

  44. #3 uprobe • Tracing rb_str_new(const char *ptr, long len)

  45. #3 uprobe • Tracing rb_str_new(const char *ptr, long len)

  46. #3 uprobe • Collecting rb_str_new()’s: (function return timestamp - function

    entry timestamp) • This represents the latency of a function call • function entry = uprobe, function return = uretprobe

  47. #3 uprobe • Example of rb_str_new()’s latency histogram: ruby -e

    ‘p “Hello”’ ruby --disable gems -e ‘p “Hello”’

  48. #4 USDT • USDT: Userspace Statically Defined Tracepoint ◦ Probe

    points that an author of a program embedded in advance ◦ cf. uprobe traces real function call dynamically • USDT for uprobe is just as Tracepoint for kprobe Dynamic Static Kernel space kprobe tracepount User space uprobe USDT

  49. #4 USDT • Ruby’s USDT (first for DTrace, but available

    via BPF in Linux) Japanese article: https://magazine.rubyist.net/articles/0041/0041-200Special-dtrace.html https://rubyreferences.github.io/rubyref/advanced/dtrace.html

  50. #4 USDT • Example: USDTs about GC: ◦ usdt:./bin/ruby:ruby:gc__mark__begin ◦

    usdt:./bin/ruby:ruby:gc__mark__end ◦ usdt:./bin/ruby:ruby:gc__sweep__begin ◦ usdt:./bin/ruby:ruby:gc__sweep__end • They can be used to trace GC latency: ◦ (mark_end_time - mark_begin_time)

  51. #4 USDT • Example: Real-time tracing of RSS, GC mark

    and sweep statics ◦ Plumping up the Sinatra app process and visualize

  52. USDT demo • RSS pumped up and mark proc. took

    more time

  53. Summary: • BPF Observability has 4 keys of tracing source:

    • RbBCC can access all of four. Just use Ruby (and small C). • Use Ruby to trace Ruby. Dynamic Static Kernel space kprobe tracepount User space uprobe USDT

  54. Observability in Action: Improve Gem’s Performance §4

  55. Real World Tuning • Well-Done Speedup Contest in RubyKaigi •

    Theme: JSON parser Ruston ◦ mainly implemented by … Rust. (it’s native gem) ◦ Somewhat slow compared to de-facto json.rb

  56. JSON vs Ruston (naive ver.)

  57. JSON vs Ruston (naive ver.)

  58. So, First command is…?

  59. run perf • perf is useful to grasp the overall

    bottleneck • json’s flamegraph

  60. run perf • ruston’s flamegraph • from_iter of Vec<T> •

    realloc ◦ in vec’s grow

  61. Let’s start tracing by BPF • tracing focused function: malloc/free

    for this time (*) N is limited to 10,000 in solo measurement

  62. Use “uprobe” of Rust • tracing focused function: malloc/free for

    this time

  63. Measure first, Then let’s refine codes!

  64. Point 1: Reduce iter()/String • Reduce iterator methods on Lex#peek()

    ◦ peek() is called many times on lexing process…

  65. Point 1: Reduce iter()/String • This leads to reduce the

    usage of String ◦ Use &[u8] instead

  66. Point 1: Reduce iter()/String • Then measure! malloc calloc free

    Ruston Before 750197 22 753491 Ruston After 110197 22 113596 cf. C JSON 20206 10022 34142 (*) N = 10,000

  67. Point 2: Reduce realloc • On longer case:

  68. Point 2: Reduce realloc • Implement realloc tracer

  69. Point 2: Reduce realloc • Try to reduce realloc to

    allocate in advance ◦ Specify capacity via Vec::with_capacity()

  70. Point 2: Reduce realloc • Measure! … The effect seems

    limited. - To be continued - realloc elapsed(s) longer case Ruston w/o vec capacity 90002 0.080172 Ruston w/ vec capacity 40002 0.071188 cf. C JSON 2 0.052459

  71. The result #2 • Comparison before / after all; for

    case N = 50,000 user system total Ruston Before 0.277292 0.000000 0.277292 Ruston After All 0.051765 0.000000 0.051765 cf. C JSON 0.054263 0.000000 0.054263

  72. Lessons learned • Existing tools are useful (e.g. perf, strace,

    gdb…) • To grasp detailed bottleneck, making simple BPF tool is effective. • uprobe is an entrypoint to x-ray native programs’ performance e.g. C, C++ and Rust (also … Zig?) • Just keep them in mind: measure, reproduce, measure.

  73. Conclusion §5

  74. BPF for Observability Gives Strong Power to us

  75. Observability is Hard, but… Using Ruby, It’s Just a Fun

    Programming

  76. Observability is Your Best Friend!!

  77. Enjoy and Measure it!

  78. Acknolegements: • The Book “Linux Observability with BPF” ◦ by

    David Calavera, Lorenzo Fontana ◦ https://www.oreilly.com/library/view/linux-observability-wit h/9781492050193/ • Brendan Gregg for his superb articles: ◦ https://www.brendangregg.com/bpf-performance-tools-b ook.html • Masashi Misono for his Japanese introduction to BPF ◦ https://atmarkit.itmedia.co.jp/ait/articles/2004/09/news006 .html

  79. Acknolegements: • RbBCC received Ruby Association Grant in 2019 ◦

    report: https://www.ruby.or.jp/ja/news/20200508 ◦ Maintored by Koichi “ko1” Sasada (Cookpad, Inc.) ◦ Given some advices from Ryosuke Matsumoto (Sakura Internet), Takao Shimayoshi and Yoshiaki Kasahara (Kyushu Univ.)

  80. Environment of this slide: • Ruby: ◦ 3.1.2 with dtrace

    enabled • Linux: ◦ CPU: aarch64 ◦ Ubuntu 20.04.1 with kernel 5.8.0-63-generic • Other libraries and softwares: ◦ BCC(libbcc): 0.18.0 built with LLVM 9 ◦ strace: 5.5 (from package manager) ◦ perf: 5.8.18 (from package manager) • Code Examples