proctrace#

This is a WIP rewrite of a previous iteration of proctrace.

Differences:

• Written in Zig instead of Rust.
• Builds and uses a custom eBPF program rather than parsing the output of a custom bpftrace script.

About#

proctrace is a high level profiler for process lifecycle events such as fork, exec, setpgid, and setsid.

This was created as a debugging tool for work on Flox.

macOS support isn't planned due to a hardware bug that causes macOS to hang if DTrace is run if machine has gone to sleep since boot. See this thread for details.

Progress#

This is a work in progress, but here's a list of what's complete and what's planned:

• Build at all
• [BPF] Report syscall entry events
• [BPF] Report syscall exit events
• [BPF] Report diagnostics
• [Userspace] Collect events
• [Userspace] Collect errors and diagnostics
• [Userspace] Construct the process tree
• [Userspace] Report the process tree as JSON
• [Userspace] Report the process tree in Perfetto Protobuf format

If you'd like to pitch in, see the dev docs.

License#

Licensed under GPLv3.