Need help with weaver?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

grantseltzer
208 Stars 12 Forks Mozilla Public License 2.0 134 Commits 18 Opened issues

Description

Trace Go program execution with uprobes and eBPF

Services available

!
?

Need anything else?

Contributors list

# 97,844
ebpf
golang
Common ...
Bash
99 commits
# 171,114
Shell
C
Reverse...
ebpf
10 commits

Weaver

PLEASE READ! - I am currently refactoring Weaver to use libbpf instead of bcc which would include various other major improvements. If you're currently using weaver please be aware that features/bug fixes are being held off until the major refactor occurs. This will be tracked in the branch "refactor"

gopher

Weaver is a CLI tool that allows you to trace Go programs in order to inspect what values are passed to specified functions. It leverages eBPF attached to uprobes.

Go Report Card

Quick Start

There are two modes of operation, one that uses a 'functions file', and one that extracts a symbol table from a passed binary and filters by Go packages. More information on functionality in docs.

Functions file

Take the following example program:

test_prog.go ```go package main

//go:noinline func test_function(int, [2]int) {}

//go:noinline func othertestfunction(rune, int64) {}

func main() { testfunction(3, [2]int{1, 2}) othertest_function('a', 33) } ```

Let's say we want to know what values are passed to

test_function
and
other_test_function
whenever the program is run. Once the program is compiled (
make
) we just have to create a file which specifies each function to trace:

functionstotrace.txt

main.test_function(int, [2]int)
main.other_test_function(rune, int64)

Notice that we have to specify the parameter data types. (You can use

weaver --types
to see what data types are supported.)

Now we can call

weaver
like so:
sudo weaver -f /path/to/functions_to_trace.txt /path/to/test-prog-binary

Weaver will then sit idle without any output until

test-prog
is run and the
test_function
and
other_test_function
functions are called. This will also work on an already running Go Program.
{"functionName":"main.other_test_function","args":[{"type":"RUNE","value":"a"},{"type":"INT64","value":"33"}],"procInfo":{"pid":43300,"ppid":42754,"comm":"test-prog-binar"}}
{"functionName":"main.test_function","args":[{"type":"INT","value":"3"},{"type":"INT_ARRAY","value":"1, 2"}],"procInfo":{"pid":43300,"ppid":42754,"comm":"test-prog-binar"}}

Package mode

For the same example Go program as above, you can choose to not specify a functions file. The command would like like this:

sudo weaver /path/to/test-prog-binary

This will default to only tracing functions in the

main
package, however you can use the
--packages
flag to specify a comma seperated list of packages (typially of the form
github.com/x/y
)

Output does include argument vlaues in this mode.

{"functionName":"main.main","procInfo":{"pid":44411,"ppid":42754,"comm":"test-prog-binar"}}
{"functionName":"main.test_function","procInfo":{"pid":44411,"ppid":42754,"comm":"test-prog-binar"}}

Note on supported types

Currently weaver supports basic data types but getting support for user defined types is a high priority. Getting following types defined are a work in progress:

  • user/stdlib defined structs
  • user/stdlib defined interfaces

System Dependencies

  • bcc / bcc-devel
  • linux kernel version > 4.14 (please make bug reports if your kernel version doesn't work)

Build

make
will compile the weaver binary to
bin/weaver
(It also creates the smoke test binary and print-stack utility)

Can't build? Please make an issue!

Roadmap

Check issues for tasks currently being tracked. Please open bug reports, i'm sure there are plenty :-)

Short term goals include:

  • Testing
  • Output options
  • Inspecting binaries for parameter data types instead of specifying them with a functions file
  • CI/CD infrastructre

image modified version of art by Ashley McNamara (license) based on art by Renee French.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.