Move findCodeHeader to ebpf

Author: GregMefford

interpreter/beam/beam.go

@@ -223,6 +223,8 @@ func (d *beamData) Attach(ebpf interpreter.EbpfHandler, pid libpf.PID, bias libp
 		R:                     uint64(bias) + d.r,
 		The_active_code_index: uint64(bias) + d.the_active_code_index,
 		Ranges_sizeof:         uint8(d.vmStructs.ranges.size_of),
+		Ranges_modules:        uint8(d.vmStructs.ranges.modules),
+		Ranges_n:              uint8(d.vmStructs.ranges.n),
 	}
 	if err := ebpf.UpdateProcData(libpf.BEAM, pid, unsafe.Pointer(&data)); err != nil {
 		return nil, err
@@ -299,14 +301,14 @@ func (i *beamInstance) Symbolize(frame *host.Frame, frames *libpf.Frames) error
 		return interpreter.ErrMismatchInterpreterType
 	}
 	pc := libpf.Address(frame.Lineno)
-	activeRanges := libpf.Address(frame.File)
+	codeHeader := libpf.Address(frame.File)
 
 	// log.Debugf("BEAM symbolizing pc: 0x%x", pc)
 
-	codeHeader, err := i.findCodeHeader(activeRanges, pc)
-	if err != nil {
-		return err
-	}
+	// codeHeader, err := i.findCodeHeader(activeRanges, pc)
+	// if err != nil {
+	// 	return err
+	// }
 
 	functionIndex, moduleID, functionID, arity, err := i.findMFA(pc, codeHeader)
 	if err != nil {

support/ebpf/beam_tracer.ebpf.c

@@ -5,27 +5,68 @@
 // The number of frames to unwind per frame-unwinding eBPF program.
 #define FRAMES_PER_PROGRAM   16
 
+// The max number of loops to unroll when searching for the correct CodeHeader.
+// Should be log base 2 of a reasonable number of modules to binary-search through.
+#define CODE_HEADER_SEARCH_ITERATIONS 16
+
 bpf_map_def SEC("maps") beam_procs = {
   .type = BPF_MAP_TYPE_HASH,
   .key_size = sizeof(pid_t),
   .value_size = sizeof(BEAMProcInfo),
   .max_entries = 256,
 };
 
-static EBPF_INLINE ErrorCode unwind_one_beam_frame(PerCPURecord *record, u64 active_ranges) {
+typedef struct BEAMRangeEntry {
+  u64 start;
+  u64 end;
+} BEAMRangeEntry; 
+
+typedef struct BEAMRangesInfo {
+  u64 modules;
+  u64 n;
+  BEAMRangeEntry first, mid, last;
+} BEAMRangesInfo; 
+
+static EBPF_INLINE ErrorCode unwind_one_beam_frame(PerCPURecord *record, BEAMRangesInfo *ranges) {
   UnwindState *state = &record->state;
   Trace *trace = &record->trace;
-  u64 sp = state->sp, fp = state->fp, pc = state->pc;
+  u64 pc = state->pc;
 
-  DEBUG_PRINT("beam: pc: %llx, sp: %llx, fp: %llx", pc, sp, fp);
+  if (pc < ranges->first.start || pc > ranges->last.end) {
+    return ERR_BEAM_PC_INVALID;
+  }
 
-  bpf_probe_read_user(&state->fp, sizeof(u64), (void*)fp);
-  bpf_probe_read_user(&state->pc, sizeof(u64), (void*)(fp+8));
-  bpf_probe_read_user(&state->sp, sizeof(u64), (void*)(fp+16));
+  u64 low = 0;
+  u64 high = ranges->n;
+  u64 current = low + (high - low) / 2;
 
-  unwinder_mark_nonleaf_frame(state);
+  BEAMRangeEntry current_range;
+  current_range.start = ranges->mid.start;
+  current_range.end = ranges->mid.end;
 
-  _push_with_return_address(trace, active_ranges, pc, FRAME_MARKER_BEAM, state->return_address);
+#pragma unroll
+  for (int i = 0; i < CODE_HEADER_SEARCH_ITERATIONS; i++) {
+    if (pc < current_range.start) {
+      high = current;
+    } else if (pc >= current_range.end) {
+      low = current + 1;
+    } else {
+      // `pc` is in the `current_range` CodeHeader
+      _push_with_return_address(trace, current_range.start, pc, FRAME_MARKER_BEAM, state->return_address);
+      break;
+    }
+
+    current = low + (high - low) / 2;
+    u64 addr = ranges->modules + current * sizeof(BEAMRangeEntry);
+    if (bpf_probe_read_user((void *)&current_range, sizeof(BEAMRangeEntry), (void*)(addr))) {
+      DEBUG_PRINT("beam: Failed to read ranges[%llu]", current);
+      return -1;
+    }
+  }
+
+  u64 fp = state->fp;
+  bpf_probe_read_user(&state->fp, sizeof(u64), (void*)fp);
+  bpf_probe_read_user(&state->pc, sizeof(u64), (void*)(fp+8));
 
   return ERR_OK;
 }
@@ -36,41 +77,76 @@ static EBPF_INLINE ErrorCode unwind_one_beam_frame(PerCPURecord *record, u64 act
 static EBPF_INLINE int unwind_beam(struct pt_regs *ctx) {
   PerCPURecord *record = get_per_cpu_record();
   if (!record) {
+    DEBUG_PRINT("beam: no PerCPURecord found");
     return -1;
   }
 
   Trace *trace = &record->trace;
   u32 pid = trace->pid;
 
-  DEBUG_PRINT("==== unwind_beam %d ====", trace->stack_len);
-
-  int unwinder = PROG_UNWIND_STOP;
-  ErrorCode error = ERR_OK;
   BEAMProcInfo *info = bpf_map_lookup_elem(&beam_procs, &pid);
 
   if (!info) {
     DEBUG_PRINT("beam: no BEAMProcInfo for this pid");
-    goto exit;
+    return -1;
   }
 
+  DEBUG_PRINT("==== unwind_beam %d ====", trace->stack_len);
+
 	// "the_active_code_index" symbol is from:
 	// https://github.com/erlang/otp/blob/OTP-27.2.4/erts/emulator/beam/code_ix.c#L46
   u32 the_active_code_index;
-  bpf_probe_read_user(&the_active_code_index, sizeof(u32), (void*)info->the_active_code_index);
+  if(bpf_probe_read_user(&the_active_code_index, sizeof(u32), (void*)info->the_active_code_index)) {
+    DEBUG_PRINT("beam: Failed to read the_active_code_index");
+    return -1;
+  }
 
 	// Index into the active static `r` variable using the currently-active code index
 	// https://github.com/erlang/otp/blob/OTP-27.2.4/erts/emulator/beam/beam_ranges.c#L62
   u64 active_ranges = info->r + (the_active_code_index * info->ranges_sizeof);
-  DEBUG_PRINT("==== unwind_beam active_ranges: %llx, the_active_code_index: %d ====", active_ranges, the_active_code_index);
 
+  DEBUG_PRINT("beam: r: %llx, the_active_code_index: %d, active_ranges: %llx", info->r, the_active_code_index, active_ranges);
+
+  BEAMRangesInfo ranges;
+
+  if(bpf_probe_read_user(&ranges.modules, sizeof(u64), (void*)(active_ranges + info->ranges_modules))) {
+    DEBUG_PRINT("beam: Failed to read ranges.modules");
+    return -1;
+  }
+
+  if (bpf_probe_read_user(&ranges.n, sizeof(u64), (void*)(active_ranges + info->ranges_n))) {
+    DEBUG_PRINT("beam: Failed to read ranges.n");
+    return -1;
+  }
+  
+  DEBUG_PRINT("beam: modules: %llx, n: %llu", ranges.modules, ranges.n);
+
+  if (bpf_probe_read_user(&ranges.first, sizeof(BEAMRangeEntry), (void*)(ranges.modules))) {
+    DEBUG_PRINT("beam: Failed to read ranges.first");
+    return -1;
+  }
+  if (bpf_probe_read_user(&ranges.mid, sizeof(BEAMRangeEntry), (void*)(ranges.modules + (ranges.n / 2) * sizeof(BEAMRangeEntry)))) {
+    DEBUG_PRINT("beam: Failed to read ranges.mid");
+    return -1;
+  }
+  if (bpf_probe_read_user(&ranges.last, sizeof(BEAMRangeEntry), (void*)(ranges.modules + (ranges.n - 1) * sizeof(BEAMRangeEntry)))) {
+    DEBUG_PRINT("beam: Failed to read ranges.last");
+    return -1;
+  }
+
+  DEBUG_PRINT("beam: ranges.first.start: %llx, ranges.last.end: %llx", ranges.first.start, ranges.last.end);
+
+  int unwinder = PROG_UNWIND_STOP;
+  ErrorCode error = ERR_OK;
 #pragma unroll
   for (int i = 0; i < FRAMES_PER_PROGRAM; i++) {
     if (record->state.fp & 0x3) {
       unwinder = PROG_UNWIND_NATIVE;
       break;
     }
 
-    error = unwind_one_beam_frame(record, active_ranges);
+    unwinder_mark_nonleaf_frame(&record->state);
+    error = unwind_one_beam_frame(record, &ranges);
     if (error) {
       break;
     }

support/ebpf/errors.h

@@ -162,7 +162,10 @@ typedef enum ErrorCode {
   ERR_DOTNET_CODE_HEADER = 6002,
 
   // Dotnet: Code object was too large to unwind in eBPF
-  ERR_DOTNET_CODE_TOO_LARGE = 6003
+  ERR_DOTNET_CODE_TOO_LARGE = 6003,
+
+  // BEAM: PC was outside the expected address range
+  ERR_BEAM_PC_INVALID = 7000
 } ErrorCode;
 
 #endif // OPTI_ERRORS_H