# bpftrace/bpftrace

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/bpftrace-bpftrace).**

9,950 stars · 1,439 forks · C++ · apache-2.0

## Links

- GitHub: https://github.com/bpftrace/bpftrace
- Homepage: https://bpftrace.org/
- awesome-repositories: https://awesome-repositories.com/repository/bpftrace-bpftrace.md

## Topics

`bcc` `bpf` `ebpf` `kprobes` `tracepoints` `tracing` `uprobes` `usdt`

## Description

bpftrace is a high-level eBPF tracing tool and kernel instrumentation framework for Linux. It provides a tracing language to instrument kernel and user-space events without recompiling the system, functioning as a dynamic system profiler and event aggregator.

The project enables dynamic system tracing and Linux kernel observability by capturing tracepoints and dynamic probes in real time. It allows for kernel data inspection and runtime process debugging by accessing internal data structures and filtering specific process events.

Its capability surface covers system performance analysis, including execution stack sampling and event latency measurement. It also provides utilities for event data summarization through histograms and frequency maps, as well as a probe discovery utility to locate available instrumentation points.

## Tags

### System Administration & Monitoring

- [Dynamic System Tracing](https://awesome-repositories.com/f/system-administration-monitoring/dynamic-system-tracing.md) — Enables adding instrumentation to a live system using eBPF to observe kernel and user-space function calls.
- [Kernel Tracing Frameworks](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-tools/diagnostics/execution-tracers/kernel-tracing-frameworks.md) — Provides a framework for capturing tracepoints and dynamic probes to analyze kernel data structures and function calls.
- [Kernel Event Tracers](https://awesome-repositories.com/f/system-administration-monitoring/event-monitoring-systems/kernel-event-tracers.md) — Captures event data using stable tracepoints and dynamic probes at function entry and exit points. ([source](https://bpftrace.org/tutorial-one-liners))
- [Dynamic Kernel Probes](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/dynamic-binary-instrumentation/dynamic-kernel-probes.md) — Allows attaching custom eBPF bytecode to kprobes and tracepoints for live kernel function instrumentation.
- [Performance Profiling Tools](https://awesome-repositories.com/f/system-administration-monitoring/performance-profiling-tools.md) — Functions as a dynamic system profiler that samples execution stacks and measures event latency.
- [System Performance Analyzers](https://awesome-repositories.com/f/system-administration-monitoring/system-performance-monitors/system-performance-analyzers.md) — Measures event latency and execution stacks to identify performance bottlenecks and resource contention in running systems.
- [Execution Stack Samplers](https://awesome-repositories.com/f/system-administration-monitoring/trace-sampling/execution-stack-samplers.md) — Captures execution stack traces at a set frequency to identify system performance bottlenecks. ([source](https://bpftrace.org/tutorial-one-liners))
- [Event Latency Measurements](https://awesome-repositories.com/f/system-administration-monitoring/event-latency-measurements.md) — Implements high-resolution timestamping to measure the time elapsed between two specific events. ([source](https://bpftrace.org/tutorial-one-liners))
- [Probe Discovery Utilities](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/dynamic-binary-instrumentation/dynamic-kernel-probes/probe-discovery-utilities.md) — Provides a utility to discover available instrumentation points using search terms and wildcards. ([source](https://bpftrace.org/tutorial-one-liners))

### Part of an Awesome List

- [Data Structure Inspectors](https://awesome-repositories.com/f/awesome-lists/devops/kernel-internals/data-structure-inspectors.md) — Allows accessing and summarizing internal kernel data structures to diagnose complex system behaviors.
- [Command Line Tools](https://awesome-repositories.com/f/awesome-lists/devtools/command-line-tools.md) — Listed in the “Command Line Tools” section of the The Book Of Secret Knowledge awesome list.

### Data & Databases

- [Runtime Type Resolution](https://awesome-repositories.com/f/data-databases/data-type-managers/dynamic-type-managers/runtime-type-resolution.md) — Provides dynamic type resolution using BTF and kernel headers to cast raw memory addresses into readable C structures.
- [Event Frequency Counters](https://awesome-repositories.com/f/data-databases/frequency-analyzers/event-frequency-counters.md) — Aggregates event occurrences into maps, frequency counts, and histograms for performance trend visualization. ([source](https://bpftrace.org/tutorial-one-liners))

### Operating Systems & Systems Programming

- [eBPF Tooling](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/ebpf-tooling.md) — Provides a high-level tracing language that leverages eBPF to instrument kernel and user-space events.
- [Event Aggregators](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/ebpf-tooling/event-aggregators.md) — Summarizes system event data into histograms and frequency maps for deep performance analysis.
- [Kernel Observability Programs](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/kernel-development/kernel-observability-programs.md) — Provides advanced observability of the Linux kernel by capturing internal events and inspecting system state in real time.
- [Kernel Structure Tracing](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-structure-tracing.md) — Provides the capability to access and dereference internal kernel structures by casting raw arguments or using type information. ([source](https://bpftrace.org/tutorial-one-liners))
- [Kernel-Userspace Shared Maps](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-userspace-shared-maps.md) — Utilizes shared hash maps and arrays between the kernel and userspace to aggregate and store event counters.

### Development Tools & Productivity

- [Runtime Debugging](https://awesome-repositories.com/f/development-tools-productivity/debugging-profiling-testing/debugging-diagnostics/debugging-inspection-tools/debugging-and-inspection-tools/runtime-debugging.md) — Filters and captures specific process events to troubleshoot application crashes or unexpected behavior on a live host.

### DevOps & Infrastructure

- [Predicate-Based Execution Filters](https://awesome-repositories.com/f/devops-infrastructure/event-filtering-policies/predicate-based-execution-filters.md) — Executes actions only when specific boolean expressions or predicates are true to isolate targeted process IDs. ([source](https://bpftrace.org/tutorial-one-liners))

### Programming Languages & Runtimes

- [Source Translators](https://awesome-repositories.com/f/programming-languages-runtimes/programming-language-varieties/programming-languages/systems-languages/c/source-translators.md) — Implements a backend that translates high-level tracing scripts into C code before eBPF compilation.

### Software Engineering & Architecture

- [Just-in-Time Compilers](https://awesome-repositories.com/f/software-engineering-architecture/function-execution-engines/just-in-time-compilers.md) — Translates high-level scripts into eBPF bytecode at runtime using an LLVM-based just-in-time compiler.
- [Program Lifecycle Managers](https://awesome-repositories.com/f/software-engineering-architecture/program-lifecycle-managers.md) — Manages the lifecycle of kernel programs by loading bytecode and reading data from shared memory maps.