Abstract
The talk will contain the following sections:
1- the linux kernel, a general overview, unintentional obfuscations, and how a software engineer building similar software can navigate it
- describe “kernel empathy” showing the general angle with which the kernel views user programs
- interesting not well known facts about the kernel
- the clever hacks that the linux kernel employs, like backward compatibilty workarounds
- the vast differnece in complexity between different syscalls
- how learning to scour sources like linux mailing list and the linux codebase is crucial to any similar endeavour
2- A fast 3 minute introduction to linux’s syscall naming conventions
- similar to Rami Ismail’s very entertaining talk [1], in this talk the crowd learns to read a variety of Arabic words in a very short time, this section is similar but with the goal of cautioning the crowd what to expect from a subset of syscalls by simply looking at the name:
- (f)syscall : identify the file using a file descriptor
- (l)syscall : not recursing symlinks, and operating on the symlink itself
- (p)syscall : parallel semantics in a syscall, in other cases: the involvement of signals in the logic
- syscall(at) : involves the utilization of an anchor directory
- syscall(v) : syscall operates in a vectored approach (avoids multiple syscalls)
- (rt)syscall : syscall will involve the utilization of real-time signal
3- challenges I’ve come across building intentrace
- traditional sources like the linux manpages often contain misleading information, these inconsistencies are left unfixed even when surfaced due to a variety of reasons
- small ecosystem challenges, example: working around some issues in the clap library
- supporting multi-threaded binaries is harder than it appears
4- compare intentrace to strace
- the history of strace, a 31 y/o codebase
- performance benchmarks
- how intentrace -due to its nature- will likely never achieve the performance of strace but how it can reach a level where this difference will not matter
5- performance techniques
minimize allocations by utilizing ecosystem crates like:
- smallvec
- smallstring
- smallbox
- utilizing global bufwriters
- …and others
uncommon tricks:
- the process_vm_readv syscall
- taking advantage of the TSC register on x86-64 cpus to measure time instead of using the clock_gettime (default Rust)
- llvm attributes
- and perhaps even self modifying code to eliminate unneeded branches in hot paths
- …and others
higher order performance winners, like using ebpf
6- complexity in developer tooling
- arguing that conventional command line tools should sometimes embrace complexity and extend their modalities, pointing lightly that intentrace should experiment with becoming more complex in its goal to become more useful
Final notes:
- some of the technical points in these sections are still being implemented in the intentrace codebase.
[1] https://www.youtube.com/watch?v=X1ynZm1wI18&ab_channel=XOXOFestival
