Commit Graph

7 Commits

Author SHA1 Message Date
554ae92194 Test added to compare the Scanner vs GDB
gdb_test.go and testdata implement a go test to compare and verify that
we get correct results from the scanner.

testdata/simple.c is a small program that embeds Python and runs the
same code as in runforever.py.  The Makefile compiles this using
python3.7.  Adjustments to the flags might be needed in your environment

gdb_test.go contains only one test, TestSimpleGDB, that
  1. compiles simple.c
  2. runs it multiple times
  3. calls gdb to extract the address of symbol _PyRuntime for each pid
  4. runs our Scanner
  5. compares the results from gdb and our scanner
2020-01-16 10:30:49 +01:00
6eebe8c9f4 Only log the errors from observers
Because we call the observers concurrently, we must not write to S.err
inside the goroutines.  For now, we simply log an error from an
observer.
2020-01-16 10:28:01 +01:00
65a8d52b7a Syncronize all observers in Run()
With the introduction of a sync.WaitGroup we now wait for all observers
to finished before Run() returns
2020-01-16 10:18:07 +01:00
edd9212e89 Rename symbolyze.New -> symbolze.NewScanner 2020-01-16 00:13:03 +01:00
32981d6a55 Don't export *log.Logger in Scanner
By introducing a lowercase type alias 'logger' for *log.Logger we can
now embed 'logger' in Scanner and not export it:

 % go doc Scanner
package symbolyze // import "."

type Scanner struct {
	// Has unexported fields.
}
2020-01-15 23:50:09 +01:00
7af1728eed Cleanup done and documtation added
symbolyze.go has been simplified and cleaned up.  It now also is documented,
f.e.:

 % go doc Scanner
package symbolyze // import "."

type Scanner struct {
	*log.Logger // Embedded logger

	// Has unexported fields.
}
    Scanner represents an engine for scanning for a specific symbol in all
    ELF-files matching a certain pattern. The pattern is described in
    fileapth.Match().

    Once a Scanner is created with New(), it should be populated with Observer
    functions using OnFound(). Optionally, the scanner can be put into debugging
    mode by a call to DebugOn() prior to a call to Run().

    A call to Scanner.Run() then starts the engine and it will scan all pids in
    /proc. Whenever a match is found, all observers will be called with the
    (pid, offset), concurrently.

func New(symbol, pathglob string) *Scanner
func (S *Scanner) DebugOn()
func (S *Scanner) OnFound(fun Observer)
func (S *Scanner) Run() error
2020-01-15 23:26:30 +01:00
fb59ca1072 modular solution, first working draft
symbolyze/ now contains a module that exposes a Finder type with a
simple API, like:

	finder := symbolyze.New("_PyRuntime", "*python3*")
	finder.Debug(true)
	finder.OnFound(mapFD.Set)
	finder.Run()

Instead of writing (pid, offset) directly to a eBPF-map, it implements
an observer-pattern and expects a callback.

TODOs/next steps:

	- Write documentation
	- Add tests
	- Experiment and re-evaluate design
2020-01-15 20:42:53 +01:00