bpftrace — High-Level Tracing Language for Linux eBPF
A high-level tracing language for Linux that uses eBPF to instrument the kernel and user-space programs. Write powerful one-liner performance analysis scripts with an awk-like syntax that compiles to eBPF bytecode.
%20by%20%E2%80%9ELisa%20Wischofsky%E2%80%9D%2C%20licensed%20under%20%E2%80%9ECC0%201.0%E2%80%9D%20(https%3A%2F%2Fcreativecommons.org%2Fpublicdomain%2Fzero%2F1.0%2F)%3C%2Fdc%3Arights%3E%3C%2Frdf%3ADescription%3E%3C%2Frdf%3ARDF%3E%3C%2Fmetadata%3E%3Cmask%20id%3D%22viewboxMask%22%3E%3Crect%20width%3D%22980%22%20height%3D%22980%22%20rx%3D%22490%22%20ry%3D%22490%22%20x%3D%220%22%20y%3D%220%22%20fill%3D%22%23fff%22%20%2F%3E%3C%2Fmask%3E%3Cg%20mask%3D%22url(%23viewboxMask)%22%3E%3Crect%20fill%3D%22url(%23backgroundLinear)%22%20width%3D%22980%22%20height%3D%22980%22%20x%3D%220%22%20y%3D%220%22%20%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22backgroundLinear%22%20gradientTransform%3D%22rotate(290%200.5%200.5)%22%3E%3Cstop%20stop-color%3D%22%23FFCCB6%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23FED7AA%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3Cpath%20d%3D%22M530%20219a446%20446%200%200%201%20133%2039c20%2011%2040%2023%2057%2039%2010%209%2019%2018%2027%2029%209%2012%2015%2026%2017%2041%202%2018%202%2037-4%2055-2%207-5%2014-10%2020l-2-5c0-21-4-41-12-60l-1%2019v23c0%2015%202%2031%205%2046l13%2070%2012%2075c3%2024%205%2046-1%2069-3%2012-7%2023-14%2033-3%206-7%2010-11%2015l-6%202%201-12c2-16%201-31%200-46l-7%2012c-7%2011-15%2020-24%2028-11%209-22%2017-35%2022l-17%204c-19%205-39%204-59%200-36-7-71-17-107-24l-32-4h-39l-42%203c-7%208-16%2011-26%2014-12%202-25%201-36-4-17-6-30-17-41-31l7%2016c2%202%205%206%204%209-1%202-3%202-5%203-7%203-15%201-21-2-16-7-29-19-39-32a214%20214%200%200%201-40-115l-1%2027c0%2016%203%2032%208%2047%204%2011%209%2020%2012%2031l-4-2-7-12c-12-21-17-48-17-72%200-33%2010-65%2021-96l19-61%2011-44c4-15%209-29%2015-43a196%20196%200%200%201%2098-103c11-5%2021-10%2033-13%2014-4%2028-6%2043-6%205-1%209%200%2013%201%205%201%2010-2%2014-2%2032-7%2065-7%2097-3Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M495%20231a231%20231%200%200%201%20219%20204c1%2010%202%2021%200%2030-1%204-1%207-4%208-3-10-3-19-4-29a220%20220%200%200%200-239-205c-42%204-83%2019-117%2044l-17%2013a221%20221%200%200%200-78%20164c0%2023%207%2043%2015%2064h17c3%201%204%204%202%206l-6%202c-15%201-31%207-42%2017-8%209-14%2019-16%2031-3%2015%200%2032%208%2045%209%2015%2024%2027%2040%2033%2014%205%2029%207%2043%205%204-1%208-2%2011%200v3c-5%205-11%206-18%207-16%203-33-1-47-8a86%2086%200%200%201-47-58c-4-18-1-37%209-53%208-12%2020-21%2034-26-7-14-10-28-12-43-2-18-2-35%200-53%201-13%204-25%208-38a227%20227%200%200%201%2099-122c41-28%2092-43%20142-41Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M535%20244a220%20220%200%200%201%20171%20200c1%2010%201%2019%204%2029l-2%2018v22c-3%204-4%209-4%2014-2%208-2%2015-2%2023v65c0%2021-3%2042-11%2061-4%2013-10%2024-18%2035-10%2012-21%2022-34%2031-11%209-24%2017-37%2024l-22%2014-12%208%209-2c-3%2011-3%2024-4%2036%200%208%201%2016%207%2022a235%20235%200%200%200%2081%2045c6%207%2011%2016%2013%2025%201%209%200%2018-4%2027-6%2010-14%2018-23%2024-13%2010-28%2017-43%2022a417%20417%200%200%201-217%2011c-16-3-33-9-48-17-10-5-21-12-28-21-6-6-10-14-11-22-2-10%200-21%205-30%2021-13%2039-32%2049-54%205-11%207-22%208-34%201-16%200-32-1-47-2-20-3-41-8-61%2011%2012%2023%2024%2037%2032%2017%2011%2036%2020%2055%2026%2020%207%2041%2013%2063%2018l25%203c3%200%206%200%208-2%202-1%201-2%202-3l-17-2c-29-7-58-16-87-27-18-7-36-15-53-27-18-13-33-30-47-47l-11-16-1-1v-3c-3-2-7-1-11%200-14%202-29%200-43-5-16-6-31-18-40-33-8-13-11-30-8-45%202-12%208-22%2016-31%2011-10%2027-16%2042-17l6-2c2-2%201-5-2-6h-17c-8-21-15-41-15-64-1-14%202-27%205-41a221%20221%200%200%201%2073-123l17-13a230%20230%200%200%201%20185-39Z%22%20fill%3D%22%23ffffff%22%2F%3E%3Cpath%20d%3D%22M708%20513c3%203%202%207%203%2012v29c0%2026%202%2054%200%2080-3%2031-14%2063-36%2086-25%2028-57%2051-93%2064l2%207v35c1%206%204%2010%208%2014l26%2019%2032%2020%2024%2012c2%200%203%201%205%203l-19-5c-19-6-37-14-54-25-9-5-19-12-26-20-6-6-7-14-7-22%201-12%201-25%204-36l-9%202%2012-8%2022-14c13-7%2026-15%2037-24%2013-9%2024-19%2034-31a178%20178%200%200%200%2029-96v-65c0-8%200-15%202-23%200-5%201-10%204-14ZM278%20574c5%205%204%2014%200%2019l-3%207c1%203%205%205%207%206%206%203%2012%207%2019%209%200%204-3%205-7%205-6-1-13-3-18-6-7-3-13-8-13-16%200-6%205-9%206-14%202-4%200-7-1-11%204-1%207-2%2010%201ZM328%20667l11%2016c14%2017%2029%2034%2047%2047%2017%2012%2035%2020%2053%2027a714%20714%200%200%200%20104%2029c-1%201%200%202-2%203-2%202-5%202-8%202l-25-3a478%20478%200%200%201-118-44c-14-8-26-20-37-32%205%2020%206%2041%208%2061%201%2015%202%2031%201%2047-1%2012-3%2023-8%2034-10%2022-28%2041-49%2054l-14%208c2-4%206-6%209-9%2013-11%2024-25%2034-39%206-10%2012-21%2014-33%204-19%203-39%203-58l-3-59%202-10c-10-11-19-26-22-41Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M686%20474c5%202%2010%207%2012%2012%203%208%203%2017%201%2025-1%204-4%208-9%208s-9-5-8-10c0-8%203-15%201-23l-5-4c-6%200-12%203-17%205%202%203%204%205%204%208%202%207%201%2014%200%2021-1%208-4%2014-9%2020-3%202-7%206-11%207-5%201-10-1-12-5-4-5-4-11-3-16l-6%208c-1%202-2%203-4%203-1-2%200-6%201-8a95%2095%200%200%201%2044-49c6-3%2014-4%2021-2ZM470%20481c18%206%2035%2017%2046%2033%203%204%206%209%207%2014%201%203%201%205-1%206-3%201-6-3-8-5-3%206-2%2013-6%2018-3%204-7%208-11%2010-6%203-13%203-19%201s-10-8-14-13c-5-10-5-20-4-30%201-8%204-15%209-21-14-5-29-8-42-2-10%204-16%2011-19%2021-1%205%200%2011-3%2015-3%203-9%203-12%200s-4-7-3-11c1-12%207-22%2016-30%206-4%2012-7%2019-9%2015-4%2031-3%2045%203Z%22%20fill%3D%22%23000000%22%2F%3E%3Cg%20fill%3D%22%23000000%22%3E%3Cpath%20d%3D%22M675%20381c5%200%208%204%209%208-11%203-23%208-34%2013l-16%208c-7%204-14%207-22%209-5%201-9%200-13%203l-7%208c-3%203-4%207-6%2012-1-1-3-2-3-4-2-5%200-11%202-16%202-6%203-12%208-17%203-4%205-8%209-10%204-3%2010-4%2014%200l1%206%2025-14c11-4%2021-8%2033-6ZM481%20383c14%202%2032%201%2044%207%209%204%2013%2011%2018%2019l-1%204c-4%203-9%204-14%202-4-2-6-6-9-8-2-2-5-2-8-3l-25-2c-12-1-24-6-36-7l-27-5-5-2c9-3%2019-4%2029-5%2011%200%2023-2%2034%200Z%22%2F%3E%3Cpath%20d%3D%22M540%20387c6-2%2012-2%2016%202%206%203%209%209%2011%2015%200-4%202-9%205-12%206%203%2011%209%2013%2015%201%205%202%2010%200%2015s-9%208-13%205c-4-4-4-12-5-18-1%204-2%208-5%2010s-7%201-9-2l-5-12-7-15-1-3Z%22%2F%3E%3C%2Fg%3E%3Cpath%20d%3D%22M607%20606c0%203-2%206-4%209-4%206-11%2010-18%2012-5%201-9-2-13%200-4%200-8%201-12-1-2-1-2-4%200-6%203-4%208-7%2012-7%204-1%207-1%2010%202l1%207c5-2%207-5%2011-8l13-8Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M608%20667c2%200%204%200%205%202l-1%2015c5-1%2010-4%2016-2%200%204-4%207-7%209l-35%2012c-17%204-34%207-51%208-7%201-15-1-22-3-2-1-4-1-4-4%204-2%209%200%2012-1%202-5%207-7%2011-10l31-19c3-1%207-4%2010-4%204-1%207%204%2011%204%208-2%2016-7%2024-7ZM607%20712c1%204%201%208-1%2011-2%205-7%209-12%2011-6%202-12%203-18%202-2%200-6-2-6-5%201-2%205-2%207-3%208-4%2018-7%2025-13%202-1%203-3%205-3Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M492%20216c35%200%2070%207%20103%2017%2023%206%2045%2014%2066%2024%2023%2012%2045%2025%2063%2044%2015%2013%2027%2028%2035%2046%203%208%205%2017%206%2026%201%2013%200%2026-2%2039-2%2010-6%2022-13%2030l-2-6c0-20-5-40-12-59%201%2019-3%2040-15%2055-4%204-8%205-12%207s-9%202-13%202c-7-1-15-4-22-7-2-2-5-3-6-6-4-13-5-27-9-40l-6-17c-2%2010-4%2019-8%2028-3%2011-8%2021-15%2030l-8%207-3-14-4-17c-5-21-14-42-26-61v29c-2%2016-3%2031-10%2045-3%207-4%2014-10%2018-8%204-18%205-27%205-13%200-28%202-41-1-6-2-8-7-11-12l-14-31-11-20c-2%2022-2%2043-1%2064-1%202%200%204-2%205-1%202-3%201-5%200-9-4-16-11-23-18-9-12-19-24-25-37l2%2017c3%2012%207%2024%2012%2035l2%208-5-2c-7-5-12-12-17-19-7-12-11-27-12-41-5%2019-7%2039-8%2059l-2%2010c-1%203-3%204-6%205l-33%205h-11a670%20670%200%200%200%2013%20152l15%2061c1%203%200%205-2%207-15-8-26-23-36-38v63l-3%206a245%20245%200%200%201-64-94l-6-16a397%20397%200%200%201-27-151c1-40%209-80%2026-116a217%20217%200%200%201%2076-91l31-17c11-4%2022-9%2034-10%2010-1%2021-3%2031%200%204%201%208-1%2012-2%2020-4%2041-6%2061-6Z%22%20fill%3D%22%23000000%22%2F%3E%3C%2Fg%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
What it is
bpftrace is a high-level tracing language for Linux that uses eBPF to instrument the kernel and user-space programs. It provides an awk-like syntax for writing powerful one-liner performance analysis scripts that compile directly to eBPF bytecode.
System administrators, SREs, and performance engineers who need to diagnose production issues without restarting services or adding custom instrumentation will find bpftrace indispensable.
How it saves time or tokens
bpftrace replaces complex custom C-based eBPF programs with concise one-liners. What previously required writing BPF C code, compiling with clang, and loading with libbpf can now be expressed in a single command. This reduces debugging time from hours to minutes for common performance investigations.
How to use
- Install bpftrace from your distribution's package manager.
- Write a one-liner or script file targeting a kernel probe, tracepoint, or USDT probe.
- Run with root privileges to attach the eBPF program.
# Install on Ubuntu/Debian
sudo apt-get install bpftrace
# Trace all open() syscalls with the filename argument
sudo bpftrace -e 'tracepoint:syscalls:sys_enter_openat { printf("%s %s\n", comm, str(args->filename)); }'
# Histogram of read() sizes by process
sudo bpftrace -e 'tracepoint:syscalls:sys_exit_read /args->ret > 0/ { @bytes[comm] = hist(args->ret); }'Example
Count syscalls by process name in real time:
sudo bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'This attaches to every syscall entry, groups by the calling process name, and prints a sorted count table when you press Ctrl-C.
Related on TokRepo
- DevOps tools — Infrastructure and operations tooling
- Monitoring tools — Observability and performance monitoring
Common pitfalls
- bpftrace requires root (or CAP_BPF) and a kernel version 4.9+ with BTF support for best results.
- Some probes generate high overhead when attached to very hot paths like scheduler functions.
- The awk-like syntax has limits; for complex multi-probe programs, consider BCC or libbpf-based tools.
Frequently Asked Questions
bpftrace works on Linux kernel 4.9 and later, but many features require 5.x kernels. For the best experience with BTF (BPF Type Format) support, use kernel 5.2 or newer.
BCC uses Python frontends with C-based BPF programs for complex tools. bpftrace is designed for ad-hoc one-liners and short scripts. BCC is better for reusable tools; bpftrace is better for quick investigations.
Yes. bpftrace supports uprobes for tracing arbitrary functions in user-space binaries and USDT probes for applications that expose static tracepoints (like Python, Ruby, MySQL, and PostgreSQL).
bpftrace programs are verified by the kernel BPF verifier before execution, which prevents crashes and infinite loops. However, attaching to hot code paths can add measurable overhead, so test on staging first.
Overhead depends on the probe type and frequency. Tracepoints on rare events add negligible overhead. Probes on high-frequency syscalls or function calls can add noticeable latency. Always scope probes with filters to minimize impact.
Citations (3)
- bpftrace GitHub— bpftrace is a high-level tracing language using eBPF
- bpftrace Reference Guide— awk-like syntax that compiles to eBPF bytecode
- eBPF Official Site— eBPF enables safe kernel-level tracing without kernel modules
Related on TokRepo
Discussion
Related Assets
Cucumber.js — BDD Testing with Plain Language Scenarios
Cucumber.js is a JavaScript implementation of Cucumber that runs automated tests written in Gherkin plain language.
WireMock — Flexible API Mocking for Java and Beyond
WireMock is an HTTP mock server for stubbing and verifying API calls in integration tests and development.
Google Benchmark — Microbenchmark Library for C++
Google Benchmark is a library for measuring and reporting the performance of C++ code with statistical rigor.