perf(ebpf): improve procTreeForkProcessor

| Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 547.4 | 267.5 | 51.14% | | Bytes allocated (B/op) | 496 | 0 | 100.00% | | Allocations per op | 5 | 0 | 100.00% | | Total runtime (s) | 54.757 | 26.763 | 51.13% | --- Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeForkProcessor$ github.com/aquasecurity/tracee/pkg/ebpf -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeForkProcessor-32 100000000 267.5 ns/op 0 B/op 0 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf 26.763s
aquasecurity · Jan 28, 2025 · 2584505 · 2584505
1 parent 7eb6b91
commit 2584505
Showing 1 changed file with 45 additions and 24 deletions.
diff --git a/pkg/ebpf/processor_proctree.go b/pkg/ebpf/processor_proctree.go
@@ -17,8 +17,6 @@ import (
 
 // procTreeForkProcessor handles process fork events.
 func (t *Tracee) procTreeForkProcessor(event *trace.Event) error {
-	var errs []error
-
 	if t.processTree == nil {
 		return fmt.Errorf("process tree is disabled")
 	}
@@ -27,51 +25,74 @@ func (t *Tracee) procTreeForkProcessor(event *trace.Event) error {
 
 	// Parent Process (Go up in hierarchy until parent is a process and not a lwp)
 	parentTid, err := parse.ArgVal[int32](event.Args, "parent_process_tid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	parentNsTid, err := parse.ArgVal[int32](event.Args, "parent_process_ns_tid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	parentPid, err := parse.ArgVal[int32](event.Args, "parent_process_pid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	parentNsPid, err := parse.ArgVal[int32](event.Args, "parent_process_ns_pid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	parentStartTime, err := parse.ArgVal[uint64](event.Args, "parent_process_start_time")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 
 	// Thread Group Leader (might be the same as the "child", if "child" is a process)
 	leaderTid, err := parse.ArgVal[int32](event.Args, "leader_tid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	leaderNsTid, err := parse.ArgVal[int32](event.Args, "leader_ns_tid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	leaderPid, err := parse.ArgVal[int32](event.Args, "leader_pid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	leaderNsPid, err := parse.ArgVal[int32](event.Args, "leader_ns_pid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	leaderStartTime, err := parse.ArgVal[uint64](event.Args, "leader_start_time")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 
 	// Child (might be a process or a thread)
 	childTid, err := parse.ArgVal[int32](event.Args, "child_tid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	childNsTid, err := parse.ArgVal[int32](event.Args, "child_ns_tid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	childPid, err := parse.ArgVal[int32](event.Args, "child_pid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	childNsPid, err := parse.ArgVal[int32](event.Args, "child_ns_pid")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	childStartTime, err := parse.ArgVal[uint64](event.Args, "start_time") // child_start_time
-	errs = append(errs, err)
-
-	// Deal with errors
-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
+	if err != nil {
+		return err
 	}
 
 	// Calculate hashes
-	childHash := utils.HashTaskID(uint32(childTid), uint64(childStartTime))
 	parentHash := utils.HashTaskID(uint32(parentTid), uint64(parentStartTime))
 	leaderHash := utils.HashTaskID(uint32(leaderTid), uint64(leaderStartTime))
+	childHash := utils.HashTaskID(uint32(childTid), uint64(childStartTime))
 
 	return t.processTree.FeedFromFork(
 		proctree.ForkFeed{