perf(controlplane): improve procTreeExecProcessor

| Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 649.7 | 284.2 | 56.26% | | Bytes allocated (B/op) | 500 | 4 | 99.20% | | Allocations per op | 6 | 1 | 83.33% | | Total runtime (s) | 64.981 | 28.435 | 56.26% | --- Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExecProcessor$ github.com/aquasecurity/tracee/pkg/ebpf/controlplane -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf/controlplane cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExecProcessor-32 100000000 284.2 ns/op 4 B/op 1 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf/controlplane 28.435s
aquasecurity · Jan 22, 2025 · 6eba0fd · 6eba0fd
1 parent 32464dc
commit 6eba0fd
Showing 1 changed file with 32 additions and 22 deletions.
diff --git a/pkg/ebpf/controlplane/processes.go b/pkg/ebpf/controlplane/processes.go
@@ -126,35 +126,44 @@ func (ctrl *Controller) procTreeForkProcessor(args []trace.Argument) error {
 }
 
 func (ctrl *Controller) procTreeExecProcessor(args []trace.Argument) error {
-	var errs []error
-
 	if ctrl.processTree == nil {
 		return nil // process tree is disabled
 	}
 
 	// Process & Event identification arguments (won't exist for regular events)
 	timestamp, err := parse.ArgVal[uint64](args, "timestamp")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	taskHash, _ := parse.ArgVal[uint32](args, "task_hash")
-	errs = append(errs, err)
 	parentHash, _ := parse.ArgVal[uint32](args, "parent_hash")
-	errs = append(errs, err)
 	leaderHash, _ := parse.ArgVal[uint32](args, "leader_hash")
-	errs = append(errs, err)
 
 	// Executable
 	cmdPath, err := parse.ArgVal[string](args, "cmdpath")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	pathName, err := parse.ArgVal[string](args, "pathname")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	dev, err := parse.ArgVal[uint32](args, "dev")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	inode, err := parse.ArgVal[uint64](args, "inode")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	ctime, err := parse.ArgVal[uint64](args, "ctime")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	inodeMode, err := parse.ArgVal[uint16](args, "inode_mode")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 
 	// Binary Interpreter (or Loader): might come empty from the kernel
 	interPathName, _ := parse.ArgVal[string](args, "interpreter_pathname")
@@ -164,21 +173,22 @@ func (ctrl *Controller) procTreeExecProcessor(args []trace.Argument) error {
 
 	// Real Interpreter
 	interp, err := parse.ArgVal[string](args, "interp")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 
 	// Others
 	stdinType, err := parse.ArgVal[uint16](args, "stdin_type")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	stdinPath, err := parse.ArgVal[string](args, "stdin_path")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	invokedFromKernel, err := parse.ArgVal[int32](args, "invoked_from_kernel")
-	errs = append(errs, err)
-
-	// Handle errors
-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
+	if err != nil {
+		return err
 	}
 
 	return ctrl.processTree.FeedFromExec(