perf: remove unused ExecFeed interpreter fields

Disable (comment out) ExecFeed interpreter fields not used by the feeders. This removal was already started by 4a5bb5d. --- Tracee | Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 215.6 | 168.1 | 22.03% | | Bytes allocated (B/op) | 4 | 4 | 0.00% | | Allocations per op | 1 | 1 | 0.00% | | Total runtime (s) | 21.571 | 16.825 | 22.03% | - Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExecProcessor$ github.com/aquasecurity/tracee/pkg/ebpf -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExecProcessor-32 100000000 168.1 ns/op 4 B/op 1 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf 16.825s --- Controller | Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 284.2 | 209.7 | 26.20% | | Bytes allocated (B/op) | 4 | 4 | 0.00% | | Allocations per op | 1 | 1 | 0.00% | | Total runtime (s) | 28.435 | 20.983 | 26.20% | - Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExecProcessor$ github.com/aquasecurity/tracee/pkg/ebpf/controlplane -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf/controlplane cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExecProcessor-32 100000000 209.7 ns/op 4 B/op 1 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf/controlplane 20.983s
aquasecurity · Jan 22, 2025 · adad405 · adad405
1 parent 6eba0fd
commit adad405
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 60 deletions.
diff --git a/pkg/ebpf/controlplane/processes.go b/pkg/ebpf/controlplane/processes.go
@@ -165,11 +165,11 @@ func (ctrl *Controller) procTreeExecProcessor(args []trace.Argument) error {
 		return err
 	}
 
-	// Binary Interpreter (or Loader): might come empty from the kernel
-	interPathName, _ := parse.ArgVal[string](args, "interpreter_pathname")
-	interDev, _ := parse.ArgVal[uint32](args, "interpreter_dev")
-	interInode, _ := parse.ArgVal[uint64](args, "interpreter_inode")
-	interCtime, _ := parse.ArgVal[uint64](args, "interpreter_ctime")
+	// // Binary Interpreter (or Loader): might come empty from the kernel
+	// interPathName, _ := parse.ArgVal[string](args, "interpreter_pathname")
+	// interDev, _ := parse.ArgVal[uint32](args, "interpreter_dev")
+	// interInode, _ := parse.ArgVal[uint64](args, "interpreter_inode")
+	// interCtime, _ := parse.ArgVal[uint64](args, "interpreter_ctime")
 
 	// Real Interpreter
 	interp, err := parse.ArgVal[string](args, "interp")
@@ -193,20 +193,20 @@ func (ctrl *Controller) procTreeExecProcessor(args []trace.Argument) error {
 
 	return ctrl.processTree.FeedFromExec(
 		proctree.ExecFeed{
-			TimeStamp:         time.BootToEpochNS(timestamp),
-			TaskHash:          taskHash,
-			ParentHash:        parentHash,
-			LeaderHash:        leaderHash,
-			CmdPath:           cmdPath,
-			PathName:          pathName,
-			Dev:               dev,
-			Inode:             inode,
-			Ctime:             ctime,
-			InodeMode:         inodeMode,
-			InterpreterPath:   interPathName,
-			InterpreterDev:    interDev,
-			InterpreterInode:  interInode,
-			InterpreterCtime:  interCtime,
+			TimeStamp:  time.BootToEpochNS(timestamp),
+			TaskHash:   taskHash,
+			ParentHash: parentHash,
+			LeaderHash: leaderHash,
+			CmdPath:    cmdPath,
+			PathName:   pathName,
+			Dev:        dev,
+			Inode:      inode,
+			Ctime:      ctime,
+			InodeMode:  inodeMode,
+			// InterpreterPath:   interPathName,
+			// InterpreterDev:    interDev,
+			// InterpreterInode:  interInode,
+			// InterpreterCtime:  interCtime,
 			Interp:            interp,
 			StdinType:         stdinType,
 			StdinPath:         stdinPath,

diff --git a/pkg/ebpf/controlplane/processes_bench_test.go b/pkg/ebpf/controlplane/processes_bench_test.go
@@ -66,10 +66,10 @@ func Benchmark_procTreeExecProcessor(b *testing.B) {
 		{ArgMeta: trace.ArgMeta{Name: "inode"}, Value: uint64(1)},
 		{ArgMeta: trace.ArgMeta{Name: "ctime"}, Value: uint64(1)},
 		{ArgMeta: trace.ArgMeta{Name: "inode_mode"}, Value: uint16(1)},
-		{ArgMeta: trace.ArgMeta{Name: "interpreter_pathname"}, Value: "/lib64/ld-linux-x86-64.so.2"},
-		{ArgMeta: trace.ArgMeta{Name: "interpreter_dev"}, Value: uint32(1)},
-		{ArgMeta: trace.ArgMeta{Name: "interpreter_inode"}, Value: uint64(1)},
-		{ArgMeta: trace.ArgMeta{Name: "interpreter_ctime"}, Value: uint64(1)},
+		// {ArgMeta: trace.ArgMeta{Name: "interpreter_pathname"}, Value: "/lib64/ld-linux-x86-64.so.2"},
+		// {ArgMeta: trace.ArgMeta{Name: "interpreter_dev"}, Value: uint32(1)},
+		// {ArgMeta: trace.ArgMeta{Name: "interpreter_inode"}, Value: uint64(1)},
+		// {ArgMeta: trace.ArgMeta{Name: "interpreter_ctime"}, Value: uint64(1)},
 		{ArgMeta: trace.ArgMeta{Name: "interp"}, Value: "/lib64/ld-linux-x86-64.so.2"},
 		{ArgMeta: trace.ArgMeta{Name: "stdin_type"}, Value: uint16(1)},
 		{ArgMeta: trace.ArgMeta{Name: "stdin_path"}, Value: "/dev/null"},

diff --git a/pkg/ebpf/processor_proctree.go b/pkg/ebpf/processor_proctree.go
@@ -154,11 +154,11 @@ func (t *Tracee) procTreeExecProcessor(event *trace.Event) error {
 		return err
 	}
 
-	// Binary Interpreter (or Loader): might come empty from the kernel
-	interPathName, _ := parse.ArgVal[string](event.Args, "interpreter_pathname")
-	interDev, _ := parse.ArgVal[uint32](event.Args, "interpreter_dev")
-	interInode, _ := parse.ArgVal[uint64](event.Args, "interpreter_inode")
-	interCtime, _ := parse.ArgVal[uint64](event.Args, "interpreter_ctime")
+	// // Binary Interpreter (or Loader): might come empty from the kernel
+	// interPathName, _ := parse.ArgVal[string](event.Args, "interpreter_pathname")
+	// interDev, _ := parse.ArgVal[uint32](event.Args, "interpreter_dev")
+	// interInode, _ := parse.ArgVal[uint64](event.Args, "interpreter_inode")
+	// interCtime, _ := parse.ArgVal[uint64](event.Args, "interpreter_ctime")
 
 	// Real Interpreter
 	interp, err := parse.ArgVal[string](event.Args, "interp")
@@ -185,20 +185,20 @@ func (t *Tracee) procTreeExecProcessor(event *trace.Event) error {
 
 	return t.processTree.FeedFromExec(
 		proctree.ExecFeed{
-			TimeStamp:         timestamp,
-			TaskHash:          taskHash,
-			ParentHash:        0, // regular pipeline does not have parent hash
-			LeaderHash:        0, // regular pipeline does not have leader hash
-			CmdPath:           cmdPath,
-			PathName:          pathName,
-			Dev:               dev,
-			Inode:             inode,
-			Ctime:             ctime,
-			InodeMode:         inodeMode,
-			InterpreterPath:   interPathName,
-			InterpreterDev:    interDev,
-			InterpreterInode:  interInode,
-			InterpreterCtime:  interCtime,
+			TimeStamp:  timestamp,
+			TaskHash:   taskHash,
+			ParentHash: 0, // regular pipeline does not have parent hash
+			LeaderHash: 0, // regular pipeline does not have leader hash
+			CmdPath:    cmdPath,
+			PathName:   pathName,
+			Dev:        dev,
+			Inode:      inode,
+			Ctime:      ctime,
+			InodeMode:  inodeMode,
+			// InterpreterPath:   interPathName,
+			// InterpreterDev:    interDev,
+			// InterpreterInode:  interInode,
+			// InterpreterCtime:  interCtime,
 			Interp:            interp,
 			StdinType:         stdinType,
 			StdinPath:         stdinPath,

diff --git a/pkg/ebpf/processor_proctree_bench_test.go b/pkg/ebpf/processor_proctree_bench_test.go
@@ -64,10 +64,10 @@ func Benchmark_procTreeExecProcessor(b *testing.B) {
 			{ArgMeta: trace.ArgMeta{Name: "inode"}, Value: uint64(1)},
 			{ArgMeta: trace.ArgMeta{Name: "ctime"}, Value: uint64(1)},
 			{ArgMeta: trace.ArgMeta{Name: "inode_mode"}, Value: uint16(1)},
-			{ArgMeta: trace.ArgMeta{Name: "interpreter_pathname"}, Value: "/lib64/ld-linux-x86-64.so.2"},
-			{ArgMeta: trace.ArgMeta{Name: "interpreter_dev"}, Value: uint32(1)},
-			{ArgMeta: trace.ArgMeta{Name: "interpreter_inode"}, Value: uint64(1)},
-			{ArgMeta: trace.ArgMeta{Name: "interpreter_ctime"}, Value: uint64(1)},
+			// {ArgMeta: trace.ArgMeta{Name: "interpreter_pathname"}, Value: "/lib64/ld-linux-x86-64.so.2"},
+			// {ArgMeta: trace.ArgMeta{Name: "interpreter_dev"}, Value: uint32(1)},
+			// {ArgMeta: trace.ArgMeta{Name: "interpreter_inode"}, Value: uint64(1)},
+			// {ArgMeta: trace.ArgMeta{Name: "interpreter_ctime"}, Value: uint64(1)},
 			{ArgMeta: trace.ArgMeta{Name: "interp"}, Value: "/lib64/ld-linux-x86-64.so.2"},
 			{ArgMeta: trace.ArgMeta{Name: "stdin_type"}, Value: uint16(1)},
 			{ArgMeta: trace.ArgMeta{Name: "stdin_path"}, Value: "/dev/null"},

diff --git a/pkg/proctree/proctree_feed.go b/pkg/proctree/proctree_feed.go
@@ -172,20 +172,20 @@ func (pt *ProcessTree) FeedFromFork(feed ForkFeed) error {
 }
 
 type ExecFeed struct {
-	TimeStamp         uint64
-	TaskHash          uint32
-	ParentHash        uint32
-	LeaderHash        uint32
-	CmdPath           string
-	PathName          string
-	Dev               uint32
-	Inode             uint64
-	Ctime             uint64
-	InodeMode         uint16
-	InterpreterPath   string
-	InterpreterDev    uint32
-	InterpreterInode  uint64
-	InterpreterCtime  uint64
+	TimeStamp  uint64
+	TaskHash   uint32
+	ParentHash uint32
+	LeaderHash uint32
+	CmdPath    string
+	PathName   string
+	Dev        uint32
+	Inode      uint64
+	Ctime      uint64
+	InodeMode  uint16
+	// InterpreterPath   string
+	// InterpreterDev    uint32
+	// InterpreterInode  uint64
+	// InterpreterCtime  uint64
 	Interp            string
 	StdinType         uint16
 	StdinPath         string