perf: improve procTreeExitProcessor

Improve procTreeExitProcessor for both Tracee and Controller. - Tracee | Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 159.9 | 95.71 | 40.14% | | Bytes allocated (B/op) | 48 | 0 | 100.00% | | Allocations per op | 2 | 0 | 100.00% | | Total runtime (s) | 16.001 | 9.586 | 40.14% | Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExitProcessor$ github.com/aquasecurity/tracee/pkg/ebpf -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExitProcessor-32 100000000 95.71 ns/op 0 B/op 0 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf 9.586s --- Controller | Metric | Old Value | New Value | Improvement (%) | |-------------------------|------------|-------------|-----------------| | Time per operation (ns) | 335.5 | 115.4 | 65.60% | | Bytes allocated (B/op) | 240 | 0 | 100.00% | | Allocations per op | 4 | 0 | 100.00% | | Total runtime (s) | 33.558 | 11.553 | 65.60% | Running tool: /home/gg/.goenv/versions/1.22.4/bin/go test -benchmem -run=^$ -tags ebpf -bench ^Benchmark_procTreeExitProcessor$ github.com/aquasecurity/tracee/pkg/ebpf/controlplane -benchtime=100000000x goos: linux goarch: amd64 pkg: github.com/aquasecurity/tracee/pkg/ebpf/controlplane cpu: AMD Ryzen 9 7950X 16-Core Processor Benchmark_procTreeExitProcessor-32 100000000 115.4 ns/op 0 B/op 0 allocs/op PASS ok github.com/aquasecurity/tracee/pkg/ebpf/controlplane 11.553s
aquasecurity · Jan 28, 2025 · f39eaa1 · f39eaa1
1 parent 70717e9
commit f39eaa1
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 27 deletions.
diff --git a/pkg/ebpf/controlplane/processes.go b/pkg/ebpf/controlplane/processes.go
@@ -216,33 +216,36 @@ func (ctrl *Controller) procTreeExecProcessor(args []trace.Argument) error {
 }
 
 func (ctrl *Controller) procTreeExitProcessor(args []trace.Argument) error {
-	var errs []error
-
 	if ctrl.processTree == nil {
 		return nil // process tree is disabled
 	}
 
 	// Process & Event identification arguments (won't exist for regular events)
 	timestamp, err := parse.ArgVal[uint64](args, "timestamp")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	taskHash, err := parse.ArgVal[uint32](args, "task_hash")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	parentHash, err := parse.ArgVal[uint32](args, "parent_hash")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	leaderHash, err := parse.ArgVal[uint32](args, "leader_hash")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 
 	// Exit logic arguments
 	exitCode, err := parse.ArgVal[int64](args, "exit_code")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	groupExit, err := parse.ArgVal[bool](args, "process_group_exit")
-	errs = append(errs, err)
-
-	// Handle errors
-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
+	if err != nil {
+		return err
 	}
 
 	return ctrl.processTree.FeedFromExit(

diff --git a/pkg/ebpf/processor_proctree.go b/pkg/ebpf/processor_proctree.go
@@ -209,31 +209,26 @@ func (t *Tracee) procTreeExecProcessor(event *trace.Event) error {
 
 // procTreeExitProcessor handles process exit events.
 func (t *Tracee) procTreeExitProcessor(event *trace.Event) error {
-	var errs []error
-
 	if t.processTree == nil {
 		return fmt.Errorf("process tree is disabled")
 	}
 	if event.HostProcessID != event.HostThreadID {
 		return nil // chek FeedFromExec for TODO of execve() handled by threads
 	}
 
-	timestamp := uint64(event.Timestamp)
-	taskHash := utils.HashTaskID(uint32(event.HostThreadID), uint64(event.ThreadStartTime))
-
 	// Exit logic arguments
 	exitCode, err := parse.ArgVal[int64](event.Args, "exit_code")
-	errs = append(errs, err)
+	if err != nil {
+		return err
+	}
 	groupExit, err := parse.ArgVal[bool](event.Args, "process_group_exit")
-	errs = append(errs, err)
-
-	// Handle errors
-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
+	if err != nil {
+		return err
 	}
 
+	timestamp := uint64(event.Timestamp)
+	taskHash := utils.HashTaskID(uint32(event.HostThreadID), uint64(event.ThreadStartTime))
+
 	return t.processTree.FeedFromExit(
 		proctree.ExitFeed{
 			TimeStamp:  timestamp, // time of exit is already a timestamp