How to Use eBPF for Monitoring Linux Thread Contention#

eBPF (Extended Berkeley Packet Filter) provides powerful capabilities for monitoring Linux thread contention by capturing low-level kernel events involving thread scheduling, locking, and waiting conditions. This enables deep performance analysis and understanding of how threads compete for system resources like CPU time, locks, and I/O.

Understanding Thread Contention#

Thread contention occurs when multiple threads attempt to access shared resources simultaneously, leading to delays and performance bottlenecks. Understanding and monitoring these contentions is crucial for optimizing high-performance applications.

1
graph TB
2
    subgraph "Thread Contention Scenarios"
3
        subgraph "CPU Contention"
4
            T1["Thread 1"] --> RQ["Run Queue"]
5
            T2["Thread 2"] --> RQ
6
            T3["Thread 3"] --> RQ
7
            RQ --> CPU["CPU Core"]
8
        end
9

10
        subgraph "Lock Contention"
11
            T4["Thread 4"] --> Lock["Mutex Lock"]
12
            T5["Thread 5"] --> Lock
13
            T6["Thread 6"] --> Lock
14
            Lock --> Resource["Shared Resource"]
15
        end
16

17
        subgraph "I/O Contention"
18
            T7["Thread 7"] --> IO["I/O Wait"]
19
            T8["Thread 8"] --> IO
20
            IO --> Disk["Storage Device"]
21
        end
22
    end
23

24
    style RQ fill:#ffcdd2
25
    style Lock fill:#ffcdd2
26
    style IO fill:#ffcdd2
27
    style CPU fill:#c8e6c9
28
    style Resource fill:#c8e6c9
29
    style Disk fill:#c8e6c9

Common Indicators of Thread Contention#

Blocked Threads: Threads waiting to acquire locks
High CPU Load: Threads consuming CPU without productive work due to lock waiting
Context Switch Overhead: Frequent switching between threads
Runqueue Latency: Threads waiting longer to be scheduled

eBPF Monitoring Fundamentals#

eBPF allows attachment to various kernel trace points for comprehensive thread monitoring:

Key Attachment Points#

syscalls: System calls related to thread scheduling or locking
tracepoints: Kernel’s internal points of interest
kprobes/uprobes: Dynamic tracing of kernel and user-level functions

eBPF Monitoring Architecture#

1
graph TD
2
    subgraph "eBPF Thread Monitoring Architecture"
3
        UserApp["User Application"]
4
        Kernel["Linux Kernel"]
5

6
        subgraph "eBPF Programs"
7
            Sched["Scheduler Tracing"]
8
            Lock["Lock Monitoring"]
9
            IO["I/O Tracking"]
10
        end
11

12
        subgraph "Data Collection"
13
            Maps["BPF Maps"]
14
            RingBuf["Ring Buffer"]
15
            PerfBuf["Perf Buffer"]
16
        end
17

18
        subgraph "Analysis Tools"
19
            BCC["BCC Tools"]
20
            BPFTrace["bpftrace"]
21
            Custom["Custom Scripts"]
22
        end
23

24
        UserApp --> Kernel
25
        Kernel --> Sched
26
        Kernel --> Lock
27
        Kernel --> IO
28

29
        Sched --> Maps
30
        Lock --> RingBuf
31
        IO --> PerfBuf
32

33
        Maps --> BCC
34
        RingBuf --> BPFTrace
35
        PerfBuf --> Custom
36
    end
37

38
    style Kernel fill:#e8f5e8
39
    style Maps fill:#e1f5fe
40
    style BCC fill:#fff3e0

BCC Tools for Thread Contention#

The BCC (BPF Compiler Collection) toolkit provides pre-built eBPF programs for thread contention analysis.

1. offcputime.py - Off-CPU Time Analysis#

This tool tracks threads’ off-CPU time, a strong indicator of contention caused by waiting for I/O, locks, or other resources.

1
# Monitor off-CPU time for all threads over 10 seconds
2
sudo /usr/share/bcc/tools/offcputime.py -d 10
3

4
# Monitor specific process
5
sudo /usr/share/bcc/tools/offcputime.py -p 1234 -d 10
6

7
# Include user and kernel stack traces
8
sudo /usr/share/bcc/tools/offcputime.py -K -U
9

10
# Filter by minimum duration (microseconds)
11
sudo /usr/share/bcc/tools/offcputime.py -m 1000

Example Output:

1
    target_core_tmr_wq
2
    schedule
3
    schedule_timeout
4
    worker_thread
5
    kthread
6
    ret_from_fork
7
        tmux: server (22640)
8
            1000
9

10
    ep_poll
11
    SyS_epoll_wait
12
    entry_SYSCALL_64_fastpath
13
        ProcessPoolWor (23145)
14
            2000

2. runqlat.py - Run Queue Latency#

Measures thread run queue latency, showing how long threads wait to be scheduled on CPU.

1
# Basic run queue latency monitoring
2
sudo /usr/share/bcc/tools/runqlat.py
3

4
# Monitor with histogram output
5
sudo /usr/share/bcc/tools/runqlat.py -m
6

7
# Monitor specific PID
8
sudo /usr/share/bcc/tools/runqlat.py -p 1234
9

10
# Show per-CPU statistics
11
sudo /usr/share/bcc/tools/runqlat.py --percpu

3. profile.py - CPU Profiling#

General profiling tool for collecting stack traces and identifying blocking threads.

1
# Profile all CPUs for 30 seconds
2
sudo /usr/share/bcc/tools/profile.py -F 99 30
3

4
# Profile specific process
5
sudo /usr/share/bcc/tools/profile.py -p 1234
6

7
# Profile with folded stack output
8
sudo /usr/share/bcc/tools/profile.py -f

4. wakeuptime.py - Thread Wakeup Analysis#

Analyzes what’s waking up threads and causing context switches.

1
# Monitor thread wakeups
2
sudo /usr/share/bcc/tools/wakeuptime.py
3

4
# Monitor specific process wakeups
5
sudo /usr/share/bcc/tools/wakeuptime.py -p 1234

bpftrace Scripts for Custom Monitoring#

bpftrace provides a high-level language for writing custom eBPF monitoring scripts.

1. Runqueue Latency Monitoring#

1
# Monitor runqueue latency with histogram
2
sudo bpftrace -e '
3
tracepoint:sched:sched_wakeup,
4
tracepoint:sched:sched_wakeup_new {
5
    @start[args->pid] = nsecs;
6
}
7

8
tracepoint:sched:sched_switch {
9
    if (args->prev_state == 0) {
10
        $prev_pid = args->prev_pid;
11
        if (@start[$prev_pid]) {
12
            @runq_lat = hist(nsecs - @start[$prev_pid]);
13
            delete(@start[$prev_pid]);
14
        }
15
    }
16
}'

2. Lock Contention Tracing#

1
# Monitor mutex lock contention
2
sudo bpftrace -e '
3
kprobe:mutex_lock {
4
    @lock_start[tid] = nsecs;
5
    printf("Thread %d attempting to acquire lock at %p\n", tid, arg0);
6
}
7

8
kprobe:mutex_unlock {
9
    if (@lock_start[tid]) {
10
        $duration = nsecs - @lock_start[tid];
11
        @lock_duration = hist($duration);
12
        printf("Thread %d held lock for %d ns\n", tid, $duration);
13
        delete(@lock_start[tid]);
14
    }
15
}'

3. Context Switch Analysis#

1
# Analyze context switches and their causes
2
sudo bpftrace -e '
3
tracepoint:sched:sched_switch {
4
    @prev_state[args->prev_state] = count();
5
    @switches = count();
6

7
    if (args->prev_state != 0) {
8
        printf("Thread %d (%s) blocked, state: %d\n",
9
               args->prev_pid, args->prev_comm, args->prev_state);
10
    }
11
}'

4. Thread Wait Time Analysis#

1
# Monitor thread wait times by state
2
sudo bpftrace -e '
3
tracepoint:sched:sched_switch {
4
    if (args->prev_state != 0) {
5
        @sleep_start[args->prev_pid] = nsecs;
6
        @sleep_state[args->prev_pid] = args->prev_state;
7
    }
8
}
9

10
tracepoint:sched:sched_wakeup {
11
    $pid = args->pid;
12
    if (@sleep_start[$pid]) {
13
        $sleep_time = nsecs - @sleep_start[$pid];
14
        $state = @sleep_state[$pid];
15

16
        @wait_time_by_state[$state] = hist($sleep_time);
17

18
        delete(@sleep_start[$pid]);
19
        delete(@sleep_state[$pid]);
20
    }
21
}'

Advanced Custom eBPF Programs#

Comprehensive Thread Contention Monitor#

Create a custom eBPF program for detailed thread contention analysis:

1
#include <vmlinux.h>
2
#include <bpf/bpf_helpers.h>
3
#include <bpf/bpf_tracing.h>
4
#include <bpf/bpf_core_read.h>
5

6
// Data structures for tracking contention
7
struct contention_event {
8
    u32 pid;
9
    u32 tid;
10
    u64 timestamp;
11
    u64 duration;
12
    u32 contention_type;
13
    char comm[16];
14
};
15

16
struct {
17
    __uint(type, BPF_MAP_TYPE_HASH);
18
    __uint(max_entries, 10240);
19
    __type(key, u32);
20
    __type(value, u64);
21
} thread_start_time SEC(".maps");
22

23
struct {
24
    __uint(type, BPF_MAP_TYPE_RINGBUF);
25
    __uint(max_entries, 256 * 1024);
26
} events SEC(".maps");
27

28
// Track runqueue latency
29
SEC("tp/sched/sched_wakeup")
30
int trace_sched_wakeup(struct trace_event_raw_sched_wakeup *ctx) {
31
    u32 pid = ctx->pid;
32
    u64 ts = bpf_ktime_get_ns();
33

34
    bpf_map_update_elem(&thread_start_time, &pid, &ts, BPF_ANY);
35
    return 0;
36
}
37

38
SEC("tp/sched/sched_switch")
39
int trace_sched_switch(struct trace_event_raw_sched_switch *ctx) {
40
    u32 prev_pid = ctx->prev_pid;
41
    u32 next_pid = ctx->next_pid;
42
    u64 ts = bpf_ktime_get_ns();
43

44
    // Handle runqueue latency for incoming thread
45
    u64 *start_ts = bpf_map_lookup_elem(&thread_start_time, &next_pid);
46
    if (start_ts) {
47
        u64 latency = ts - *start_ts;
48

49
        // Only report significant latencies (> 1ms)
50
        if (latency > 1000000) {
51
            struct contention_event *event =
52
                bpf_ringbuf_reserve(&events, sizeof(*event), 0);
53
            if (event) {
54
                event->pid = ctx->next_pid >> 32;
55
                event->tid = next_pid;
56
                event->timestamp = ts;
57
                event->duration = latency;
58
                event->contention_type = 1; // Runqueue contention
59
                bpf_get_current_comm(event->comm, sizeof(event->comm));
60

61
                bpf_ringbuf_submit(event, 0);
62
            }
63
        }
64

65
        bpf_map_delete_elem(&thread_start_time, &next_pid);
66
    }
67

68
    return 0;
69
}
70

71
// Track mutex contention
72
SEC("kprobe/mutex_lock_slowpath")
73
int trace_mutex_lock_slowpath(struct pt_regs *ctx) {
74
    u32 tid = bpf_get_current_pid_tgid();
75
    u64 ts = bpf_ktime_get_ns();
76

77
    bpf_map_update_elem(&thread_start_time, &tid, &ts, BPF_ANY);
78
    return 0;
79
}
80

81
SEC("kretprobe/mutex_lock_slowpath")
82
int trace_mutex_lock_slowpath_ret(struct pt_regs *ctx) {
83
    u32 tid = bpf_get_current_pid_tgid();
84
    u64 ts = bpf_ktime_get_ns();
85

86
    u64 *start_ts = bpf_map_lookup_elem(&thread_start_time, &tid);
87
    if (start_ts) {
88
        u64 duration = ts - *start_ts;
89

90
        struct contention_event *event =
91
            bpf_ringbuf_reserve(&events, sizeof(*event), 0);
92
        if (event) {
93
            event->pid = tid >> 32;
94
            event->tid = tid;
95
            event->timestamp = ts;
96
            event->duration = duration;
97
            event->contention_type = 2; // Mutex contention
98
            bpf_get_current_comm(event->comm, sizeof(event->comm));
99

100
            bpf_ringbuf_submit(event, 0);
101
        }
102

103
        bpf_map_delete_elem(&thread_start_time, &tid);
104
    }
105

106
    return 0;
107
}
108

109
char _license[] SEC("license") = "GPL";

User-Space Consumer Program#

1
#include <stdio.h>
2
#include <stdlib.h>
3
#include <unistd.h>
4
#include <signal.h>
5
#include <time.h>
6
#include <bpf/libbpf.h>
7
#include <bpf/bpf.h>
8

9
struct contention_event {
10
    u32 pid;
11
    u32 tid;
12
    u64 timestamp;
13
    u64 duration;
14
    u32 contention_type;
15
    char comm[16];
16
};
17

18
static volatile bool running = true;
19

20
static void sig_handler(int sig) {
21
    running = false;
22
}
23

24
static const char* contention_type_str(u32 type) {
25
    switch (type) {
26
        case 1: return "RUNQUEUE";
27
        case 2: return "MUTEX";
28
        default: return "UNKNOWN";
29
    }
30
}
31

32
static int handle_event(void *ctx, void *data, size_t data_sz) {
33
    const struct contention_event *e = data;
34
    struct tm *tm;
35
    char ts[32];
36
    time_t t;
37

38
    t = e->timestamp / 1000000000;
39
    tm = localtime(&t);
40
    strftime(ts, sizeof(ts), "%H:%M:%S", tm);
41

42
    printf("%s.%03llu %-15s PID: %u TID: %u DURATION: %llu us TYPE: %s\n",
43
           ts, (e->timestamp % 1000000000) / 1000000,
44
           e->comm, e->pid, e->tid, e->duration / 1000,
45
           contention_type_str(e->contention_type));
46

47
    return 0;
48
}
49

50
int main(int argc, char **argv) {
51
    struct bpf_object *obj;
52
    struct bpf_link *links[4];
53
    struct ring_buffer *rb = NULL;
54
    int err;
55

56
    // Set up signal handlers
57
    signal(SIGINT, sig_handler);
58
    signal(SIGTERM, sig_handler);
59

60
    // Load eBPF program
61
    obj = bpf_object__open_file("thread_contention.bpf.o", NULL);
62
    if (libbpf_get_error(obj)) {
63
        fprintf(stderr, "Failed to open BPF object\n");
64
        return 1;
65
    }
66

67
    err = bpf_object__load(obj);
68
    if (err) {
69
        fprintf(stderr, "Failed to load BPF object: %d\n", err);
70
        goto cleanup;
71
    }
72

73
    // Attach programs to tracepoints and kprobes
74
    links[0] = bpf_program__attach(bpf_object__find_program_by_name(obj, "trace_sched_wakeup"));
75
    links[1] = bpf_program__attach(bpf_object__find_program_by_name(obj, "trace_sched_switch"));
76
    links[2] = bpf_program__attach(bpf_object__find_program_by_name(obj, "trace_mutex_lock_slowpath"));
77
    links[3] = bpf_program__attach(bpf_object__find_program_by_name(obj, "trace_mutex_lock_slowpath_ret"));
78

79
    // Set up ring buffer
80
    rb = ring_buffer__new(bpf_object__find_map_fd_by_name(obj, "events"),
81
                         handle_event, NULL, NULL);
82
    if (!rb) {
83
        fprintf(stderr, "Failed to create ring buffer\n");
84
        goto cleanup;
85
    }
86

87
    printf("Monitoring thread contention... Press Ctrl-C to exit.\n");
88
    printf("TIME      COMM            PID    TID    DURATION TYPE\n");
89

90
    // Poll for events
91
    while (running) {
92
        err = ring_buffer__poll(rb, 100);
93
        if (err < 0 && err != -EINTR) {
94
            fprintf(stderr, "Error polling ring buffer: %d\n", err);
95
            break;
96
        }
97
    }
98

99
cleanup:
100
    ring_buffer__free(rb);
101
    for (int i = 0; i < 4; i++) {
102
        if (links[i]) bpf_link__destroy(links[i]);
103
    }
104
    bpf_object__close(obj);
105

106
    return err < 0 ? 1 : 0;
107
}

Integration with Performance Tools#

Using perf with eBPF#

Combine eBPF with perf for comprehensive analysis:

1
# Record scheduling events
2
sudo perf sched record -a
3

4
# Analyze scheduling latency
5
sudo perf sched latency
6

7
# Show timing details
8
sudo perf sched timehist
9

10
# Generate flame graphs for blocked threads
11
sudo perf record -e cpu-clock -g -p <pid>
12
sudo perf script | ~/FlameGraph/stackcollapse-perf.pl | ~/FlameGraph/flamegraph.pl > flame.svg

System-wide Monitoring Script#

Create a comprehensive monitoring script:

1
#!/bin/bash
2
DURATION=${1:-60}
3
OUTPUT_DIR="thread_monitoring_$(date +%Y%m%d_%H%M%S)"
4

5
mkdir -p "$OUTPUT_DIR"
6

7
echo "Starting comprehensive thread contention monitoring for ${DURATION} seconds..."
8

9
# Start multiple monitoring tools in background
10
sudo /usr/share/bcc/tools/offcputime.py -d $DURATION > "$OUTPUT_DIR/offcpu.txt" &
11
sudo /usr/share/bcc/tools/runqlat.py -d $DURATION > "$OUTPUT_DIR/runqlat.txt" &
12
sudo /usr/share/bcc/tools/wakeuptime.py -d $DURATION > "$OUTPUT_DIR/wakeup.txt" &
13

14
# Custom bpftrace script for lock contention
15
sudo bpftrace -e '
16
kprobe:mutex_lock { @lock_attempts[comm] = count(); }
17
kprobe:mutex_lock_slowpath { @lock_contentions[comm] = count(); }
18
END { printf("\nLock Contention Summary:\n"); print(@lock_attempts); print(@lock_contentions); }
19
' > "$OUTPUT_DIR/locks.txt" &
20

21
# Wait for all background jobs
22
wait
23

24
echo "Monitoring complete. Results saved in $OUTPUT_DIR/"
25

26
# Generate summary report
27
python3 << EOF
28
import os
29
import glob
30

31
print("=== Thread Contention Analysis Summary ===")
32
print(f"Analysis period: {$DURATION} seconds")
33
print(f"Output directory: {$OUTPUT_DIR}")
34

35
# Process results and generate insights
36
for file in glob.glob("$OUTPUT_DIR/*.txt"):
37
    print(f"\n--- {os.path.basename(file)} ---")
38
    with open(file, 'r') as f:
39
        lines = f.readlines()
40
        print(f"Total lines: {len(lines)}")
41
        if lines:
42
            print("Sample output:")
43
            for line in lines[:5]:
44
                print(f"  {line.strip()}")
45
            if len(lines) > 5:
46
                print("  ...")
47
EOF

Performance Monitoring Dashboard#

Real-time Visualization#

Create a simple real-time dashboard using Python:

1
#!/usr/bin/env python3
2
import time
3
import subprocess
4
import curses
5
from collections import defaultdict, deque
6
import json
7

8
class ThreadContentionDashboard:
9
    def __init__(self):
10
        self.stats = defaultdict(lambda: defaultdict(int))
11
        self.history = defaultdict(lambda: deque(maxlen=60))
12

13
    def collect_stats(self):
14
        """Collect thread contention statistics"""
15
        try:
16
            # Collect runqueue latency
17
            result = subprocess.run([
18
                'sudo', '/usr/share/bcc/tools/runqlat.py', '-d', '1'
19
            ], capture_output=True, text=True, timeout=2)
20

21
            if result.returncode == 0:
22
                self.parse_runqlat_output(result.stdout)
23

24
        except subprocess.TimeoutExpired:
25
            pass
26
        except Exception as e:
27
            print(f"Error collecting stats: {e}")
28

29
    def parse_runqlat_output(self, output):
30
        """Parse runqlat output and extract statistics"""
31
        lines = output.strip().split('\n')
32
        for line in lines:
33
            if 'usecs' in line and ':' in line:
34
                # Parse histogram data
35
                parts = line.split()
36
                if len(parts) >= 3:
37
                    range_str = parts[0]
38
                    count = int(parts[-1])
39
                    self.stats['runqlat'][range_str] = count
40

41
    def display_dashboard(self, stdscr):
42
        """Display real-time dashboard"""
43
        stdscr.clear()
44
        stdscr.nodelay(True)
45

46
        while True:
47
            stdscr.clear()
48

49
            # Header
50
            stdscr.addstr(0, 0, "Thread Contention Monitor", curses.A_BOLD)
51
            stdscr.addstr(1, 0, f"Updated: {time.strftime('%H:%M:%S')}")
52
            stdscr.addstr(2, 0, "-" * 60)
53

54
            # Runqueue latency stats
55
            row = 4
56
            stdscr.addstr(row, 0, "Runqueue Latency Distribution:", curses.A_BOLD)
57
            row += 1
58

59
            for range_str, count in sorted(self.stats['runqlat'].items()):
60
                if count > 0:
61
                    bar = "#" * min(count // 10, 50)
62
                    stdscr.addstr(row, 0, f"{range_str:>15}: {count:>6} {bar}")
63
                    row += 1
64

65
            # Instructions
66
            stdscr.addstr(row + 2, 0, "Press 'q' to quit, 'r' to reset stats")
67

68
            stdscr.refresh()
69

70
            # Handle keyboard input
71
            key = stdscr.getch()
72
            if key == ord('q'):
73
                break
74
            elif key == ord('r'):
75
                self.stats.clear()
76
                self.history.clear()
77

78
            # Collect new data
79
            self.collect_stats()
80
            time.sleep(1)
81

82
def main():
83
    dashboard = ThreadContentionDashboard()
84
    curses.wrapper(dashboard.display_dashboard)
85

86
if __name__ == "__main__":
87
    main()

Best Practices and Optimization#

1. Minimize Monitoring Overhead#

1
# Use sampling to reduce overhead
2
sudo bpftrace -e '
3
tracepoint:sched:sched_switch / @[tid] % 100 == 0 / {
4
    // Only sample 1% of events
5
    @switches = count();
6
}'
7

8
# Limit data collection
9
sudo /usr/share/bcc/tools/offcputime.py -m 1000 -M 100000  # 1ms to 100ms range

2. Focus on Critical Threads#

1
# Monitor specific processes
2
sudo /usr/share/bcc/tools/runqlat.py -p $(pgrep -f "critical_app")
3

4
# Monitor by thread name pattern
5
sudo bpftrace -e '
6
tracepoint:sched:sched_switch / strncmp(args->next_comm, "worker", 6) == 0 / {
7
    @worker_switches = count();
8
}'

3. Automated Alert System#

1
#!/bin/bash
2
THRESHOLD_MS=50  # Alert if contention > 50ms
3

4
while true; do
5
    MAX_CONTENTION=$(sudo bpftrace -e '
6
    tracepoint:sched:sched_switch {
7
        if (@start[args->next_pid]) {
8
            $latency = (nsecs - @start[args->next_pid]) / 1000000;
9
            if ($latency > '$THRESHOLD_MS') {
10
                printf("ALERT: High contention %d ms for PID %d\n",
11
                       $latency, args->next_pid);
12
            }
13
        }
14
        @start[args->next_pid] = nsecs;
15
    }' 2>/dev/null | head -1)
16

17
    if [[ -n "$MAX_CONTENTION" ]]; then
18
        # Send alert (email, Slack, etc.)
19
        echo "$MAX_CONTENTION" | mail -s "Thread Contention Alert" admin@company.com
20
    fi
21

22
    sleep 60
23
done

Troubleshooting Common Issues#

1. Permission Issues#

1
# Ensure proper privileges
2
sudo sysctl kernel.perf_event_paranoid=1
3
sudo sysctl kernel.kptr_restrict=0
4

5
# Add user to required groups
6
sudo usermod -a -G bpf $USER

2. Missing Tracepoints#

1
# Check available tracepoints
2
sudo bpftrace -l 'tracepoint:sched:*'
3
sudo bpftrace -l 'kprobe:*mutex*'
4

5
# Verify kernel config
6
zcat /proc/config.gz | grep CONFIG_BPF_EVENTS

3. High Overhead#

1
# Use efficient data structures
2
# Prefer ring buffers over perf buffers for high-frequency events
3
# Use appropriate map types (PERCPU_HASH for per-CPU data)
4
# Implement sampling for high-frequency events

Conclusion#

eBPF provides unparalleled visibility into Linux thread contention at the kernel level. The combination of pre-built tools like BCC and the flexibility of bpftrace enables comprehensive monitoring strategies tailored to specific applications and performance requirements.

Key Takeaways#

Multi-layered Approach: Use different tools for different aspects of contention
Targeted Monitoring: Focus on critical threads and processes to minimize overhead
Automation: Implement automated monitoring and alerting for production systems
Integration: Combine eBPF tools with traditional performance analysis methods

Monitoring Strategy#

Start with BCC tools for quick analysis
Use bpftrace for custom scenarios
Develop custom programs for production monitoring
Integrate with existing monitoring infrastructure
Set up automated alerting for critical thresholds

By implementing these eBPF-based monitoring techniques, you can gain deep insights into thread contention patterns and optimize application performance in production environments.

Resources and Further Reading#

Official Documentation#

Performance Analysis Resources#

Inspired by the original article by Shiv Iyer on LinkedIn