syscall.go - Katyusha's blog

katyusha

公告

ブログへようこそ！これはサンプルの告知です

Learn More

标签

katyusha

公告

ブログへようこそ！これはサンプルの告知です

Learn More

标签

CS149 CSAPP eBPF Lab Modern C++ NJU OS

katyusha

公告

ブログへようこそ！これはサンプルの告知です

Learn More

标签

CS149 CSAPP eBPF Lab Modern C++ NJU OS

站点统计

文章

42

分类

5

标签

6

总字数

114,178

运行天数

0 天

最后活动

0 天前

syscall.go

Go Source File · 79 lines

1
package detector
2

3
import (
4
  "time"
5

6
  "github.com/os2026/ebpf-rca/internal/collector"
7
)
8

9
// 单个 syscall 累计耗时超过该比例(ms/秒)视为"高耗时热点"，与高频热点并列触发。
10
const syscallTimeMsPerSecFloor = 300.0
11

12
// SyscallSignal 表示一次已确认的系统调用热点异常。
13
type SyscallSignal struct {
14
  Sample      collector.SyscallSample
15
  WindowStart time.Time
16
  WindowEnd   time.Time
17
}
18

19
// SyscallDetector 检测高频或高耗时的 (进程, syscall) 热点。
20
type SyscallDetector struct {
21
  CallsPerSecFloor float64
22
  SustainTicks     int
23
  counters         map[uint64]int
24
  firstSeen        map[uint64]time.Time
25
  fired            map[uint64]bool
26
}
27

28
// NewSyscallDetector 构造检测器（阈值为每秒调用次数）。
29
func NewSyscallDetector(callsPerSecFloor float64, sustain int) *SyscallDetector {
30
  if sustain < 1 {
31
    sustain = 1
32
  }
33
  return &SyscallDetector{
34
    CallsPerSecFloor: callsPerSecFloor,
35
    SustainTicks:     sustain,
36
    counters:         make(map[uint64]int),
37
    firstSeen:        make(map[uint64]time.Time),
38
    fired:            make(map[uint64]bool),
39
  }
40
}
41

42
func scSigKey(pid, nr uint32) uint64 { return uint64(pid)<<32 | uint64(nr) }
43

44
// Detect 处理一个窗口的样本，返回本窗口新触发的热点信号。
45
func (d *SyscallDetector) Detect(samples []collector.SyscallSample, now time.Time) []SyscallSignal {
46
  active := make(map[uint64]bool, len(samples))
47
  var signals []SyscallSignal
48

49
  for _, s := range samples {
50
    hot := s.CallsPerSec >= d.CallsPerSecFloor || s.TotalMsPerSec >= syscallTimeMsPerSecFloor
51
    if !hot {
52
      continue
53
    }
54
    k := scSigKey(s.Pid, s.Nr)
55
    active[k] = true
56
    if d.counters[k] == 0 {
57
      d.firstSeen[k] = now
58
    }
59
    d.counters[k]++
60
    if d.counters[k] >= d.SustainTicks && !d.fired[k] {
61
      d.fired[k] = true
62
      signals = append(signals, SyscallSignal{
63
        Sample:      s,
64
        WindowStart: d.firstSeen[k],
65
        WindowEnd:   now,
66
      })
67
    }
68
  }
69

70
  for k := range d.counters {
71
    if !active[k] {
72
      delete(d.counters, k)
73
      delete(d.firstSeen, k)
74
      delete(d.fired, k)
75
    }
76
  }
77
  return signals
78
}

Katyusha's blog

目录