@llvm We shouldn't parse /proc anymore: we should rely on BPF instead. /usr/bin/ls shows /proc is empty, because reading a file from procfs essentially amounts to a system call. Reading the same information with BPF will be both faster and (in terms of system load) cheaper for large reads. Notably BPF relies on libllvm's JIT!
@llvm You bet: that's why BPF needs a JIT! Here is a tutorial with examples: https://bpftrace.org/hol/intro Here is an actual tracer: https://github.com/chaiken/BPF-sandbox/tree/main/investigate-PCIe-lockup With systemd integration, the tracer starts at boot and prints into the syslog.
Sadly, libllvm and its dependencies are a bit large, and won't necessarily fit on storage of embedded devices.
When you run /usr/bin/top, you can see that top itself uses a lot of CPU. All that is reading /proc. Someone should rewrite top, and yeah, my patches would be welcome.
@llvm Two more notes: I've read that Windows is adding support for BPF. Also, one need not use bpftrace: there are many precompiled binary utilities: https://www.brendangregg.com/ebpf.html#bcctools