Add ETW event manifest for high frequency events #3830
Conversation
mtfriesen
changed the title
mtfriesen
requested review from
dthaler,
poornagmsft,
Alan-Jowett,
saxena-anurag,
shankarseal,
dv-msft,
gtrevi,
shpalani,
matthewige and
rectified95
as code owners
|
The |
Good point. If eBPF is installed locally, then there is no need for the -manpath, but for developer/support scenarios, it is likely that eBPF will not be locally installed on dev boxes. |
Signed-off-by: Alan Jowett <[email protected]>
|
@mtfriesen This PR appears to break the redirection logic in usersim that captures events written via TraceLog. All the test failure are because the tests is expecting tracelog events to be printed to console but none are showing up. |
|
@mtfriesen should we move this PR to draft, since this is not actively being worked on? |
|
@mtfriesen if you are not planning to work on this PR, please abandon. |
Description
Describe the purpose of and changes within this Pull Request.
eBPF is missing diagnostics on its hottest code paths, namely the program invocation APIs. These were intentionally missing for performance reasons, as the TraceLogging APIs are convenient for developers, but have relatively high CPU, memory, and log size footprints.
For maximum performance on these critical paths, add an ETW manifest and trace minimal entry/exit events. Install the manifest via MSI and include the .man file in the redist nuget. The ETW manifest uses the same GUID, provider name, and keyword mappings as the existing TraceLogging provider, which simplifies consumption of the events.
Resolves #3829
Testing
Do any existing tests cover this change? Are new tests needed?
Verified traces locally.
Documentation
Is there any documentation impact for this change?
N/A because the manifested events can be collected and consumed using the same techniques as existing TraceLogging.
Installation
Is there any installer impact for this change?
Yes.