Fix Rust uprobe tutorial and add CI tests in dedicated workflow (#197)

* Initial plan

* Fix issue #173: Update Rust uprobe documentation to use debug build and correct function symbol

Co-authored-by: yunwei37 <34985212+yunwei37@users.noreply.github.com>

* Add CI tests for Rust uprobe tutorial (issue #173)

Co-authored-by: yunwei37 <34985212+yunwei37@users.noreply.github.com>

* Update src/37-uprobe-rust/README.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 云微 <1067852565@qq.com>

* Update src/37-uprobe-rust/README.zh.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 云微 <1067852565@qq.com>

* Use wildcard patterns for Rust symbol matching in bpftrace examples

Co-authored-by: yunwei37 <34985212+yunwei37@users.noreply.github.com>

* Add CI test to verify bpftrace can attach to Rust uprobe

Co-authored-by: yunwei37 <34985212+yunwei37@users.noreply.github.com>

* Separate bpftrace tests into new test-bpftrace.yml workflow

Co-authored-by: yunwei37 <34985212+yunwei37@users.noreply.github.com>

---------

Signed-off-by: 云微 <1067852565@qq.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: yunwei37 <34985212+yunwei37@users.noreply.github.com>
Co-authored-by: 云微 <1067852565@qq.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

.github/workflows/test-bpftrace.yml

@@ -0,0 +1,57 @@
+name: Test bpftrace examples
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron:  '0 0 * * 0'
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        submodules: 'recursive'
+    
+    - name: Install Rust toolchain
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        profile: minimal
+        override: true
+    
+    - name: test 37 uprobe-rust helloworld
+      run: |
+        cd src/37-uprobe-rust/helloworld
+        cargo build
+        # Verify the hello function symbol exists in debug build
+        nm target/debug/helloworld | grep "_ZN10helloworld5hello" || (echo "Error: hello function symbol not found in debug build" && exit 1)
+        echo "✓ helloworld debug build has correct hello symbol"
+        
+    - name: test 37 uprobe-rust args
+      run: |
+        cd src/37-uprobe-rust/args
+        cargo build
+        # Verify the hello function symbol exists in debug build
+        nm target/debug/helloworld | grep "_ZN10helloworld5hello" || (echo "Error: hello function symbol not found in debug build" && exit 1)
+        echo "✓ args debug build has correct hello symbol"
+        # Run the binary to ensure it works
+        ./target/debug/helloworld 1 2 3 | grep -q "Hello, world!" || (echo "Error: binary execution failed" && exit 1)
+        echo "✓ args binary runs successfully"
+    
+    - name: test 37 uprobe-rust bpftrace attach
+      run: |
+        cd src/37-uprobe-rust/args
+        # Test that bpftrace can attach to the hello function with wildcard pattern
+        # Run bpftrace with the binary and verify it can trace the function
+        sudo timeout 3 bpftrace -e 'uprobe:target/debug/helloworld:_ZN10helloworld5hello* { printf("traced\n"); exit(); }' -c "./target/debug/helloworld 1" > /tmp/bpftrace_output.txt 2>&1 || true
+        # Check if bpftrace successfully attached and traced the function
+        if grep -q "traced" /tmp/bpftrace_output.txt && grep -q "Attaching 1 probe" /tmp/bpftrace_output.txt; then
+          echo "✓ bpftrace successfully attached to hello function with wildcard pattern"
+        else
+          echo "Error: bpftrace failed to attach or trace the hello function"
+          cat /tmp/bpftrace_output.txt
+          exit 1
+        fi

src/37-uprobe-rust/README.md

@@ -69,9 +69,9 @@ Attaching 1 probe...
 Function hello-world called
 ```
 
-## A strange phenomenon: multiple calls, getting parameters
+## Tracing function calls with multiple invocations and getting return values
 
-For a more complex example, which includes multiple calls and parameter fetching:
+For a more complex example, which includes multiple calls and retrieving return values:
 
 ```rust
 use std::env;
@@ -99,18 +99,33 @@ fn main() {
 }
 ```
 
-We repeat a similar operation and notice a strange phenomenon:
+First, we need to build in debug mode because the `hello` function gets inlined in release mode and won't have its own symbol:
 
 ```console
-$ sudo bpftrace -e 'uprobe:args/target/release/helloworld:_ZN10helloworld4main17h2dce92cb81426b91E { printf("Function hello-world called\n"); }'
+$ cd args
+$ cargo build
+$ nm target/debug/helloworld | grep hello
+0000000000016250 t _ZN10helloworld4main17ha3594bca2af541f6E
+0000000000016540 t _ZN10helloworld5hello17h5f3a03dda56661e1E
+```
+
+Note that in release mode (`cargo build --release`), only the `main` function symbol appears because `hello` gets inlined during optimization.
+
+Now we can trace the `hello` function using its symbol. Since Rust mangles symbol names and includes a hash that changes with each compilation, we use a wildcard pattern to match any version of the `hello` function:
+
+```console
+$ sudo bpftrace -e 'uprobe:target/debug/helloworld:_ZN10helloworld5hello* { printf("Function hello called\n"); }'
 Attaching 1 probe...
-Function hello-world called
+Function hello called
+Function hello called
+Function hello called
+Function hello called
 ```
 
-At this point we expect the hello function to run several times, but bpftrace only prints out one call:
+When we run the program with multiple arguments, bpftrace correctly catches all calls to the `hello` function:
 
 ```console
-$ args/target/release/helloworld 1 2 3 4
+$ ./target/debug/helloworld 1 2 3 4
 Hello, world! 1 in 5
 return value: 6
 Hello, world! 2 in 5
@@ -121,29 +136,18 @@ Hello, world! 4 in 5
 return value: 9
 ```
 
-And it appears that bpftrace cannot correctly get the parameter:
+We can also get the return value using Uretprobe. Again, we use a wildcard to match the symbol:
 
 ```console
-$ sudo bpftrace -e 'uprobe:args/target/release/helloworld:_ZN10helloworld4main17h2dce92cb81426b91E { printf("Function hello-world called %d\n"
-, arg0); }'
+$ sudo bpftrace -e 'uretprobe:target/debug/helloworld:_ZN10helloworld5hello* { printf("Function hello returned: %d\n", retval); }'
 Attaching 1 probe...
-Function hello-world called 63642464
+Function hello returned: 6
+Function hello returned: 7
+Function hello returned: 8
+Function hello returned: 9
 ```
 
-The Uretprobe did catch the return value of the first call:
-
-```console
-$ sudo bpftrace -e 'uretprobe:args/tar
-get/release/helloworld:_ZN10helloworld4main17h2dce92
-cb81426b91E { printf("Function hello-world called %d
-\n", retval); }'
-Attaching 1 probe...
-Function hello-world called 6
-```
-
-This may due to Rust does not have a stable ABI. Rust, as it has existed so far, has reserved the right to order those struct members any way it wants. So the compiled version of the callee might order the members exactly as above, while the compiled version of the programming calling into the library might think its actually laid out like this:
-
-TODO: Further analysis (to be continued)
+Note: The wildcard pattern `_ZN10helloworld5hello*` matches the `hello` function symbol regardless of the hash suffix that Rust adds during compilation. You can use `nm target/debug/helloworld | grep hello` to see the exact symbol names if needed.
 
 ## References
 

src/37-uprobe-rust/README.zh.md

@@ -67,9 +67,9 @@ Attaching 1 probe...
 Function hello-world called
 ```
 
-## 一个奇怪的现象：多次调用、获取参数
+## 追踪多次调用的函数并获取返回值
 
-对于一个更复杂的例子，包含多次调用和获取参数：
+对于一个更复杂的例子，包含多次调用并演示如何获取返回值：
 
 ```rust
 use std::env;
@@ -97,18 +97,33 @@ fn main() {
 }
 ```
 
-我们再次进行类似的操作，会发现一个奇怪的现象：
+首先，我们需要使用 debug 模式构建，因为 `hello` 函数在 release 模式下会被内联，不会有自己的符号：
 
 ```console
-$ sudo bpftrace -e 'uprobe:args/target/release/helloworld:_ZN10helloworld4main17h2dce92cb81426b91E { printf("Function hello-world called\n"); }'
+$ cd args
+$ cargo build
+$ nm target/debug/helloworld | grep hello
+0000000000016250 t _ZN10helloworld4main17ha3594bca2af541f6E
+0000000000016540 t _ZN10helloworld5hello17h5f3a03dda56661e1E
+```
+
+注意，在 release 模式（`cargo build --release`）下，只会出现 `main` 函数符号，因为 `hello` 在优化过程中被内联了。
+
+现在我们可以使用符号来追踪 `hello` 函数。由于 Rust 会对符号名称进行混淆并加入每次编译都会变化的哈希值，我们使用通配符模式来匹配任何版本的 `hello` 函数：
+
+```console
+$ sudo bpftrace -e 'uprobe:target/debug/helloworld:_ZN10helloworld5hello* { printf("Function hello called\n"); }'
 Attaching 1 probe...
-Function hello-world called
+Function hello called
+Function hello called
+Function hello called
+Function hello called
 ```
 
-这时候我们希望 hello 函数运行多次，但 bpftrace 中只输出了一次调用：
+当我们使用多个参数运行程序时，bpftrace 正确地捕获了所有对 `hello` 函数的调用：
 
 ```console
-$ args/target/release/helloworld 1 2 3 4
+$ ./target/debug/helloworld 1 2 3 4
 Hello, world! 1 in 5
 return value: 6
 Hello, world! 2 in 5
@@ -119,29 +134,18 @@ Hello, world! 4 in 5
 return value: 9
 ```
 
-而且看起来 bpftrace 并不能正确获取参数：
+我们也可以使用 Uretprobe 来获取返回值。同样，我们使用通配符来匹配符号：
 
 ```console
-$ sudo bpftrace -e 'uprobe:args/target/release/helloworld:_ZN10helloworld4main17h2dce92cb81426b91E { printf("Function hello-world called %d\n"
-, arg0); }'
+$ sudo bpftrace -e 'uretprobe:target/debug/helloworld:_ZN10helloworld5hello* { printf("Function hello returned: %d\n", retval); }'
 Attaching 1 probe...
-Function hello-world called 63642464
+Function hello returned: 6
+Function hello returned: 7
+Function hello returned: 8
+Function hello returned: 9
 ```
 
-Uretprobe 捕捉到了第一次调用的返回值：
-
-```console
-$ sudo bpftrace -e 'uretprobe:args/tar
-get/release/helloworld:_ZN10helloworld4main17h2dce92
-cb81426b91E { printf("Function hello-world called %d
-\n", retval); }'
-Attaching 1 probe...
-Function hello-world called 6
-```
-
-这可能是由于 Rust 没有稳定的 ABI。 Rust，正如它迄今为止所存在的那样，保留了以任何它想要的方式对这些结构成员进行排序的权利。 因此，被调用者的编译版本可能会完全按照上面的方式对成员进行排序，而调用库的编程的编译版本可能会认为它实际上是这样布局的：
-
-TODO: 进一步分析（未完待续）
+注意：通配符模式 `_ZN10helloworld5hello*` 可以匹配 `hello` 函数符号，无论 Rust 在编译时添加了什么哈希后缀。如果需要，你可以使用 `nm target/debug/helloworld | grep hello` 来查看确切的符号名称。
 
 ## 参考资料