fix(userspace/libsinsp): multiple fixes related to rawargs.

[FedeDP]

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area libsinsp

Does this PR require a change in the driver versions?

What this PR does / why we need it:

Firstly, properly refresh m_arginfo and m_customfield type and print format given current event while extracting rawarg values.
Secondly, properly support PT_FLAGS, PT_ENUMFLAGS, PT_UID and PT_GID types in rawval_to_json and rawval_to_string.
Lastly, honor PF_HEX print format for 8,16,32bits types.

Also, added a test.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

These issues were found by @Andreagit97 while working on the syscall enter dropping (#2068)

Does this PR introduce a user-facing change?:

fix(userspace/libsinsp): multiple fixes related to rawargs.

[FedeDP]

/milestone 0.19.0

[FedeDP]

We did not support FLAGS and ENUMFLAGS in rawval_to_{json,string}.

[FedeDP]

Fix print format for 8,16,32bits types for PF_HEX.

[FedeDP]

Use m_argname here that is exactly the same as m_arginfo->name.

[FedeDP]

Per-comment: store the first one found to allow proper compilation of filters on this field; this works fine unless we have an event param, eg: flags, that in an event is int type, and in another is string type.
That's not the case right now.

[FedeDP]

Store correct field type and print format from the being-extracted event.

[FedeDP]

/cc @jasondellaluce @Andreagit97 @LucaGuerra

[github-actions]

Perf diff from master - unit tests

     9.25%     -2.50%  [.] sinsp::next
     0.52%     +0.80%  [.] sinsp_evt::get_ts
    10.22%     -0.74%  [.] sinsp_parser::reset
     4.34%     +0.74%  [.] next
     5.16%     -0.73%  [.] sinsp_evt::get_type
     1.24%     -0.71%  [.] sinsp_evt::get_param
     1.55%     +0.60%  [.] sinsp::fetch_next_event
     0.93%     -0.57%  [.] scap_file_test_helpers::capture_search_evt_by_num
     1.19%     -0.50%  [.] std::_Hashtable<long, std::pair<long const, std::shared_ptr<sinsp_threadinfo> >, std::allocator<std::pair<long const, std::shared_ptr<sinsp_threadinfo> > >, std::__detail::_Select1st, std::equal_to<long>, std::hash<long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::find
     0.72%     -0.47%  [.] std::_Hashtable<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libsinsp::state::dynamic_struct::field_info>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libsinsp::state::dynamic_struct::field_info> >, std::__detail::_Select1st, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::_M_insert_unique_node

Heap diff from master - unit tests

peak heap memory consumption: -384B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Benchmarks diff from master

Comparing gbench_data.json to /root/actions-runner/_work/libs/libs/build/gbench_data.json
Benchmark                                                         Time             CPU      Time Old      Time New       CPU Old       CPU New
----------------------------------------------------------------------------------------------------------------------------------------------
BM_sinsp_split_mean                                            +0.0991         +0.0991           155           170           155           170
BM_sinsp_split_median                                          +0.1007         +0.1007           155           170           155           170
BM_sinsp_split_stddev                                          -0.7647         -0.7648             3             1             3             1
BM_sinsp_split_cv                                              -0.7859         -0.7860             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_mean                  +0.0201         +0.0201            56            57            56            57
BM_sinsp_concatenate_paths_relative_path_median                +0.0228         +0.0228            56            57            56            57
BM_sinsp_concatenate_paths_relative_path_stddev                +0.2933         +0.2932             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_cv                    +0.2678         +0.2676             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_mean                     -0.0284         -0.0284            24            24            24            24
BM_sinsp_concatenate_paths_empty_path_median                   -0.0296         -0.0296            24            24            24            24
BM_sinsp_concatenate_paths_empty_path_stddev                   +1.8731         +1.8587             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_cv                       +1.9572         +1.9423             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_mean                  +0.0131         +0.0131            56            56            56            56
BM_sinsp_concatenate_paths_absolute_path_median                +0.0150         +0.0149            55            56            55            56
BM_sinsp_concatenate_paths_absolute_path_stddev                -0.5197         -0.5182             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_cv                    -0.5259         -0.5244             0             0             0             0
BM_sinsp_split_container_image_mean                            -0.0133         -0.0133           398           393           398           393
BM_sinsp_split_container_image_median                          -0.0140         -0.0140           399           393           399           393
BM_sinsp_split_container_image_stddev                          -0.2666         -0.2679             4             3             4             3
BM_sinsp_split_container_image_cv                              -0.2567         -0.2580             0             0             0             0

[codecov]

Codecov Report

Attention: Patch coverage is 79.48718% with 8 lines in your changes missing coverage. Please review.

Project coverage is 74.56%. Comparing base (b296470) to head (d0c002f).
Report is 4 commits behind head on master.

Files with missing lines	Patch %	Lines
userspace/libsinsp/sinsp_filtercheck.cpp	50.00%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2130      +/-   ##
==========================================
+ Coverage   74.46%   74.56%   +0.10%     
==========================================
  Files         254      254              
  Lines       33333    33369      +36     
  Branches     5733     5720      -13     
==========================================
+ Hits        24820    24881      +61     
+ Misses       8509     8485      -24     
+ Partials        4        3       -1     

Flag	Coverage Δ
libsinsp	74.56% <79.48%> (+0.10%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[FedeDP]

This issue is still present: even f the addr arg for brk event is an uint64_t, the initial filter arginfo is set to the first addr found in the event_table, ie: PPME_SOCKET_BIND_X that has a PT_SOCKADDR addr argument.
PT_SOCKADDR is not a comparable type (see filter_compare.cpp flt_is_comparable function) therefore we are not able to compile any filter against it.
NOTE: this was an issue already present on master.

[Andreagit97]

yep not sure what to do here, one thing could be to rename some parameters to avoid the issue. We should reach a point where params with the same name have the same type, but yes this would be a breaking change...

[FedeDP]

/hold

[Andreagit97]

i would just remove this since we have already found a corner case (addr). Maybe we could list here all the cases we are aware of, for example for now addr

[FedeDP]

Yep i am afraid that we forgot once again 😆

[Andreagit97]

yep not sure what to do here, one thing could be to rename some parameters to avoid the issue. We should reach a point where params with the same name have the same type, but yes this would be a breaking change...

[FedeDP]

Rebased on top of latest master to make use of new cncf provided arm64 runners.

[Andreagit97]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Andreagit97,FedeDP]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[FedeDP]

/unhold