monitor_syscalls.bt

#!/usr/bin/bpftrace

tracepoint:syscalls:sys_enter_io_uring_setup
{
	@sys_enter_io_uring_setup[comm] = count();
}


tracepoint:syscalls:sys_enter_io_uring_enter
{
	@sys_enter_io_uring_enter[comm] = count();
}

tracepoint:syscalls:sys_enter_openat
{
	@sys_enter_openat[comm] = count();
}

tracepoint:syscalls:sys_enter_read
{
	@sys_enter_read[comm] = count();
}

tracepoint:syscalls:sys_enter_write
{
	@sys_enter_write[comm] = count();
}

tracepoint:syscalls:sys_enter_fsync
{
	@sys_enter_fsync[comm] = count();
}

tracepoint:syscalls:sys_enter_close
{
	@sys_enter_close[comm] = count();
}

tracepoint:syscalls:sys_enter_mmap
{
	@sys_enter_mmap[comm] = count();
}

// Programs are executed by first making execve syscall
tracepoint:syscalls:sys_enter_execve
{
	@execve_call_time[tid] = nsecs;
}

// All test programs must call getpid first so we know we have hit main()
tracepoint:syscalls:sys_exit_getpid
/@execve_call_time[tid]/
{
	@time_to_main[comm] = (nsecs - @execve_call_time[tid]);
	delete(@execve_call_time[tid]);
}