Skip to content
/ SQLive Public

Live Runtime Debugger tool for uprobes using bfttrace

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bahbah94/SQLive

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
sqlive
sqlive
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
setup.sh
setup.sh
 
 
test
test
 
 
test.c
test.c
 
 
webserver
webserver
 
 
webserver.c
webserver.c
 
 
webserver.py
webserver.py
 
 

Repository files navigation

SQLive

Query your running programs with SQL. No code changes. No recompilation.

What is it?

SQLive uses eBPF to observe running programs in real-time and exposes their state via SQL queries.

$ sqlive ./myapp --functions 'process_request,send_response'
sql> SELECT function, COUNT(*) FROM calls GROUP BY function;
function | COUNT(*)
process_request | 1024
send_response | 1024

Quick Start

1. Install

# Clone the repo
git clone https://github.com/bahbah94/SQLive.git
cd sqlive

# Build
cargo build --release

# Install
cd target/release
chmod +x install.sh
./install.sh

2. Run

# Start your app (e.g., a web server)
./myapp &

# Query it with SQLive
#u can place your app inside the cargo folder or outside, so adjust path accordingly
sqlive ../myapp --functions 'handle_request,send_response'

# In the SQL prompt, write queries
sql> SELECT function, COUNT(*) FROM calls GROUP BY function;
sql> SELECT * FROM calls WHERE function='handle_request' LIMIT 10;
sql> SELECT arg0, COUNT(*) FROM calls GROUP BY arg0;

Requirements

  • bpftrace (for eBPF tracing)
  • sudo access (eBPF requires elevated privileges)
  • Linux (eBPF is Linux-only)
  • Binary compiled with debug symbols (gcc -g)

Install bpftrace

# Ubuntu/Debian
sudo apt-get install bpftrace

# Fedora
sudo dnf install bpftrace

# macOS (via Homebrew)
brew install bpftrace

Usage

sqlive <binary_path> --functions <func1,func2,...>

Options:
  -f, --functions    Comma-separated list of functions to trace
  -h, --help         Show help

Example: Web Server

Compile a test web server with debug symbols:

gcc -g -o webserver webserver.c -lpthread
./webserver &

Trace it:

sqlive ./webserver --functions 'handle_users_endpoint,handle_data_endpoint'

Make requests:

curl "http://localhost:8080/api/users?user_id=42"
curl "http://localhost:8080/api/data?user_id=99"

Query:

sql> SELECT function, COUNT(*) FROM calls GROUP BY function;
sql> SELECT arg0, COUNT(*) FROM calls WHERE function='handle_users_endpoint' GROUP BY arg0;

Schema

The calls table has these columns:

  • timestamp — microseconds since boot
  • pid — process ID
  • comm — command name
  • function — function name you're tracing
  • arg0, arg1, arg2 — first three function arguments (as integers)

Limitations

  • Only traces native binaries (C, C++, Go, Rust, etc.)
  • Requires debug symbols in the binary (-g flag)
  • Limited to first 3 arguments
  • eBPF is Linux-only
  • Requires sudo

How it works

  1. Starts bpftrace with uprobes attached to your target functions
  2. Captures function calls + arguments as CSV
  3. Loads CSV into in-memory SQLite on each query
  4. You write SQL to analyze live program behavior

No code changes. No recompilation. Pure observation.

Contributing

Found a bug? Have an idea? Open an issue or PR!

About

Live Runtime Debugger tool for uprobes using bfttrace

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages