Previously, map.lookup_or_init() may cause unexpected
return from the function when lookup finds no element and
init failed e.g. due to unlikely racy update or
sometimes hash table full.
This has caught surprise from many users. So, the commit
  https://github.com/iovisor/bcc/commit/ba64f031f2435aad5a85f8f37dbbe2a982cbbe6b
attempts to remove the early return in map.lookup_or_init().
But then since NULL pointer could be returned,
user will need to change their bpf program to check return value,
otherwise, verifier will reject the program.

As described in the above, such an API behavior change may cause
verifier failure and reject previously loadable bpf programs.
bcc should try to maintain API stability, esp. to avoid subtle
API behavior change.

This patch propose to restore the behavior of map.lookup_or_init()
and introduce a new one map.lookup_or_try_init(), which will
avoid unexpected return. The name is suggested by Alexei
to reflect that init may fail. map.lookup_or_try_init() will be formally
documented and used in bcc. A warning will be generated if
map.lookup_or_init() is used. Documentation will make it clear
that map.lookup_or_try_init() is preferred over map.lookup_or_init().

```
-bash-4.4$ sudo ./syscount.py
/virtual/main.c:71:11: warning: lookup_or_init() may return from the function, use loopup_or_try_init() instead.
    val = data.lookup_or_init(&key, &zero);
          ^
1 warning generated.
Tracing syscalls, printing top 10... Ctrl+C to quit.
...
```

All uses in examples and tools are converted to use
lookup_or_try_init(). Most tests are converted to use
lookup_or_try_init() too except test_trace_maxactive.py
and test_tracepoint.py to test lookup_or_init()
functionality.

* Allow lookup_or_init to return NULL (rather than just returning from the current function)
* Fixed a couple of bad edits found when running tests. Also fixed a bug in the
test runner. Also fixed a bug in libbcc where the python signature did not match
the actual implementation.

In #2063, syscount's syscall mapping was moved into its own module.
Unfortunately, that broke the "print list of recognized syscalls and
exit" usage of syscount. Fix it by importing the syscall mapping from
the new module.

* Reduce instrumentation overhead with the sys_enter and sys_exit tracepoints

The ucalls script initially used kprobes and kretprobes on each of the
hundreds of syscalls functions in the system.  This approach causes a
large number of probes to be set up at the start and removed at the
conclusion of the script's execution resulting in slow start up.

Like the syscount.py script the ucall syscall instrumentation has been
modified to use the sys_enter and sys_exit tracepoints.  This only
requires the installation and removal of one or two tracepoints to
implement and results in much shorter times to start and stop the
ucalls script.

Another benefit of this change is syscalls on newer kernels will be
monitored with the "-S" option.  The regular expression used to find
the locations for the kprobes and kretprobes for all the possible
syscall functions would not would match the syscall function naming
convention in newer kernels.

* Update ucalls_examples.txt to match current "-S" option output

* Add required "import subprocess" and remove unneeded "global syscalls"

* Factor out the syscall_name code into a separate python module syscall.py

Multiple scripts are going to find the syscall_name() function useful
when using the syscall tracepoints.  Factoring out this code into a
separate python module avoids having to replicate this code in
multiple scripts.

* Use the syscall_name() function in syscount.py to make it more compact.

* Update the default syscall mappings and the way that they were generated

The default table was missing some newer syscall mapping. Regenerated
the table using the syscallent.h file from Fedora 30
strace-4.25-1.fc30.src.rpm.  Also updated the comment with the command
actually used to generate the mappings.

* Add license information and upsdate the syscalls

The default x86_64 syscall dictionary mapping syscalls numbers to
names has been updated. The following syscall x86_64 names have been
updated:

    18: b"pwrite64",
    60: b"exit",
    166: b"umount2",

The following syscall x86_64 have been added:

    313: b"finit_module",
    314: b"sched_setattr",
    315: b"sched_getattr",
    316: b"renameat2",
    317: b"seccomp",
    318: b"getrandom",
    319: b"memfd_create",
    320: b"kexec_file_load",
    321: b"bpf",
    322: b"execveat",
    323: b"userfaultfd",
    324: b"membarrier",
    325: b"mlock2",
    326: b"copy_file_range",
    327: b"preadv2",
    328: b"pwritev2",
    329: b"pkey_mprotect",
    330: b"pkey_alloc",
    331: b"pkey_free",
    332: b"statx",
    333: b"io_pgetevents",
    334: b"rseq",

* Eliminate stderr output and use of shell features

Redirect all stderr output so it isn't seen.  Also avoid use of the
shell pipe and tail command.  Just strip off the first line in the
python code instead.

* Update lib/ucalls.py smoke test to required linux-4.7

The use of tracepoints in the ucalls.py requires linux-4.7. Changed
the test to only run with a suitable kernel.  The libs/ucalls.py
script is no longer inserting hundreds of kprobes and is much faster
as a result, so removed the timeout adjustment and the comment about
it being slow.

It's useful to know each syscall's total latency
in that period, but not the latency of the last time
in that period.

Signed-off-by: Ahao Mu <muahao@linux.alibaba.com>

* Add -d (duration) option to argdist, funclatency and syscount

* Add -d option to man pages and _example.txt

subprocess.check_output() returns a bytes array in python3 while it
returns str in python2. To improve the compatibility, convert the
related fields to bytes arrays and print them with printb().

Signed-off-by: Gary Lin <glin@suse.com>

Several python tools allow their eBPF code to be printed to
stdout for debugging.  There are other projects that would
like to share these program definitions however, instead of
duplicating code.  We previously agreed on an --ebpf option
and we now continue adding it to more tools.

Signed-off-by: Nathan Scott <nathans@redhat.com>

Similar to `--filter` which reports all failing syscalls,
`--errno=ENOENT` reports syscalls failing with the specified errno value.

```
$ sudo bcc/tools/syscount.py -e ENOENT
Tracing syscalls, printing top 10... Ctrl+C to quit.
^C[12:07:13]
SYSCALL                   COUNT
open                        330
stat                        240
access                       63
execve                       22
readlink                      3
```

This prevents 'tools/syscount' from using incorrect system
call descriptions if the 'ausyscall' command is not found.
In this case, it uses a lookup table as a fallback. This,
however, is compliant with x86_64 only.

For now, we fix this by raising an exception and exiting if
the 'ausyscall' executable is not available for non-x86_64
systems instead of having additional lookup tables for other
architectures.

Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

If ausyscall is installed, it can provide a clean, up-to-date list of
syscall numbers for the current architecture. This is much more useful
than the default hardcoded list for x86-64, which is currently used by
syscount.

Try to run `ausyscall --dump` and parse the output before resorting to
the static list. Tested on FC/Linux 4.9 and produces 327 syscalls.

Resolves #1001.

* Travis CI build to check compliance with PEP8

* argdist: linter cleanup

* dbslower: linter cleanup

* dbstat: linter cleanup

* memleak: linter cleanup

* syscount: linter cleanup

* tplist: linter cleanup

* trace: linter cleanup

* ucalls: linter cleanup

* uflow: linter cleanup

* ugc: linter cleanup

* uobjnew: linter cleanup

* ustat: linter cleanup

This new tool attaches to the raw_syscalls:sys_enter and sys_exit
tracepoints, and collects frequency counts and optionally latencies
of syscalls (aggregated by syscall or by process). It is a fairly
natural and efficient extension of Brendan Gregg's syscount from
perf-tools. Options include latency tracing, interval printouts,
process filtering, summarizing only failed syscalls, and more.

NOTE:
The translation of syscall numbers to names is performed using a
static list, borrowed from strace sources. It is accurate up to
syscall 313, and does not include the bpf() syscall, for example.
Also, it is only relevant for x86_64.

Basic example:

```
$ syscount -P
Tracing syscalls, printing top 10... Ctrl+C to quit.
[10:13:21]
PID    COMM               COUNT
30216  sshd                 533
31391  vi                   494
25188  screen               134
25776  mysqld                24
31394  python                10
494    systemd-journal        5
^C

$ syscount -L
Tracing syscalls, printing top 10... Ctrl+C to quit.
[10:13:34]
SYSCALL                   COUNT        TIME (us)
select                      132      1902458.009
nanosleep                   166        11136.305
write                        89           41.308
ftruncate                     1           33.217
stat                          1           22.117
fstat                         1            6.134
[unknown: 321]               28            4.553
ioctl                         7            4.544
wait4                       166            3.962
timerfd_settime               1            3.786
^C
```

Related: #786