[CSM] Fix syscall based drift events #25704
Conversation
Test changes on VMUse this command from test-infra-definitions to manually test this PR changes on a VM: inv create-vm --pipeline-id=34718488 --os-family=ubuntu |
Gui774ume
force-pushed
the
will/fix-syscall-anomaly-event
branch
from
805a0aa
to
9a96bf5
Compare
Regression DetectorRegression Detector ResultsRun ID: 7e7c1346-a045-42fd-8fe2-10dc0eb209c4 Performance changes are noted in the perf column of each table:
No significant changes in experiment optimization goalsConfidence level: 90.00% There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
|
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +2.47 | [-18.59, +23.53] |
| ➖ | pycheck_1000_100byte_tags | % cpu utilization | +0.59 | [-4.12, +5.29] |
| ➖ | trace_agent_msgpack | ingress throughput | +0.01 | [+0.00, +0.02] |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.00 | [-0.20, +0.20] |
| ➖ | trace_agent_json | ingress throughput | -0.00 | [-0.03, +0.03] |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.05, +0.04] |
| ➖ | otel_to_otel_logs | ingress throughput | -0.08 | [-0.43, +0.28] |
| ➖ | basic_py_check | % cpu utilization | -0.24 | [-2.73, +2.26] |
| ➖ | idle | memory utilization | -0.25 | [-0.29, -0.20] |
| ➖ | file_tree | memory utilization | -0.67 | [-0.80, -0.54] |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -2.04 | [-4.84, +0.76] |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
Gui774ume
force-pushed
the
will/fix-syscall-anomaly-event
branch
from
9a96bf5
to
dd0ed63
Compare
|
/merge |
|
🚂 MergeQueue Pull request added to the queue. There are 2 builds ahead! (estimated merge in less than 1h) Use |
What does this PR do?
This PR improves how we generate drift events for syscalls past the initial activity dump learning period. Leveraging the same aggregation / conditional send logique, we're now leveraging the same event type for both the syscalls collection events during the activity dump learning period, and the syscall based drift events.
Motivation
This change is necessary to make syscall drift events work while ensuring we won't spam events because of poorly profiled workloads.
Additional Notes
Although the list of syscalls is collected and recorded in dumps per process, their evaluation is based on a flattened list that contains all the syscalls made across all processes.
Describe how to test/QA your changes
syscallsand make sure a syscall anomaly detection event is sent: