没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Systemtap tutorial
Frank Ch. Eigler <fche@redhat.com>
June 29, 2012
Contents
1 Introduction 2
2 Tracing 2
2.1 Where to probe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 What to print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Analysis 6
3.1 Basic constructs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Target variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.3 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.4 Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.5 Aggregates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.6 Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 Tapsets 11
4.1 Automatic selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.2 Probe point aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.3 Embedded C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.4 Naming conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5 Further information 16
A Glossary 16
B Errors 16
B.1 Parse erro rs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
B.2 Type errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
B.3 Symbol errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
B.4 Probing errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1
B.5 Runtime errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
C Acknowledgments 18
1 Introduction
Systemtap is a tool that allows developers and administrators to write and reuse simple scripts to deeply
examine th e activities of a live Linux system. Data may be extracted, filtered, and summarized quickly and
safely, to enable diagnoses of complex performance or functional problems.
NOTE: This tutorial does not describe every feature available in systemtap. Please see the individual stap
manual pages for the most up-to-date info rmation. These may be available installed on your system, or at
http://sourceware.org/systemtap/man/.
The essential idea behind a systemtap script is to name events, and to give them handlers. Whenever a
specified eve nt occurs, the Linux kernel runs th e handler as if it were a quick subroutine, then resumes.
There are several kind of events, such as entering or exiting a function, a timer expiring, or the entire
systemtap session starting or stopping. A handler is a series of script language statements that specify the
work to b e done whenever the event occurs. This work normally includes extracting dat a from the event
context, sto ring them into internal variables, or printing results.
Systemtap wo rks by translating the script to C, running the system C compiler to create a kernel module
from that. When the module is loaded, it activates all the probed events by hooking into the ke rnel. Then,
as events occur on any processor, the compiled handlers run. Eventually, the session stops, the hooks are
disconnected, and the module removed. This entire process is driven from a single command-line program,
stap.
# cat hello-world.stp
probe begin
{
print ("hello world\n")
exit ()
}
# stap hello-world.stp
hello world
Figure 1: A systemt ap smoke test.
This paper assumes that you have installed systemtap and its prerequisite kernel development tools and
debugging data, so that you can run the scripts such as the simple one in Figure 1. Log on as root, or even
better, login as a user that is a member of stapdev group or as a user authorized to sudo, before running
systemtap.
2 Tracing
The simplest kind of pr obe is simply to trace an event. This is the effect of inserting strategically located
print statements into a pr ogram. This is often the first step of problem solving: explore by seeing a history
of what has happened.
2
# cat strace-open.stp
probe syscall.open
{
printf ("%s(%d) open (%s)\n", execname(), pid(), argstr)
}
probe timer.ms(4000) # after 4 seconds
{
exit ()
}
# stap strace-open.stp
vmware-guestd(2206) open ("/etc/redhat-release", O_RDONLY)
hald(2360) open ("/dev/hdc", O_RDONLY|O_EXCL|O_NONBLOCK)
hald(2360) open ("/dev/hdc", O_RDONLY|O_EXCL|O_NONBLOCK)
hald(2360) open ("/dev/hdc", O_RDONLY|O_EXCL|O_NONBLOCK)
df(3433) open ("/etc/ld.so.cache", O_RDONLY)
df(3433) open ("/lib/tls/libc.so.6", O_RDONLY)
df(3433) open ("/etc/mtab", O_RDONLY)
hald(2360) open ("/dev/hdc", O_RDONLY|O_EXCL|O_NONBLOCK)
Figure 2: A taste of systemtap: a system-wide strace, just for the open system call.
This style of instrumentation is the simplest. It just asks systemtap to print something at each event. To
express this in the script language, you need to say where to probe and what to print ther e.
2.1 Where to probe
Systemtap supports a number of built-in eve nt s. The librar y of scripts that comes with systemtap, each called
a “tapset”, may define additional ones d efined in terms of the built-in family. See the stapprobes man page
for details on these and many other probe point families. All these events are named using a unified
syntax with dot-separated parameterized identifiers:
begin The startup of the systemtap session.
end The end of the systemtap session.
kernel.function("sys_open") The entry to the function named sys_open in the kernel.
syscall.close.return The return from the close system call.
module("ext3").statement(0xdeadbeef) The addressed instruction in the ext3 filesystem driver.
timer.ms(200) A timer that fires every 200 milliseconds.
timer.profile A timer that fires periodically on every CPU.
perf.hw.cache_misses A p articular number of CPU cache misses have occurred.
procfs("status").read A process trying to read a synthetic file.
process("a.out").statement("*@main.c:200") Line 200 of th e a.out program.
Let’s say that you would like to trace all function ent ries and exits in a source file, say net/socket.c in t he
kernel. The kernel.function probe point lets you e xpress that easily, since systemtap examines the kernel’s
debugging information to relate object code to source code. It works like a debugger: if you can name
or place it, you can probe it. Use kernel.function("*@net/socket.c").call for the function entries
1
,
and kernel.function("*@net/socket.c").return for matching exits. Note th e use of wildcards in the
function name part, and the subsequent @FILENAME part. You can also put wildcards into the file name, and
1
Without the .call qualifier, inlined fun ction instances are al so probed, but they have no corresponding .return.
3
even add a colon (:) and a line number, if you want to restrict t he search that precisely. Since systemtap will
put a separate p robe in every place that matches a probe point, a few wildcards can expand to hundreds or
thousands of probes, so be car eful what you ask for.
Once you identify the probe p oints, the skeleton of the systemtap script appears. The probe keywor d intro-
duces a probe point, or a comma-separated list of them. The following { and } b races enclose the handler
for all listed probe points.
probe kernel.function("*@net/socket.c") { }
probe kernel.function("*@net/socket.c").return { }
You can run this script as is, though with e m pty handlers ther e will be no out put. Put the t wo lines into a
new file. Run stap -v FILE. Terminate it any time with ^C. (The -v op tion tells systemtap to p rint more
verbose messages during its processing. Try the -h op tion to see more o ptions.)
2.2 What to print
Since you ar e interested in each function that was entered and exited, a line should be printed for each,
containing the function name. In order to make that list easy to read, systemtap should indent the lines so
that functions called by other traced functions are nested deeper. To tell each single process apart f rom any
others that may be running concurrently, systemtap should also print the process I D in the line.
Systemtap provides a variety of such cont extual data, ready for for m atting. They usually app ear as function
calls within the handler, like you already saw in Figure 1. See the function::* man pages for those
functions and more defined in the t apset library, but here’s a sampling:
tid() The id of the current thread.
pid() The process (task group) id of the current thread.
uid() The id of the current user.
execname() The name of the current process.
cpu() The current cpu number.
gettimeofday_s() Number of seconds since epoch.
get_cycles() Snapshot of h ardware cycle counter.
pp() A string describing the probe point b eing currently handled.
probefunc() If known, the name of the function in which this probe was placed.
$$vars If available, a pretty-printed listing of all local variables in scope.
print_backtrace() If possible, print a kernel backtr ace .
print_ubacktrace() If possible, print a user-space backtrace.
The values returned may be strings or numbers. The print() built-in function accepts either as its sole
argument. Or, you can use the C-style printf() built-in, whose formatting argument may include %s for a
string, %d for a number. printf and other f unctions take comma-separated arguments. Don’t fo rget a "\n"
at the end. Th ere exist more printing / formatting functions too.
A particularly handy function in the tapset library is thread_indent. Given an indentation delta parameter, it
stores internally an indentation counter for each thread (tid()), and r eturns a string with some generic trace
data plus an appropriate number of indentation spaces. That generic data includes a timestamp (number
of microseconds since the initial indentation for the thread), a process name and the thread id itself. It
therefor e gives an idea not only about what functions were called, but who called them, and how long they
took. Figure 3 shows the finished script. It lacks a call to the exit() function, so you need to interrupt it
with ^C when you want the tracing to stop.
4
剩余17页未读,继续阅读
资源评论
- javelin20072017-10-12这是一个使用工具的介绍。不是工具
- 疯狂的拉面2013-08-20明明是个ppt啊
qk064
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- Dock项目硬件DRB.pptx
- bootstrap安装好后的安装包,可以进行安装
- JAVAWML信息查询与后端信息发布系统实现-WML信息查询设计(源代码+论文)
- 6回路比赛抢答器PLC程序.opt
- 最终结果-信贷可得性.xlsx
- 基于python和模拟退火算法的拆装流水线问题解决方案(免费提供源码)
- 使用 SSM(Spring MVC + Spring + MyBatis)框架实现申报项目信息管理系统实验报告
- 这本书深入探讨了MySQL数据库系统的内部工作原理,特别适合高级用户、数据库管理员和开发者,希望了解MySQL在低层次上如何运行
- 停车场车位自动检测系统电路图
- 所有指定格式的Excel文件的工作表合并到一个新的Excel文件中
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功