1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
D scripting language
--------------------
Rules
BEGIN
{
actions
}
provider:module:function:name
/test/
{
actions
}
provider:module:function:name
/another test/
{
actions
}
* Supported providers: syscall, pid<num>, sysinfo
Examples:
syscall::open*:entry - called on entry in open family syscalls
pid4092:::entry - called on entry in any syscall by process 4092
* Tests
cpu == 0 && pid = 1029 - Process 1029 running on the first CPU
execname != "sched" - Process is not scheduller
- cpu, pid, execname are builtin variables
* Actions
Formated and unformated output, variable assignment...
Syntaxes
--------
- Semicolon terminated commands;
- Variables var. Declaration is not needed, but good idea to set to zero
to deallocate space occupied.
var = 1
... usage in this or next probes ...
var = 0
- Arrays: arr[idx] = 1
Builtin Variables
=================
execname - executable name
probemod - library/executable name
probefunc - function name
timestamp - current timestamp in nanoseconds
cpu - processor executing code (index)
pid - process
uid - process owner
self - thread specific store, usage (self->var = 1)
Providers
=========
Syscall & pid providers
-----------------------
module - object: a.out, libc, libds, and so on...
function - symbol
name - place: entry, return
Sysinfo
-------
:::pswitch - fired when a process is switched to run
:::exec-success - fired when a new process is started
Proc
----
Process and thread creation and termination, signals...
:::signal-send - signal send
args[1] - psinfo_t of receiving process
->pr_fname - process file name
args[2] - signal number
Sched
-----
Scheduling events
:::on-cpu - got on cpu
:::off-cpu - got off cpu
Io
--
:::start - I/O operation started
args[0]
->b_flag B_READ bit (1 - read : 0 - write)
args[1]
->dev_statname device name
args[2]
->fi_pathname file name
Actions
=======
printf() - C style printf
ustack() - user level stack
trace - value of give variable
var=val - variable assignments
system("ls %s", var) - call shell command using printf syntax
Aggregators
===========
Allows to collect tables of information. The format is following
@name[indexes]=aggregate_function()
Aggegators: count(), sum(val)
- Aggegated values are reported on dtrace termination (Ctrl+C)
- Only single table is supported (?)
- multiline functions could be used as indexes, i.e. @name[ustack()]=...
Example:
pid4092:libc::entry { @count_table[probefunc] = count(); }
Calling Dtrace
--------------
dtrace -s <script_file>
dtrace -s <script_file> -c command Trace command from start to end
-w Permit destructive actions
-q Quite
|