3.2.2. SystemTap Handler/Body

Consider the following sample script:

Example 3.4. helloworld.stp

probe begin
  printf ("hello world\n")
  exit ()
In Example 3.4, “helloworld.stp”, the event begin (that is, the start of the session) triggers the handler enclosed in { }, which simply prints hello world followed by a new-line, then exits.


SystemTap scripts continue to run until the exit() function executes. If the users wants to stop the execution of the script, it can interrupted manually with Ctrl+C.
printf ( ) Statements
The printf () statement is one of the simplest functions for printing data. printf () can also be used to display data using a wide variety of SystemTap functions in the following format:
		printf ("format string\n", arguments)
The format string specifies how arguments should be printed. The format string of Example 3.4, “helloworld.stp” instructs SystemTap to print hello world, and contains no format specifiers.
You can use the format specifiers %s (for strings) and %d (for numbers) in format strings, depending on your list of arguments. Format strings can have multiple format specifiers, each matching a corresponding argument; multiple arguments are delimited by a comma (,).


Semantically, the SystemTap printf function is very similar to its C language counterpart. The aforementioned syntax and format for SystemTap's printf function is identical to that of the C-style printf.
To illustrate this, consider the following probe example:

Example 3.5. variables-in-printf-statements.stp

probe syscall.open
  printf ("%s(%d) open\n", execname(), pid())
Example 3.5, “variables-in-printf-statements.stp” instructs SystemTap to probe all entries to the system call open; for each event, it prints the current execname() (a string with the executable name) and pid() (the current process ID number), followed by the word open. A snippet of this probe's output would look like:
vmware-guestd(2206) open
hald(2360) open
hald(2360) open
hald(2360) open
df(3433) open
df(3433) open
df(3433) open
hald(2360) open
SystemTap Functions
SystemTap supports a wide variety of functions that can be used as printf () arguments. Example 3.5, “variables-in-printf-statements.stp” uses the SystemTap functions execname() (name of the process that called a kernel function/performed a system call) and pid() (current process ID).
The following is a list of commonly-used SystemTap functions:
The ID of the current thread.
The ID of the current user.
The current CPU number.
The number of seconds since UNIX epoch (January 1, 1970).
Convert number of seconds since UNIX epoch to date.
A string describing the probe point currently being handled.
This particular function is quite useful in providing you with a way to better organize your print results. The function takes one argument, an indentation delta, which indicates how many spaces to add or remove from a thread's "indentation counter". It then returns a string with some generic trace data along with an appropriate number of indentation spaces.
The generic data included in the returned string includes a timestamp (number of microseconds since the first call to thread_indent() by the thread), a process name, and the thread ID. This allows you to identify what functions were called, who called them, and the duration of each function call.
If call entries and exits immediately precede each other, it is easy to match them. However, in most cases, after a first function call entry is made several other call entries and exits may be made before the first call exits. The indentation counter helps you match an entry with its corresponding exit by indenting the next function call if it is not the exit of the previous one.
Consider the following example on the use of thread_indent():

Example 3.6. thread_indent.stp

probe kernel.function("*@net/socket.c").call
  printf ("%s -> %s\n", thread_indent(1), probefunc())
probe kernel.function("*@net/socket.c").return
  printf ("%s <- %s\n", thread_indent(-1), probefunc())
Example 3.6, “thread_indent.stp” prints out the thread_indent() and probe functions at each event in the following format:
0 ftp(7223): -> sys_socketcall
1159 ftp(7223):  -> sys_socket
2173 ftp(7223):   -> __sock_create
2286 ftp(7223):    -> sock_alloc_inode
2737 ftp(7223):    <- sock_alloc_inode
3349 ftp(7223):    -> sock_alloc
3389 ftp(7223):    <- sock_alloc
3417 ftp(7223):   <- __sock_create
4117 ftp(7223):   -> sock_create
4160 ftp(7223):   <- sock_create
4301 ftp(7223):   -> sock_map_fd
4644 ftp(7223):    -> sock_map_file
4699 ftp(7223):    <- sock_map_file
4715 ftp(7223):   <- sock_map_fd
4732 ftp(7223):  <- sys_socket
4775 ftp(7223): <- sys_socketcall
This sample output contains the following information:
  • The time (in microseconds) since the initial thread_indent() call for the thread (included in the string from thread_indent()).
  • The process name (and its corresponding ID) that made the function call (included in the string from thread_indent()).
  • An arrow signifying whether the call was an entry (<-) or an exit (->); the indentations help you match specific function call entries with their corresponding exits.
  • The name of the function called by the process.
Identifies the name of a specific system call. This variable can only be used in probes that use the event syscall.system_call.
Used in conjunction with stap script -x process ID or stap script -c command. If you want to specify a script to take an argument of a process ID or command, use target() as the variable in the script to refer to it. For example:

Example 3.7. targetexample.stp

probe syscall.* {
  if (pid() == target())
    printf("%s\n", name)
When Example 3.7, “targetexample.stp” is run with the argument -x process ID, it watches all system calls (as specified by the event syscall.*) and prints out the name of all system calls made by the specified process.
This has the same effect as specifying if (pid() == process ID) each time you wish to target a specific process. However, using target() makes it easier for you to re-use the script, giving you the ability to pass a process ID as an argument each time you wish to run the script (that is, stap targetexample.stp -x process ID).
For more information about supported SystemTap functions, refer to man stapfuncs.