Systemtap supports a number of built-in events. The library of
scripts that comes with systemtap, each called a ``tapset'', may
define additional ones defined in terms of the built-in family. See
the stapprobes man page for details. All these events are named using a unified syntax that
looks like dot-separated parameterized identifiers:
begin |
The startup of the systemtap session. |
end |
The end of the systemtap session. |
kernel.function("sys_open") |
The entry to the function named
sys_open in the kernel. |
syscall.close.return |
The return from the close system
call. |
module("ext3").statement(0xdeadbeef) |
The addressed instruction
in the ext3 filesystem driver. |
timer.ms(200) |
A timer that fires every 200 milliseconds. |
Let's say that you would like to trace all function entries and exits
in a source file, say net/socket.c in the kernel. The
kernel.function probe point lets you express that easily, since
systemtap examines the kernel's debugging information to relate object
code to source code. It works like a debugger: if you can name or
place it, you can probe it. Use
kernel.function("*@net/socket.c") for the function entries, and
kernel.function("*@net/socket.c").return for the exits. Note
the use of wildcards in the function name part, and the subsequent
@FILENAME part. You can also put wildcards into the file name,
and even add a colon (:) and a line number, if you want to
restrict the search that precisely. Since systemtap will put a
separate probe in every place that matches a probe point, a few
wildcards can expand to hundreds or thousands of probes, so be careful
what you ask for.
Once you identify the probe points, the skeleton of the systemtap
script appears. The probe keyword introduces a probe point, or
a comma-separated list of them. The following { and }
braces enclose the handler for all listed probe points.
probe kernel.function("*@net/socket.c") { }
probe kernel.function("*@net/socket.c").return { }
You can run this script as is, though with empty handlers there will
be no output. Put the two lines into a new file. Run
stap -v FILE. Terminate it any time with ^C. (The
-v option tells systemtap to print more verbose messages during
its processing. Try the -h option to see more options.)