systemtap

DTrace

project

license

GPL

CDDL

operating system support

Linux

Solaris, Mac OS X, BSD, QNX

processor support

as per kprobes: x86, x86_64, ppc64, ia64, s390, sparc?

x86, x86_64, SPARC, ppc, ppc64

kernel coupling - interdependent development/schedule

little

lot

core developers

open community

open community

development began

January 2005

October 2001

development status

ongoing

stable with continuing development

target audience

developers, users, sysadmins

developers, users, sysadmins

target usage

debugging, tracing, profiling

debugging, tracing, profiling

language

style

scripting

scripting

full control structures (conditionals, loops, functions)

yes

no

variable typing

implicit, inferred

implicit

complex reporting (join/projection/select)

yes (first principles, iteration, conditionals)

limited (with printa())

scalable aggregates

yes

yes

aggregate value readable by script

yes

no

thread-local variables

yes (from first principles via tid-indexed auxiliary arrays)

yes (implemented efficiently)

speculative tracing

yes (from first principles via auxiliary data and control structures)

yes

binary tracing

yes

?

early boot tracing

not yet [[http://sourceware.org/PR2035]

yes

probe execution

optimized native code

interpreted bytecodes

probing capability

number of available symbolic probe points in the kernel

millions (statements, markers)

thousands (functions, markers)

number of available symbolic probe points in user-space

none yet http://sourceware.org/PR4225

millions (functions, markers)

probe arbitrary statements in code symbolically (function entry, exit, interior, source code co-ordinates)

yes (using debugging information)

limited to ABI boundaries (function entry/exit, markers)

symbolically extract arbitrary data at probe point

yes (any context-visible variable as preserved by compiler)

limited (all data visible; local variables may be accessed by using manual register offsets)

non-symbolic (manually addressed) probe points / data

yes

yes

probe dynamically loaded kernel objects

yes

yes

concurrent probes on multiprocessors

yes

yes

context pointer type punning/casting

not yet http://sourceware.org/PR5634

yes

statically inserted probe points, kernel side

yes (markers)

yes (SDT)

end-user extendable probe library

yes (script based tapsets)

no

probe user-space programs

soon http://sourceware.org/PR4225

yes

trace user-space stack backtraces

soon http://sourceware.org/PR5635

yes

statically inserted probe points, user side

not yet http://sourceware.org/PR1918

yes (USDT)

trace Java programs

soon (special case of user-space)

yes

trace Java stack backtraces

no

yes

statically inserted probe points, Java

no

yes

trace script language programs

not yet

yes: Ruby, JavaScript, Perl, Python, PHP, APL, Bourne shell, ksh, zsh, Tcl

timer-based probing

yes (profiling interrupt, software timers)

yes

hardware performance counter based probing

soon http://sourceware.org/PR909

soon

safety

time-limited probe handler execution

yes (statement counting)

yes (built into interpreter)

non-blocking, atomic probe handlers

yes

yes

space-limited execution

yes (static allocation of all data)

yes

division-by-zero protection

yes

yes

null pointer dereferencing protection

yes

yes

means available to bypass protection for advanced users

yes (guru mode, embedded-C)

limited (predefined destructive actions for well-defined modifications)

safe use on production systems

soon

yes

translate-time error checks

many

many

run-time error checks performed by

automatically generated C code

bytecode interpreter

use by unprivileged users

developer vs. user distinction

graduated access by privilege level