stap doesn't probe all possible functions when some have the same name in a single CU. This can happen in C++ if the functions have overloaded parameters, or if the functions are from different namespace/class scopes. For example: $ stap -l 'process("/usr/bin/stap").function("visit_target_symbol")' process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/staptree.cxx:2636") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/elaborate.cxx:2807") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/translate.cxx:3513") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/tapsets.cxx:2167") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/tapset-procfs.cxx:353") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/tapset-perfmon.cxx:46") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/tapset-mark.cxx:187") process("/usr/bin/stap").function("visit_target_symbol@/usr/src/debug/systemtap-0.9.9/tapset-utrace.cxx:543") That's 8 probes, but stap actually has 15 visit_target_symbol functions. You can see that there's only one function per selected CU, but should be multiple functions found in elaborate.cxx, staptree.cxx, and tapsets.cxx.
I found cases of this in the kernel as well, so this isn't just a C++ issue. It usually occurs where a function is both inlined and has concrete instances. For example, on 2.6.29.6-217.2.16.fc11.x86_64, these are the DIEs related to "acpi_battery_units": (at the top level of the CU) [2359b7f] subprogram external name "acpi_battery_units" decl_file 1 decl_line 260 prototyped type [234db21] inline declared_inlined (3) sibling [2359b9f] (...) [2359d83] subprogram abstract_origin [2359b7f] low_pc 0xffffffff8120f207 <acpi_battery_units> high_pc 0xffffffff8120f22b <sysfs_remove_battery> frame_base location list [49f943] sibling [2359da8] (... later, nested in other subprograms ...) [235a69b] inlined_subroutine abstract_origin [2359b7f] entry_pc 0xffffffff8120fb72 <acpi_battery_print_alarm+0x5c> ranges range list [ ab210] call_file 1 call_line 646 (...) [235a717] inlined_subroutine abstract_origin [2359b7f] entry_pc 0xffffffff8120fcaa <acpi_battery_print_state+0xf6> ranges range list [ ab240] call_file 1 call_line 611 sibling [235a735] (etc.) Currently, through dwarf_getfuncs our code will first encounter [2359b7f] and write it into the cache. Later we will see [2359d83], which will overwrite the first one in the cache. Thus, we never even look for the inline instances associated with [2359b7f].
commit b7478964