systemtap accepts script as command line option or external file, for example:
- command-line script is passed with
-eoption
# stap -e 'probe syscall.write { printf("%d\n", $fd); }' [arguments] - external file as first argument:
# stap syscalls. [arguments]
systemtap command line arguments may be passed to a script, but it distingushes their types: numerical arguments are accessible with $ prefix: $1, $2 ... $n while string arguments have @ prefix: @1, @2 ... @n
here are some useful stap(1) options:
-l probespecaccepts probe specifier withoutprobekeyword (but with wildcards) and prints all matching probe names (more on wildcards in [probes][lang/probes]).-lwill also print probe arguments and their types. for example:
# stap -l 'scsi.*'-v-- increases verbosity of systemtap. the more letters you passed, the more diagnostic information will be printed. if only one-vwas passed,stapwill report only finishing of each stage.-p stage-- ends stap process after stage, represented with a number starting with 1 (parse).-k-- stap tool won't delete systemtap temporary files created during compilation (sources and kernel modules kept in/tmp/stapxxxxdirectory),-g-- enables guru-mode, that allows to bind to blacklisted probes and write into kernel memory along with using embedded c in your scripts. generally speaking, it allows dangerous actions.-c commandand-x pid-- like those in dtrace, they allow to bind systemtap to a specific process-o file-- redirects output to a file. if it already exists, systemtap rewrites it.-m name-- when compiling a module, give it meaningful name instead ofstap_.
when systemtap needs to resolve address into a symbol (for example, instruction pointer to a corresponding function name), it doesn't look into libraries or kernel modules.
here are some useful command-line options that enable that:
-d modulepath-- enables symbol resolving for a specific library or kernel module. note that in case it is not provided,stapwill print a warning with corresponding-doption.--ldd-- for tracing process -- uselddto add all linked libraries for a resolving.--all-modules-- enable resolving for all kernel modules
systemtap example
here is sample systemtap script:
#!/usr/sbin/stap
probe syscall.write { if(pid() target())
printf("written %d bytes", $count); }
save it to test.stp and run like this:
root@host# stap /root/test.stp -c "dd if=/dev/zero of=/dev/null count=1"
_q__: run systemtap with following options: # stap -vv -k -p4 /root/test.stp, find generated directory in /tmp and look into created c source.
q: calculate number of probes in a syscall provider and number of variables provided by syscall.write probe:
运行systemtap。
运行systemtap首先需要root权限。
运行systemtap有三种形式:
1. 从文档(通常以.stp作为文档名后缀)中读入并运行脚本:stap [选项] 文档名。
2. 从标准输入中读入并运行脚本: stap [选项]。
3. 运行命令行中的脚本:stap [选项] -e 脚本。
4. 直接运行脚本文档(需要可执行属性并且第一行加上#!/usr/bin/stap):./脚本文档名用"ctrl c"中止systemtap的运行。
systemtap的选项还在不断的扩展和更新中,其中最常用的选项包括:
-v -- 打印中间信息;
-p num -- 运行完pass num后停止(缺省是运行到pass 5);
-k -- 运行结束后保留临时文档不删除;
-b -- 使用relayfs文档系统来将数据从内核空间传输到用户空间;
-m -- 仅当使用-b选项时有效,运行结束时不合并每个cpu的单独数据文档;
-o file -- 输出到文档,而不是输出到标准输出;
-c cmd -- 启动探测后,运行cmd命令,直到命令结束后退出;
-g -- 采用guru模式,允许脚本中嵌入c语句;