Usage: dtrace [-aACeFHlqSvVwZ] [-arch i386|x86_64] [-b bufsz] [-c cmd] [-D name[=def]]
[-I path] [-L path] [-o output] [-p pid] [-s script] [-U name]
[-x opt[=val]]
[-P provider [[ predicate ] action ]]
[-m [ provider: ] module [[ predicate ] action ]]
[-f [[ provider: ] module: ] func [[ predicate ] action ]]
[-n [[[ provider: ] module: ] func: ] name [[ predicate ] action ]]
[-i probe-id [[ predicate ] action ]] [ args ... ]
predicate -> '/' D-expression '/'
action -> '{' D-statements '}'
-arch Generate programs and Mach-O files for the specified architecture
-a claim anonymous tracing state
-A generate plist(5) entries for anonymous tracing
-b set trace buffer size
-c run specified command and exit upon its completion
-C run cpp(1) preprocessor on script files
-D define symbol when invoking preprocessor
-e exit after compiling request but prior to enabling probes
-f enable or list probes matching the specified function name
-F coalesce trace output by function
-h generate a header file with definitions for static probes
-H print included files when invoking preprocessor
-i enable or list probes matching the specified probe id
-I add include directory to preprocessor search path
-l list probes matching specified criteria
-L add library directory to library search path
-m enable or list probes matching the specified module name
-n enable or list probes matching the specified probe name
-o set output file
-p grab specified process-ID and cache its symbol tables
-P enable or list probes matching the specified provider name
-q set quiet mode (only output explicitly traced data)
-s enable or list probes according to the specified D script
-S print D compiler intermediate code
-U undefine symbol when invoking preprocessor
-v set verbose mode (report stability attributes, arguments)
-V report DTrace API version
-w permit destructive actions
-x enable or modify compiler and tracing options
-Z permit probe descriptions that match zero probes
probe names are specified using the following:
provider:module:function:name
The provider and name fields are terms to describe the probe, whereas the mod- ule and function fields explain the probe’s software location
provider: Providers are libraries of probes that instrument a specific area of the system (for example, sched) or a mode of tracing (for example, fbt). New providers are written over time and added to newer releases (for example, ip, tcp, perl, python, mysql, and so on).
module: This is the kernel module where the probe is located. For user-land probes, it reflects the shared object library that contains the probe.
function: This is the software function that contains this probe.
name: This is a meaningful name to describe the probe. For example, names such as entry and return are probes that fire at the entry and return of the corresponding function.
例子 dtrace -n 'syscall::read:entry /execname != "dtrace"/ { @reads[execname, fds[arg0].fi_pathname] = count(); }'
//之间的是filter,过滤不需要的
sudo dtrace -l -P ruby86604
ID PROVIDER MODULE FUNCTION NAME
35731 ruby86604 Ruby rb_call0 function-entry
35732 ruby86604 Ruby rb_call0 function-return
35733 ruby86604 Ruby garbage_collect gc-begin
35734 ruby86604 Ruby garbage_collect gc-end
35735 ruby86604 Ruby rb_eval line
35736 ruby86604 Ruby rb_obj_alloc object-create-done
35737 ruby86604 Ruby rb_obj_alloc object-create-start
35738 ruby86604 Ruby garbage_collect object-free
35739 ruby86604 Ruby rb_longjmp raise
35740 ruby86604 Ruby rb_eval rescue
35741 ruby86604 Ruby ruby_dtrace_probe ruby-probe
ruby86604中,数字表示的是进程号, provider都是ruby
-P enable or list probes matching the specified provider name
There are essentially three components to a DTrace invocation:
The probes
An optional predicate
An optional probe clause, containing the actions to take when the probe fires
dtrace -n 'probe /predicate/ { actions }'
Aggregation variables are prefixed with @ and are populated using aggregating functions
1、 rvm use 2.0.0 ; irb
2、 sudo dtrace -l | grep ruby | grep pid( irb的进程号)
d语言提供的内建变量
actions
trace() takes a single argument and prints it:
printf()
tracemem()
copyin()
stringof()
copyinstr()
strlen() and strjoin()
stack(), ustack(), and jstack()
sizeof()
exit()
Speculations
内建的 macro
Variable
Name Type Description
$target pid_t Process ID specified using -p PID or -c command
$1..$N Integer or string Command-line arguments to dtrace(1M)
$$1..$$N String (forced) Command-line arguments to dtrace(1M)
外部变量
External
variables are defined by the operating system (external to DTrace) and
accessed by prefixing the kernel variable name with a backquote. The
kernel inte- ger variable k could be printed using this:
printf("k: %d\n", `k);
Aggregations
Aggregations are a special variable type used to summarize data. They are pre- fixed with an at (@) sign and are populated by aggregating functions. The action
@a = count();
DTrace operates in the kernel address space. To access data from the user-land address space associated with a process, copyin() can be used.
trace()
The trace() action takes a single argument and prints it:
sudo dtrace -n 'syscall::fork*: { trace(pid); }'
sudo dtrace -n 'syscall::exec*: { trace(execname); }'
sudo dtrace -n python\*:::function-entry
sudo dtrace -n syscall::*read*:entry
sudo dtrace -n 'syscall::read:entry, sys call::write:entry' /fds[arg0].fi_fs == "sockfs"/ { @[execname, pid] = count();}'
sudo dtrace -n 'ruby57003::rb_str_resurrect:string-create { printf("%s", probefunc); trace(arg4); }'
sudo dtrace -ln 'ruby$target::str_new:string-create {}' -p 81737
DTrace runs in kernel-land.
You can examine user-land (process) memory using copyinstr() (and copyin()).
If you forget this, you’ll see “invalid address” (if you’re lucky).
copyin” is a term from kernel code to refer to copying in data from user-land to the kernel)
DTrace allows you to access command-line arguments within the script. $1 is the first argument after all of arguments that dtrace will consume, $2 is the next one, and so on. Hard-coding a pid is unpleasant to do, so you will typically use $1 to pass a particular process ID on the command-line.
sudo dtrace -q -s malloc-pid.d 1313
例子:
sudo dtrace -n 'pid52043::malloc:entry { printf ("Safari asking for %d bytes", arg0); } ‘
sudo dtrace -l -n 'pid$1::malloc:entry' 8880
- which applications are making the most system calls?
sudo dtrace -n ’syscall:::entry{@num[execname] = count();}’
- which system calls is the Ruby making?
sudo dtrace -n ’syscall:::entry /execname==“ruby”{@num[probefunc] = count();}/‘
- what functions is the ruby calling?
dtrace -n ‘pid*:::entry /execname == “ruby”/ {@num[probefunc] = count();}’
- How much memory is Ruby allocating?
dtrace -n ‘pid*::malloc*:entry /execname == “ruby”/ {@num[probefunc] = sum(arg0);'
变量范围:
self thread-local
this clause-local
cases :
sudo dtrace -x ustackframes=100 -n 'profile-997 /execname == "mysqld"/ { @[ustack()] = count(); }tick-60s {exit(0);} ‘
sudo dtrace -n 'ruby*:::method-entry
/pid == 96725 && copyinstr(arg1) == "save" /{printf("%s in %s
at %d",copyinstr(arg1), copyinstr(arg2),arg3 )}'
sudo dtrace -n 'ruby*:::method-entry /pid == 96725 /{@count[copyinstr(arg1)] = count() }’ #分析一次操作中, 方法被调用了多少次
sudo dtrace -n 'ruby*:::method-entry /pid == 6438/ {@ss[copyinstr(arg0), copyinstr(arg1)] = count();}'
sudo dtrace -n 'ruby*:::method-entry
/copyinstr(arg1) == "empty?" / { printf("%s in %s at
%d",copyinstr(arg1), copyinstr(arg2),arg3 ) }' -c 'rake
assets:precompile RAILS_ENV=development'
匹配方法的名称(与上例相同)
sudo dtrace -n 'ruby51374:::method-entry /pid==51374 &&
copyinstr(arg1) == "initialize"/ {printf("%s, %s",copyinstr(arg0),
copyinstr(arg1))}’
查看哪些命令是用dtrace写的:
man -k dtrace
当日志很大的时候, 通过过滤日志缩小考察范围:
cat update_course.log | ack "(codes|course_core|plato_core|course_api|course|update|save|callback)" > filter.log
sudo dtrace -s "./ruby_flow_info.d" -p 63369 > ~/Desktop/xxx.log
- 【转】怎样创建一个Xcode插件(Part 2)
原文:How To Create an Xcode Plugin: Part 2/3 原作者:Derek Selander 译者:@yohunl 译者注:原文使用的是xcode6.3.2,我翻译的时候 ...
- 动态追踪技术(中) - Dtrace、SystemTap、火焰图
http://openresty.org/cn/presentations.html http://weibo.com/agentzh?is_all=1 http://openresty.org/po ...
- Linux 下的一个全新的性能测量和调式诊断工具 Systemtap, 第 2 部分: DTrace
DTrace的原理本系列文章详细地介绍了一个 Linux 下的全新的调式.诊断和性能测量工具 Systemtap 和它所依赖的基础 kprobe 以及促使开发该工具的先驱 DTrace 并给出实际使用 ...
- linux 内核分析工具 Dtrace、SystemTap、火焰图、crash等
<< System语言详解 >> 关于 SystemTap 的书. 我们在分析各种系统异常和故障的时候,通常会用到 pstack(jstack) /pldd/ lsof/ tc ...
- 在 Oracle Linux 上使用 DTrace
作者:Richard Friedman 简要介绍适用于 Oracle Linux 的 DTrace 探测器和提供程序,以及与 Oracle Solaris 中 DTrace 探测器和提供程序的区别.还 ...
- DTRACE简介(2)
By samwan on 三月 21, 2007 通过上一次的介绍,相信大家对DTRACE已经有了一个初步的认识.上一次结束时专门留了一个例子,可能大家第一次看有很多不明白的地方,没有关系,随着我们对 ...
- 我的MYSQL学习心得(一) 简单语法
我的MYSQL学习心得(一) 简单语法 我的MYSQL学习心得(二) 数据类型宽度 我的MYSQL学习心得(三) 查看字段长度 我的MYSQL学习心得(四) 数据类型 我的MYSQL学习心得(五) 运 ...
- Swift与C#的基础语法比较
背景: 这两天不小心看了一下Swift的基础语法,感觉既然看了,还是写一下笔记,留个痕迹~ 总体而言,感觉Swift是一种前后端多种语言混合的产物~~~ 做为一名.NET阵营人士,少少多多总喜欢通过对 ...
- 探索C#之6.0语法糖剖析
阅读目录: 自动属性默认初始化 自动只读属性默认初始化 表达式为主体的函数 表达式为主体的属性(赋值) 静态类导入 Null条件运算符 字符串格式化 索引初始化 异常过滤器when catch和fin ...
随机推荐
- http请求原理
客户端发送一个HTTP请求到服务器的请求消息包括以下格式:请求行(request line).请求头部(header).空行和请求数据四个部分组成,下图给出了请求报文的一般格式. 请求行 HTTP响应 ...
- CodeForce:732B-Cormen — The Best Friend Of a Man
传送门:http://codeforces.com/problemset/problem/732/B Cormen - The Best Friend Of a Man time limit per ...
- cyg-apt update 升级报错
现象: $ cyg-apt updatecyg-apt: downloading: http://box-soft.com/setup-2.bz2cyg-apt: downloading: http: ...
- linux快速查看同局域网的其他在线主机
安装一个nmap工具,直接 nmap -sP 192.168.1.1/24 即可
- [git 学习篇] --创建git创库
http://www.liaoxuefeng.com/wiki/0013739516305929606dd18361248578c67b8067c8c017b000/0013743256916071d ...
- Spring 4.3.11.RELEASE文档阅读(二):Core Technologies_AOP
虽然并不是每个问题都有答案,但我想了很多问题.so, just write it down , maybe one day...... AOP: 1,AOP是啥 2,AOP思想是怎么产生的 3,AOP ...
- 【bzoj2225】[Spoj 2371]Another Longest Increasing CDQ分治+树状数组
题目描述 给定N个数对(xi, yi),求最长上升子序列的长度.上升序列定义为{(xi, yi)}满足对i<j有xi<xj且yi<yj. 样例输入 8 1 3 3 2 1 1 4 5 ...
- Bash Command 1: find
GNU find searches the directory tree rooted at each given starting-point by evaluating the given exp ...
- IBM QMF下载
官网下载页面: http://www-01.ibm.com/support/docview.wss?uid=swg27009383 官方BBS: https://w3-connections.ibm. ...
- debug模式总是自动跳到ThreadPoolExecutor
debug模式下eclipse总是自动跳到ThreadPoolExecutor解决方案 debug模式下eclipse总是自动跳到ThreadPoolExecutor解决方案 在eclipse中点击W ...