Usage: dtrace [-aACeFHlqSvVwZ] [-arch i386|x86_64] [-b bufsz] [-c cmd] [-D name[=def]]

     [-I path] [-L path] [-o output] [-p pid] [-s script] [-U name]
     [-x opt[=val]]
 
     [-P provider [[ predicate ] action ]]
     [-m [ provider: ] module [[ predicate ] action ]]
     [-f [[ provider: ] module: ] func [[ predicate ] action ]]
     [-n [[[ provider: ] module: ] func: ] name [[ predicate ] action ]]
     [-i probe-id [[ predicate ] action ]] [ args ... ]
 
     predicate -> '/' D-expression '/'
        action -> '{' D-statements '}'
 
     -arch Generate programs and Mach-O files for the specified architecture
 
     -a  claim anonymous tracing state
     -A  generate plist(5) entries for anonymous tracing
     -b  set trace buffer size
     -c  run specified command and exit upon its completion
     -C  run cpp(1) preprocessor on script files
     -D  define symbol when invoking preprocessor
     -e  exit after compiling request but prior to enabling probes
     -f  enable or list probes matching the specified function name
     -F  coalesce trace output by function
     -h  generate a header file with definitions for static probes
     -H  print included files when invoking preprocessor
     -i  enable or list probes matching the specified probe id
     -I  add include directory to preprocessor search path
     -l  list probes matching specified criteria
     -L  add library directory to library search path
     -m  enable or list probes matching the specified module name
     -n  enable or list probes matching the specified probe name
     -o  set output file
     -p  grab specified process-ID and cache its symbol tables
     -P  enable or list probes matching the specified provider name
     -q  set quiet mode (only output explicitly traced data)
     -s  enable or list probes according to the specified D script
     -S  print D compiler intermediate code
     -U  undefine symbol when invoking preprocessor
     -v  set verbose mode (report stability attributes, arguments)
     -V  report DTrace API version
     -w  permit destructive actions
     -x  enable or modify compiler and tracing options
     -Z  permit probe descriptions that match zero probes
 
 
 
 
probe names are specified using the following:
provider:module:function:name
 
The provider and name fields are terms to describe the probe, whereas the mod- ule and function fields explain the probe’s software location

provider: Providers are libraries of probes that instrument a specific area of the system (for example, sched) or a mode of tracing (for example, fbt). New providers are written over time and added to newer releases (for example, ip, tcp, perl, python, mysql, and so on).

module: This is the kernel module where the probe is located. For user-land probes, it reflects the shared object library that contains the probe.

function: This is the software function that contains this probe.

name: This is a meaningful name to describe the probe. For example, names such as entry and return are probes that fire at the entry and return of the corresponding function.

 


 
 

例子 dtrace -n 'syscall::read:entry /execname != "dtrace"/ { @reads[execname, fds[arg0].fi_pathname] = count(); }'

 
//之间的是filter,过滤不需要的
 
 
 
 
sudo dtrace -l -P ruby86604
 

ID   PROVIDER            MODULE                          FUNCTION NAME

35731  ruby86604              Ruby                          rb_call0 function-entry
35732  ruby86604              Ruby                          rb_call0 function-return
35733  ruby86604              Ruby                   garbage_collect gc-begin
35734  ruby86604              Ruby                   garbage_collect gc-end
35735  ruby86604              Ruby                           rb_eval line
35736  ruby86604              Ruby                      rb_obj_alloc object-create-done
35737  ruby86604              Ruby                      rb_obj_alloc object-create-start
35738  ruby86604              Ruby                   garbage_collect object-free
35739  ruby86604              Ruby                        rb_longjmp raise
35740  ruby86604              Ruby                           rb_eval rescue
35741  ruby86604              Ruby                 ruby_dtrace_probe ruby-probe
 
 
ruby86604中,数字表示的是进程号, provider都是ruby
 
-P enable or list probes matching the specified provider name
 
 
 
 

There are essentially three components to a DTrace invocation:

The probes

An optional predicate

An optional probe clause, containing the actions to take when the probe fires
 
 
dtrace -n 'probe /predicate/ { actions }'
 
 
Aggregation variables are prefixed with @ and are populated using aggregating functions
 
 
 
 
1、 rvm use 2.0.0 ; irb
 
2、 sudo dtrace -l | grep ruby  | grep  pid( irb的进程号)
 
 
 
 
d语言提供的内建变量
 
 

 
 
 
 actions
trace()    takes a single argument and prints it:
printf() 
tracemem()
copyin()
stringof()
copyinstr()
strlen() and strjoin()
stack(), ustack(), and jstack()
sizeof()
exit()
Speculations
 
 
 
 
内建的 macro
 

Variable

Name                Type                      Description

 
$target            pid_t                  Process ID specified using -p PID or -c command
 
$1..$N           Integer or string     Command-line arguments to dtrace(1M)
 
 
$$1..$$N        String (forced)        Command-line arguments to dtrace(1M)
 
 
外部变量
 
External
variables are defined by the operating system (external to DTrace) and
accessed by prefixing the kernel variable name with a backquote. The
kernel inte- ger variable k could be printed using this:
 
printf("k: %d\n", `k);
 
 

Aggregations

Aggregations are a special variable type used to summarize data. They are pre- fixed with an at (@) sign and are populated by aggregating functions. The action
 
@a = count();
 
 
 
 
 
 

 
 
 
 
 
 
DTrace operates in the kernel address space. To access data from the user-land address space associated with a process, copyin() can be used.
 

trace()

The trace() action takes a single argument and prints it:
 
sudo dtrace -n 'syscall::fork*: { trace(pid); }'
sudo dtrace -n 'syscall::exec*: { trace(execname); }'
 
sudo dtrace -n python\*:::function-entry 
 
sudo dtrace -n syscall::*read*:entry
 
sudo dtrace -n 'syscall::read:entry, sys call::write:entry' /fds[arg0].fi_fs == "sockfs"/ { @[execname, pid] = count();}'
 
 
 
sudo dtrace -n 'ruby57003::rb_str_resurrect:string-create { printf("%s", probefunc); trace(arg4); }' 
 
 
sudo dtrace -ln 'ruby$target::str_new:string-create {}' -p 81737 
 

DTrace runs in kernel-land.

 

You can examine user-land (process) memory using copyinstr() (and copyin()).
 
If you forget this, you’ll see “invalid address” (if you’re lucky).
 
copyin” is a term from kernel code to refer to copying in data from user-land to the kernel) 
 
DTrace allows you to access command-line arguments within the script. $1 is the first argument after all of arguments that dtrace will consume, $2 is the next one, and so on. Hard-coding a pid is unpleasant to do, so you will typically use $1 to pass a particular process ID on the command-line.
 
sudo dtrace -q -s malloc-pid.d 1313
 
 
例子:
 
  • pid provider
sudo dtrace -n 'pid52043::malloc:entry  { printf ("Safari asking for %d bytes", arg0);  } ‘
sudo dtrace -l -n 'pid$1::malloc:entry' 8880 
 
  • which applications are making the most system calls?
sudo dtrace -n ’syscall:::entry{@num[execname] = count();}’
  • which system calls is the Ruby making?

sudo dtrace -n ’syscall:::entry /execname==“ruby”{@num[probefunc] = count();}/‘

  • what functions is the ruby calling?

dtrace -n ‘pid*:::entry /execname == “ruby”/ {@num[probefunc] = count();}’

  • How much memory is Ruby allocating?
 

dtrace -n ‘pid*::malloc*:entry /execname == “ruby”/ {@num[probefunc] = sum(arg0);'

 
 
 
变量范围:
 
self  thread-local
this  clause-local
 
 
cases :
 
sudo dtrace -x ustackframes=100 -n 'profile-997 /execname == "mysqld"/ { @[ustack()] = count(); }tick-60s {exit(0);} ‘
 
sudo dtrace -n 'ruby*:::method-entry
/pid == 96725  && copyinstr(arg1) == "save" /{printf("%s in %s
at %d",copyinstr(arg1), copyinstr(arg2),arg3 )}'
 
 sudo dtrace -n 'ruby*:::method-entry /pid == 96725 /{@count[copyinstr(arg1)] = count() }’ #分析一次操作中, 方法被调用了多少次 
 
sudo dtrace -n 'ruby*:::method-entry /pid == 6438/ {@ss[copyinstr(arg0), copyinstr(arg1)] = count();}'
 
 
sudo dtrace -n 'ruby*:::method-entry
/copyinstr(arg1) == "empty?" / {  printf("%s in %s at
%d",copyinstr(arg1), copyinstr(arg2),arg3 ) }' -c 'rake
assets:precompile RAILS_ENV=development'
 
 
匹配方法的名称(与上例相同)
sudo dtrace -n  'ruby51374:::method-entry /pid==51374 &&
copyinstr(arg1) == "initialize"/ {printf("%s, %s",copyinstr(arg0), 
copyinstr(arg1))}’
 
 
查看哪些命令是用dtrace写的:
 
man -k dtrace
 
 
 当日志很大的时候, 通过过滤日志缩小考察范围:
 
cat update_course.log  | ack "(codes|course_core|plato_core|course_api|course|update|save|callback)"  > filter.log
 
 
sudo dtrace -s "./ruby_flow_info.d" -p 63369 > ~/Desktop/xxx.log

dtrace 语法的更多相关文章

  1. 【转】怎样创建一个Xcode插件(Part 2)

    原文:How To Create an Xcode Plugin: Part 2/3 原作者:Derek Selander 译者:@yohunl 译者注:原文使用的是xcode6.3.2,我翻译的时候 ...

  2. 动态追踪技术(中) - Dtrace、SystemTap、火焰图

    http://openresty.org/cn/presentations.html http://weibo.com/agentzh?is_all=1 http://openresty.org/po ...

  3. Linux 下的一个全新的性能测量和调式诊断工具 Systemtap, 第 2 部分: DTrace

    DTrace的原理本系列文章详细地介绍了一个 Linux 下的全新的调式.诊断和性能测量工具 Systemtap 和它所依赖的基础 kprobe 以及促使开发该工具的先驱 DTrace 并给出实际使用 ...

  4. linux 内核分析工具 Dtrace、SystemTap、火焰图、crash等

    << System语言详解 >> 关于 SystemTap 的书. 我们在分析各种系统异常和故障的时候,通常会用到 pstack(jstack) /pldd/ lsof/ tc ...

  5. 在 Oracle Linux 上使用 DTrace

    作者:Richard Friedman 简要介绍适用于 Oracle Linux 的 DTrace 探测器和提供程序,以及与 Oracle Solaris 中 DTrace 探测器和提供程序的区别.还 ...

  6. DTRACE简介(2)

    By samwan on 三月 21, 2007 通过上一次的介绍,相信大家对DTRACE已经有了一个初步的认识.上一次结束时专门留了一个例子,可能大家第一次看有很多不明白的地方,没有关系,随着我们对 ...

  7. 我的MYSQL学习心得(一) 简单语法

    我的MYSQL学习心得(一) 简单语法 我的MYSQL学习心得(二) 数据类型宽度 我的MYSQL学习心得(三) 查看字段长度 我的MYSQL学习心得(四) 数据类型 我的MYSQL学习心得(五) 运 ...

  8. Swift与C#的基础语法比较

    背景: 这两天不小心看了一下Swift的基础语法,感觉既然看了,还是写一下笔记,留个痕迹~ 总体而言,感觉Swift是一种前后端多种语言混合的产物~~~ 做为一名.NET阵营人士,少少多多总喜欢通过对 ...

  9. 探索C#之6.0语法糖剖析

    阅读目录: 自动属性默认初始化 自动只读属性默认初始化 表达式为主体的函数 表达式为主体的属性(赋值) 静态类导入 Null条件运算符 字符串格式化 索引初始化 异常过滤器when catch和fin ...

随机推荐

  1. http请求原理

    客户端发送一个HTTP请求到服务器的请求消息包括以下格式:请求行(request line).请求头部(header).空行和请求数据四个部分组成,下图给出了请求报文的一般格式. 请求行 HTTP响应 ...

  2. CodeForce:732B-Cormen — The Best Friend Of a Man

    传送门:http://codeforces.com/problemset/problem/732/B Cormen - The Best Friend Of a Man time limit per ...

  3. cyg-apt update 升级报错

    现象: $ cyg-apt updatecyg-apt: downloading: http://box-soft.com/setup-2.bz2cyg-apt: downloading: http: ...

  4. linux快速查看同局域网的其他在线主机

    安装一个nmap工具,直接 nmap -sP 192.168.1.1/24 即可

  5. [git 学习篇] --创建git创库

    http://www.liaoxuefeng.com/wiki/0013739516305929606dd18361248578c67b8067c8c017b000/0013743256916071d ...

  6. Spring 4.3.11.RELEASE文档阅读(二):Core Technologies_AOP

    虽然并不是每个问题都有答案,但我想了很多问题.so, just write it down , maybe one day...... AOP: 1,AOP是啥 2,AOP思想是怎么产生的 3,AOP ...

  7. 【bzoj2225】[Spoj 2371]Another Longest Increasing CDQ分治+树状数组

    题目描述 给定N个数对(xi, yi),求最长上升子序列的长度.上升序列定义为{(xi, yi)}满足对i<j有xi<xj且yi<yj. 样例输入 8 1 3 3 2 1 1 4 5 ...

  8. Bash Command 1: find

    GNU find searches the directory tree rooted at each given starting-point by evaluating the given exp ...

  9. IBM QMF下载

    官网下载页面: http://www-01.ibm.com/support/docview.wss?uid=swg27009383 官方BBS: https://w3-connections.ibm. ...

  10. debug模式总是自动跳到ThreadPoolExecutor

    debug模式下eclipse总是自动跳到ThreadPoolExecutor解决方案 debug模式下eclipse总是自动跳到ThreadPoolExecutor解决方案 在eclipse中点击W ...