stap 命令

SystemTap accepts script as command line option or external file, for example:

* Command-line script is passed with `-e` option
   `# stap -e 'probe syscall.write { printf("%d\n", $fd); }' [arguments]`
 * External file as first argument:
   `# stap syscalls. [arguments]`

SystemTap command line arguments may be passed to a script, but it distingushes their types: numerical arguments are accessible with `$` prefix: `$1`, `$2` ... `$n` while string arguments have `@` prefix: `@1`, `@2` ... `@n`

Here are some useful `stap(1)` options:

* `-l PROBESPEC` accepts probe specifier without `probe` keyword (but with wildcards) and prints all matching probe names (more on wildcards in [Probes][lang/probes]). `-L` will also print probe arguments and their types. For example:
`# stap -l 'scsi.*'`
* `-v` -- increases verbosity of SystemTap. The more letters you passed, the more diagnostic information will be printed. If only one `-v` was passed, `stap` will report only finishing of each stage.
* `-p STAGE` -- ends stap process after _STAGE_, represented with a number starting with 1 (_parse_).
* `-k` -- stap tool won't delete SystemTap temporary files created during compilation (sources and kernel modules kept in `/tmp/stapXXXX` directory),
* `-g` -- enables Guru-mode, that allows to bind to blacklisted probes and write into kernel memory along with using Embedded C in your scripts. Generally speaking, it allows dangerous actions.
* `-c COMMAND` and `-x PID` -- like those in DTrace, they allow to bind SystemTap to a specific process
* `-o FILE` -- redirects output to a file. If it already exists, SystemTap __rewrites__ it.
* `-m NAME` -- when compiling a module, give it meaningful name instead of `stap_<gibberish>`.

When SystemTap needs to resolve address into a symbol (for example, instruction pointer to a corresponding function name), it doesn't look into libraries or kernel modules.

Here are some useful command-line options that enable that:

* `-d MODULEPATH` -- enables symbol resolving for a specific library or kernel module. Note that in case it is not provided, `stap` will print a warning with corresponding `-d` option.
* `--ldd` -- for tracing process -- use `ldd` to add all linked libraries for a resolving.
* `--all-modules` -- enable resolving for all kernel modules

#### SystemTap example

Here is sample SystemTap script:

#!/usr/sbin/stap

probe syscall.write { if(pid() == target())

printf("Written %d bytes", $count); }

Save it to `test.stp` and run like this:

root@host# stap /root/test.stp -c "dd if=/dev/zero of=/dev/null count=1"

_Q__: Run SystemTap with following options: `# stap -vv -k -p4 /root/test.stp `, find generated directory in `/tmp` and look into created C source.

__Q__: Calculate number of probes in a `syscall` provider and number of variables provided by `syscall.write` probe:

# stap -l 'syscall.*' | wc -l
# stap -L 'syscall.write'

运行SystemTap。

运行SystemTap首先需要root权限。

运行SystemTap有三种形式：

1． 从文档(通常以.stp作为文档名后缀)中读入并运行脚本：stap [选项] 文档名。

2． 从标准输入中读入并运行脚本： stap [选项]。

3． 运行命令行中的脚本：stap [选项] -e 脚本。

4． 直接运行脚本文档(需要可执行属性并且第一行加上#!/usr/bin/stap)：./脚本文档名用"Ctrl C"中止SystemTap的运行。

systemtap的选项还在不断的扩展和更新中，其中最常用的选项包括：

-v -- 打印中间信息；

-p NUM -- 运行完Pass Num后停止(缺省是运行到Pass 5)；

-k -- 运行结束后保留临时文档不删除；

-b -- 使用RelayFS文档系统来将数据从内核空间传输到用户空间；

-M -- 仅当使用-b选项时有效，运行结束时不合并每个CPU的单独数据文档；

-o FILE -- 输出到文档，而不是输出到标准输出；

-c CMD -- 启动探测后，运行CMD命令，直到命令结束后退出；

-g -- 采用guru模式，允许脚本中嵌入C语句；