Introduction to DTrace
With a view of using it with Ruby 2.0
Monday, 18 March 13
Slide 2
Slide 2 text
What is DTrace
• It is a sampling profiler.
• Works on Solaris, Mac OSX, *BSD and Oracle
Linux.
Monday, 18 March 13
Slide 3
Slide 3 text
Sampling profiler?
• A sampling profiler probes the target program's program counter at regular
intervals using operating system interrupts. Sampling profiles are typically less
numerically accurate and specific, but allow the target program to run at near
full speed.
Monday, 18 March 13
Slide 4
Slide 4 text
Monday, 18 March 13
Slide 5
Slide 5 text
Advantages
• Low overhead.
• When turned off zero overhead.
• No compilatin flags necessary.
Monday, 18 March 13
Slide 6
Slide 6 text
Show me the probes
~> dtrace -l | more
Monday, 18 March 13
Slide 7
Slide 7 text
Anatomy of a Probe
• ID - Internal ID of the probe listed.
• Provider - Name of the Provider. Providers are
used to classify the probes. This is also the
method of instrumentation.
• Module - The name of the Unix module or
application library of the probe
• Function - The name of the function in which the
probe exists.
• Name - The name of the probe.(entry, return)
Monday, 18 March 13
Show me the Ruby
probes
• You must already have a program already
running in target runtime.
• ~> sudo dtrace -l -P ruby*
Monday, 18 March 13
Slide 11
Slide 11 text
Process ID
Monday, 18 March 13
Slide 12
Slide 12 text
Running a Probe
• from command line
• Or as a script
Monday, 18 March 13
Slide 13
Slide 13 text
Few example probes
~> sudo dtrace -f open
~> sudo dtrace -P syscall -f write
Monday, 18 March 13
Slide 14
Slide 14 text
D Programming
Language
• A subset of C and closer to awk etc. Can we run
as scripts.
Monday, 18 March 13
Slide 15
Slide 15 text
Goal
Print all system calls a program is making
Monday, 18 March 13
Slide 16
Slide 16 text
Using D script language
/*
* Probe when any function is entered within syscall provider
*/
syscall:::entry
{
! printf("%s(%d) called %s\n", execname, pid, probefunc);
}
Monday, 18 March 13
Slide 17
Slide 17 text
Run it
Monday, 18 March 13
Slide 18
Slide 18 text
probe description
/predicate/
{
action;
}
Monday, 18 March 13
Slide 19
Slide 19 text
Probe description
• provider:module:function:name
• Example:
syscall:::entry
syscall::write:entry
• You can use wild cards such as ? or *
Monday, 18 March 13
Slide 20
Slide 20 text
/*
* Probe when any function is entered within syscall provider
*/
syscall:::entry
{
! printf("%s(%d) called %s\n", execname, pid, probefunc);
}
Probe description
Monday, 18 March 13
Slide 21
Slide 21 text
/*
* Probe when any function is entered within syscall provider
*/
syscall:::entry
{
! printf("%s(%d) called %s\n", execname, pid, probefunc);
}
Monday, 18 March 13
Slide 22
Slide 22 text
Script variables
1. execname - Name of current process
2. probeprov - Name of the provider
3. probemod - Name of the module
4. probefunc - Name of the function
5. probename - Name of the probe
6. arg0,....arg9 - Memory location of 10 arguments that the function took
7. cpu - CPU identifier
8. tid - Thread identifier
Monday, 18 March 13
Slide 23
Slide 23 text
Script Variables
1.cwd - Name of current working Directory
2.uid - User ID
3.gid - group ID
4.pid - Process ID
5.walltimestamp - Current Timestamp
6.errorno
7.stackdepth
Monday, 18 March 13
Slide 24
Slide 24 text
Action
/*
* Probe when any function is entered within syscall provider
*/
syscall:::entry
{
! printf("%s(%d) called %s\n", execname, pid, probefunc);
}
Monday, 18 March 13
Slide 25
Slide 25 text
Goal
• Print system calls being made by currently
running Java Program.
Monday, 18 March 13
Slide 26
Slide 26 text
only_java.d
syscall:::entry
/execname=="java"/
{
! printf("%s(%d) called %s\n", execname, pid, probefunc);
}
Monday, 18 March 13
Slide 27
Slide 27 text
syscall:::entry
/execname=="java"/
{
! printf("%s(%d) called %s\n", execname, pid, probefunc);
}
Predicate
Monday, 18 March 13
Slide 28
Slide 28 text
Goal
• Print number of total bytes written by all
currently running programs
Monday, 18 March 13
Slide 29
Slide 29 text
total_bytes.d
/*
* Probe when any function is entered within syscall provider
*/
syscall::write:entry
{
@bytes_written[execname] = sum(arg2);
}
END
{
printa(@bytes_written);
}
Monday, 18 March 13
Slide 30
Slide 30 text
total_bytes.d
/*
* Probe when any function is entered within syscall provider
*/
syscall::write:entry
{
@bytes_written[execname] = sum(arg2);
}
END
{
printa(@bytes_written);
}
Monday, 18 March 13
Makes sense?
/*
* Probe when any function is entered within syscall provider
*/
syscall::write:entry
{
@bytes_written[execname] = sum(arg2);
}
END
{
printa(@bytes_written);
}
Monday, 18 March 13
Slide 33
Slide 33 text
Output formatting
• printf() more or less same as C version.
• printa() aggregate formatting
• trace()
• https://wikis.oracle.com/display/DTrace/Output
+Formatting
Monday, 18 March 13
END Probe
/*
* Probe when any function is entered within syscall provider
*/
syscall::write:entry
{
@bytes_written[execname] = sum(arg2);
}
END
{
printa(@bytes_written);
}
Wont fire
Monday, 18 March 13
Slide 36
Slide 36 text
copyinstr
• Copy in string
• man copyinstr
Monday, 18 March 13
Slide 37
Slide 37 text
Goal
• Print all class instances(with their count) created
by currently running Ruby program.
Monday, 18 March 13