代码改变世界

SystemTap知识(二)

2013-09-01 11:30  轩脉刃  阅读(2197)  评论(0编辑  收藏  举报

Unbuntu安装systemtap:

http://www.cnblogs.com/hdflzh/archive/2012/07/25/2608910.html

1 更新源到http://mirror.ubuntu9.com/topmirror/sourceslist/all/54772423e19231bbb722a69fd878df28.list

2 apt-get install systemtap

3 apt-get install systemtap-sdt-dev

4

$ cd $HOME

$ sudo apt-get install dpkg-dev debhelper gawk

apt-get install ncurses-dev

$ mkdir tmp

$ cd tmp

$ sudo apt-get build-dep --no-install-recommends linux-image-$(uname -r)

$ apt-get source linux-image-$(uname -r)

$ cd linux-2.6.31 (this is currently the kernel version of 9.10)

$ fakeroot debian/rules clean

$ AUTOBUILD=1 fakeroot debian/rules binary-generic skipdbg=false

$ sudo dpkg -i ../linux-image-debug-2.6.31-19-generic_2.6.31-19.56_amd64.ddeb

https://gist.github.com/shino/30c6745bb7a5db6fdce0/raw/e4d191fed1d44c038020c2f2e897bd08b513fe8e/systemtap_ubuntu12.10_memo.rst

http://sourceware.org/systemtap/wiki/SystemtapOnUbuntu

出现错误:

/usr/share/systemtap/runtime/transport/relay_v2.c:241:2: error: initialization from incompatible pointer type [-Werror]

/usr/share/systemtap/runtime/transport/relay_v2.c:241:2: error: (near initialization for ?._stp_relay_callbacks.create_buf_file?. [-Werror]

In file included from /usr/share/systemtap/runtime/print.c:18:0,

                 from /usr/share/systemtap/runtime/runtime.h:128,

                 from /tmp/stapXuHMle/stap_f534cd5578062befad3b2b49cf30135c_2471.c:59:

/usr/share/systemtap/runtime/transport/transport.c: In function ?.stp_get_root_dir?.

/usr/share/systemtap/runtime/transport/transport.c:386:8: error: ?.truct hlist_head?.has no member named ?.ext?

In file included from /tmp/stapXuHMle/stap_f534cd5578062befad3b2b49cf30135c_2471.c:61:0:

/usr/share/systemtap/runtime/stat.c: In function ?.stp_stat_get?.

/usr/share/systemtap/runtime/stat.c:213:2: error: ?.pu_possible_map?.undeclared (first use in this function)

/usr/share/systemtap/runtime/stat.c:213:2: note: each undeclared identifier is reported only once for each function it appears in

/usr/share/systemtap/runtime/stat.c: In function ?.stp_stat_clear?.

/usr/share/systemtap/runtime/stat.c:248:2: error: ?.pu_possible_map?.undeclared (first use in this function)

cc1: all warnings being treated as errors

解决:

http://blog.sina.com.cn/s/blog_820c67660101cgke.html

测试是否成功:

stap -e 'probe kernel.function("vfs_read") { printf("%s \n", $$vars)}' -vv

用户域的探针

Systemtap最初是用于内核态的探针的,但是基于用户态的探针能定位解决用户的程序问题。Systemtap0.6能往用户态的进程中放入探针。SystemTap能支持在用户态的进程中的某个方法的入口和出口的地方放入探针。

用户态Systemtap的探针要求安装utrace内核扩展。utrace的介绍在:

http://sourceware.org/systemtap/wiki/utrace

使用命令来判断当前系统是否安装了utrace

grep CONFIG_UTRACE /boot/config-`uname -r`

如果支持用户态探针,会输出:

CONFIG_UTRACE=y

用户态Systemtap也需要uprobes内核模块。如果没有安装的话,你在运行需要uprobes模块的时候会出现下面的问题:

Image(5)

用户态的事件

用户态事件以process开始,有下面几种形式

PATH是可执行程序的路径

process("PATH").function("function")

process("PATH").statement("statement")

process("PATH").mark("marker")

process.begin

process.thread.begin

process.end

process.thread.end

process.syscall