SystemTap知识(二)
2013-09-01 11:30 轩脉刃 阅读(2197) 评论(0) 编辑 收藏 举报Unbuntu安装systemtap:
http://www.cnblogs.com/hdflzh/archive/2012/07/25/2608910.html
1 更新源到http://mirror.ubuntu9.com/topmirror/sourceslist/all/54772423e19231bbb722a69fd878df28.list
2 apt-get install systemtap
3 apt-get install systemtap-sdt-dev
4
$ cd $HOME
$ sudo apt-get install dpkg-dev debhelper gawk
apt-get install ncurses-dev
$ mkdir tmp
$ cd tmp
$ sudo apt-get build-dep --no-install-recommends linux-image-$(uname -r)
$ apt-get source linux-image-$(uname -r)
$ cd linux-2.6.31 (this is currently the kernel version of 9.10)
$ fakeroot debian/rules clean
$ AUTOBUILD=1 fakeroot debian/rules binary-generic skipdbg=false
$ sudo dpkg -i ../linux-image-debug-2.6.31-19-generic_2.6.31-19.56_amd64.ddeb
http://sourceware.org/systemtap/wiki/SystemtapOnUbuntu
出现错误:
/usr/share/systemtap/runtime/transport/relay_v2.c:241:2: error: initialization from incompatible pointer type [-Werror]
/usr/share/systemtap/runtime/transport/relay_v2.c:241:2: error: (near initialization for ?._stp_relay_callbacks.create_buf_file?. [-Werror]
In file included from /usr/share/systemtap/runtime/print.c:18:0,
from /usr/share/systemtap/runtime/runtime.h:128,
from /tmp/stapXuHMle/stap_f534cd5578062befad3b2b49cf30135c_2471.c:59:
/usr/share/systemtap/runtime/transport/transport.c: In function ?.stp_get_root_dir?.
/usr/share/systemtap/runtime/transport/transport.c:386:8: error: ?.truct hlist_head?.has no member named ?.ext?
In file included from /tmp/stapXuHMle/stap_f534cd5578062befad3b2b49cf30135c_2471.c:61:0:
/usr/share/systemtap/runtime/stat.c: In function ?.stp_stat_get?.
/usr/share/systemtap/runtime/stat.c:213:2: error: ?.pu_possible_map?.undeclared (first use in this function)
/usr/share/systemtap/runtime/stat.c:213:2: note: each undeclared identifier is reported only once for each function it appears in
/usr/share/systemtap/runtime/stat.c: In function ?.stp_stat_clear?.
/usr/share/systemtap/runtime/stat.c:248:2: error: ?.pu_possible_map?.undeclared (first use in this function)
cc1: all warnings being treated as errors
解决:
http://blog.sina.com.cn/s/blog_820c67660101cgke.html
测试是否成功:
stap -e 'probe kernel.function("vfs_read") { printf("%s \n", $$vars)}' -vv
用户域的探针
Systemtap最初是用于内核态的探针的,但是基于用户态的探针能定位解决用户的程序问题。Systemtap0.6能往用户态的进程中放入探针。SystemTap能支持在用户态的进程中的某个方法的入口和出口的地方放入探针。
用户态Systemtap的探针要求安装utrace内核扩展。utrace的介绍在:
http://sourceware.org/systemtap/wiki/utrace
使用命令来判断当前系统是否安装了utrace
grep CONFIG_UTRACE /boot/config-`uname -r`
如果支持用户态探针,会输出:
CONFIG_UTRACE=y
用户态Systemtap也需要uprobes内核模块。如果没有安装的话,你在运行需要uprobes模块的时候会出现下面的问题:
用户态的事件
用户态事件以process开始,有下面几种形式
PATH是可执行程序的路径
process("PATH").function("function")
process("PATH").statement("statement")
process("PATH").mark("marker")
process.begin
process.thread.begin
process.end
process.thread.end
process.syscall
实时了解作者更多技术文章,技术心得,请关注微信公众号“轩脉刃的刀光剑影”
本文基于署名-非商业性使用 3.0许可协议发布,欢迎转载,演绎,但是必须保留本文的署名叶剑峰(包含链接http://www.cnblogs.com/yjf512/),且不得用于商业目的。如您有任何疑问或者授权方面的协商,请与我联系。