Oracle® Linux

DTrace Tutorial

Oracle Legal Notices

E50705-04

July 2014

Abstract

This tutorial introduces the Dynamic Tracing (DTrace) feature of Oracle Linux and shows how you can use the D language to trace the behavior of the operating system and user-space programs. The tutorial includes practical examples that you can run and provides exercises with solutions that will enable you to learn more about using DTrace.

Document generated on: 2014-07-09 (revision: 2072)


Table of Contents

Preface
1 Introducing DTrace
1.1 About Using this Tutorial
1.2 About DTrace
1.3 About DTrace Providers
1.4 Preparation: Installing and Configuring DTrace
1.4.1 Changing the Mode of the DTrace Helper Device
1.4.2 Loading DTrace Kernel Modules
1.5 Running a Simple DTrace Program
2 Tracing Operating System Behavior
2.1 Tracing Process Creation
2.2 Tracing System Calls
2.3 Performing an Action at Specified Intervals
2.4 Using Predicates to Select Actions
2.5 Timing Events on a System
2.6 Tracing Parent and Child Processes
2.7 Simple Data Aggregations
2.8 More Complex Data Aggregations
2.9 Displaying System Call Errors
3 Tracing User-Space Applications
3.1 Preparation: Installing DTrace-Enabled Applications
3.2 Tracing a User-Space Application
3.3 Using Aggregations with User-Space Applications
3.4 Tracing the Flow of Execution
3.5 Detecting PHP Errors
3.6 Using a Speculation for Error Analysis
4 Going Further with DTrace

List of Examples

1.1 hello.d: A simple D program that uses the BEGIN probe
1.2 goodbye.d: Simple D program that demonstrates the END probe
2.1 execcalls.d: Monitor the system as it executes programs
2.2 syscalls.d: Record open() system calls on a system
2.3 syscalls1.d: Modified version of syscalls.d that displays more information
2.4 tick.d: Perform an action at regular intervals
2.5 tick1.d: Modified version of tick.d
2.6 daterun.d: Display arguments to write() when date runs
2.7 wrun.d: Modified version of daterun.d for the w command
2.8 readtrace.d: Display time spent in read() calls
2.9 readtrace1.d: Modified version of readtrace.d that includes a predicate
2.10 calltrace.d: Time all system calls for firefox
2.11 activity.d: Record fork() and exec() activity
2.12 activity1.d: Record fork() and exec() activity for a specified program
2.13 countcalls.d: Count write, read, and open system calls over 100 seconds
2.14 countsyscalls.d: Count system calls invoked by a process
2.15 countprogs.d: Count programs invoked by a specified user
2.16 fdscount.d: Count the number of times that a program reads from different files
2.17 cswpercpu.d: Print number of context switches per CPU once per second
2.18 diskact.d: Display the distribution of I/O throughput for block devices
2.19 rwdiskact.d: Modified version of diskact.d that displays separate results for read and write I/O
2.20 fsact: Display cumulative read and write activity across a file system device
2.21 errno.d: Display errno and the file name for failed open() calls
2.22 displayerrno.d: Modified version of errno.d that displays error names
3.1 func.php: Infinitely looping, recursive test script
3.2 aggfunc.d: Aggregate counts for a PHP program
3.3 flow.d: Trace the flow of execution in func.php
3.4 flow1.d: Modified version of flow.d that also displays system calls
3.5 detphperr.d: Detect errors in PHP programs
3.6 detphperr1.d: Modified version of detphperr.d that includes the function name and a timestamp
3.7 errortrace.d: Print complete trace after one or more errors occur
3.8 errortrace1.d: Print a function call trace as soon as an error occurs