You can easily use the fbt
provider to
explore the kernel's implementation. The following example
script records the first gettimeofday
call
from any clock
process and then follows the
subsequent code path through the kernel. Type the following D
source code and save it in a file named
xgettimeofday.d
:
/* * To make the output more readable, indent every function entry * and unindent every function return. This is done by setting the * "flowindent" option. */ #pragma D option flowindent syscall::gettimeofday:entry /execname == "clock" && guard++ == 0/ { self->traceme = 1; printf("start"); } fbt::: /self->traceme/ {} syscall::gettimeofday:return /self->traceme/ { self->traceme = 0; exit(0); }
Running this script results in output that is similar to the following:
# dtrace -s ./xgettimeofday.d
dtrace: script './xgettimeofday.d' matched 92115 probes
CPU FUNCTION
0 => gettimeofday start
0 -> SyS_gettimeofday
0 -> getnstimeofday64
0 -> __getnstimeofday64
0 <- __getnstimeofday64
0 <- getnstimeofday64
0 -> _copy_to_user
0 <- _copy_to_user
0 <- SyS_gettimeofday
0 <= gettimeofday
The previous output shows the internal kernel functions that are
called when the gettimeofday
system call is
made.