2.7.5 Example: Counting System Calls Invoked by a Process (countsyscalls.d)

The D program countsyscalls.d shown in the following example counts the number of times a process that is specified by its process ID invokes different system calls.

#!/usr/sbin/dtrace -qs

/* countsyscalls.d -- Count system calls invoked by a process */

syscall:::entry
/pid == $1/
{
  @num[probefunc] = count();
}

After making the syscalls.d file executable, you can run it from the command line, specifying a process ID as its argument.

The following example shows how you would monitor the use of the emacs program that was previously invoked. After the script is invoked, within emacs a couple files are opened, modified, and then saved before exiting the D script.

Make the script executable:

# chmod +x countsyscalls.d

From another command line, type:

# emacs foobar.txt

Now, start the script and use the opened emacs window:

# ./countsyscalls.d $(pgrep -u root emacs)
^C 

  chmod                                                             1 
  exit_group                                                        1 
  futex                                                             1 
  getpgrp                                                           1 
  lseek                                                             1 
  lsetxattr                                                         1 
  rename                                                            1 
  fsync                                                             2 
  lgetxattr                                                         2 
  alarm                                                             3 
  rt_sigaction                                                      3 
  unlink                                                            3 
  mmap                                                              4 
  munmap                                                            4 
  symlink                                                           4 
  fcntl                                                             6 
  newfstat                                                          6 
  getgid                                                            7 
  getuid                                                            7 
  geteuid                                                           8 
  openat                                                            8 
  access                                                            9 
  getegid                                                          14 
  open                                                             14 
  getdents                                                         15 
  close                                                            17 
  readlink                                                         19 
  newlstat                                                         33 
  newstat                                                         155 
  read                                                            216 
  timer_settime                                                   231 
  write                                                           314 
  pselect6                                                        376 
  rt_sigreturn                                                    393 
  ioctl                                                           995 
  rt_sigprocmask                                                 1261 
  clock_gettime                                                  3495 

In the preceding example, the pgrep command is used to determine the process ID of the emacs program that the root user is running.