2.4 Using Predicates to Select Actions

Predicates are logic statements that select whether DTrace invokes the actions that are associated with a probe. You can use predicates to focus tracing analysis on specific contexts under which a probe fires.

The following example is an executable DTrace script, daterun.d, that displays the file descriptor, output string, and string length specified to the write() system call whenever the date command is run on the system.

Example 2.6 daterun.d: Display arguments to write() when date runs

#!/usr/sbin/dtrace -qs

/* daterun.d -- Display arguments to write() when date runs */

/execname == "date"/
  printf("%s(%d, %s, %d)\n", probefunc, arg0, copyinstr(arg1), arg2);

In the example, the predicate is /execname == "date"/, which specifies that if the probe syscall::write:entry is triggered, DTrace runs the associated action only if the name of the executable is date.

Make the script executable by changing its mode:

# chmod +x daterun.d

Before running the script, remember to use modprobe to load the systrace kernel module if this module has not already been loaded.

If you run the script from one window, while typing the date command in another, you see output such as the following in the first window:

# ./daterun.d
write(1, Thu Oct 31 11:14:43 GMT 2013
, 29)