3 Example DTrace Usage
The following examples illustrate current functionality in DTrace v2.0. Examples assume that
commands are run as root and /usr/sbin
is in the PATH.
-
List probes:
# dtrace -l DTrace 2.0.0 [Pre-Release with limited functionality] ID PROVIDER MODULE FUNCTION NAME 1 dtrace BEGIN 2 dtrace END 3 dtrace ERROR 4 fbt vmlinux trace_initcall_finish_cb entry 5 fbt vmlinux trace_initcall_finish_cb return ...
On this particular system, there were:
-
3 dtrace probes
-
87890 fbt probes (based on kprobes)
-
1262 sdt probes (based on Linux tracepoints)
-
666 syscall probes
-
-
Example script that uses the
-S
option, to output the compiled D code as an eBPF program, and that uses the-e
option, to exit after compilation:# dtrace -Sen 'write:entry { trace(1) }' DTrace 2.0.0 [Pre-Release with limited functionality] Disassembly of ::write:entry DIFO 0x46af600 returns D type (integer) (size 8) [record 16 bytes] INS OFF OPCODE INSTRUCTION 000 000: 62 a 0 fef8 ffffffff stw [%fp-264], -1 ! = EPID 001 008: 62 a 0 fefc 00000000 stw [%fp-260], 0 002 016: 7a a 0 ff00 00000000 stdw [%fp-256], 0 003 024: 7a a 0 ff08 00000000 stdw [%fp-248], 0 004 032: 7a a 0 ff10 00000000 stdw [%f [...]
-
Example script:
# dtrace -n ' syscall::write:* { this->x = 3; /* clause-local variables */ this->y = 8; trace(this->x * this->y); trace(&`max_pfn); }'
In the example script:
-
Probe all
write()
system call probes simultaneously using a wildcard; -
Probe with recording the address of a kernel identifier (
max_pfn
) and other data items; -
Associate several probes with a single action.
-
Clause-local variables are used.
-
The
trace()
action is used to report output.
-