FBT Provider
The fbt (Function Boundary Tracing) provider includes probes that are
associated with the entry to and return from most functions in the Oracle Linux kernel.
Therefore, there could be tens of thousands of fbt probes.
sudo dtrace -lP fbtAn effective use of FBT probes requires knowledge of the kernel implementation. Therefore, we recommend that you use FBT only when developing kernel software or when other providers aren't sufficient.
Because of the large number of FPB probes that are available, be specific about the modules and functions that you enable probes for. Performance can be impacted when the full range of FBT probes are enabled at the same time.
fbt Probes
FBT provides a probe named entry at the start of most functions in the
kernel. A probe named return is included at the end of most functions in the
kernel. All FBT probes have a function name and module name.
fbt Probe Arguments
The arguments to entry probes are the same as
the arguments to the corresponding operating system kernel
function. These arguments can be accessed as
int64_t values by using the
arg0, arg1,
arg2, ... variables.
If the function has a return value, the return value is stored in arg1 of
the return probe. If a function doesn't have a return value,
arg1 isn't defined.
While a specified function only has a single point of entry, it might have many different
points where it returns to its caller. FBT collects a function's multiple return sites into
a single return probe. If you want to know the exact return path, you can
examine the return probe arg0 value, which indicates the
offset in bytes of the returning instruction in the function text.
fbt Examples
You can use the fbt provider to explore the kernel's implementation. The
following example script creates an aggregation on the number of times different functions
allocate kernel virtual memory. The results of the aggregation are printed when the script
exits. This would help somebody to monitor what functions are memory intensive. Type the
following D source code and save it in a file named getkmemalloc.d:
#pragma D option quiet
fbt::kmem*alloc*:entry
{
@[caller] = count();
}
dtrace:::END
{
printa("%40a %@10d\n", @);
}Running this script results in output similar to the following:
vmlinux`vm_area_alloc+0x1a 1
vmlinux`__sigqueue_alloc+0x65 1
vmlinux`__create_xol_area+0x4d 1
vmlinux`__create_xol_area+0x6f 1
vmlinux`vmstat_start+0x39 1
vmlinux`proc_alloc_inode+0x1d 1
vmlinux`proc_self_get_link+0x5b 1
vmlinux`security_inode_alloc+0x24 1
vmlinux`avc_alloc_node+0x1c 1
vmlinux`ep_ptable_queue_proc+0x3d 2
vmlinux`kernfs_fop_open+0xbf 2
vmlinux`kernfs_fop_open+0x2e8 2
vmlinux`disk_seqf_start+0x25 2
vmlinux`__alloc_skb+0x16c 6
vmlinux`skb_clone+0x4b 6
vmlinux`ep_insert+0xbb 8
vmlinux`ep_insert+0x34c 8
vmlinux`__d_alloc+0x29 9
vmlinux`kernfs_iop_get_link+0x33 9
vmlinux`single_open+0x2a 15
vmlinux`proc_reg_open+0x6e 17
vmlinux`seq_open+0x2a 21
vmlinux`__alloc_file+0x23 29
vmlinux`security_file_alloc+0x24 29
vmlinux`getname_flags.part.0+0x2c 40
The output shows the internal kernel functions that are making calls to the
kmem*alloc system calls and can be used to find which kernel functions
most often allocate kernel virtual memory on a system.
fbt Stability
The fbt provider uses DTrace's stability mechanism to describe its
stabilities. These stability values are listed in the following table.
| Element | Name Stability | Data Stability | Dependency Class |
|---|---|---|---|
|
Provider |
Evolving |
Evolving |
Common |
|
Module |
Private |
Private |
Unknown |
|
Function |
Private |
Private |
ISA |
|
Name |
Evolving |
Evolving |
Common |
|
Arguments |
Private |
Private |
ISA |