FBT Provider
The fbt
(Function Boundary Tracing) provider includes probes that are
associated with the entry to and return from most functions in the Oracle Linux kernel.
Therefore, there could be tens of thousands of fbt
probes.
sudo dtrace -lP fbt
An effective use of FBT probes requires knowledge of the kernel implementation. Therefore, we recommend that you use FBT only when developing kernel software or when other providers aren't sufficient.
Because of the large number of FPB probes that are available, be specific about the modules and functions that you enable probes for. Performance can be impacted when the full range of FBT probes are enabled at the same time.
fbt Probes
FBT provides a probe named entry
at the start of most functions in the
kernel. A probe named return
is included at the end of most functions in the
kernel. All FBT probes have a function name and module name.
fbt Probe Arguments
The arguments to entry
probes are the same as
the arguments to the corresponding operating system kernel
function. These arguments can be accessed as
int64_t
values by using the
arg0
, arg1
,
arg2
, ... variables.
If the function has a return value, the return value is stored in arg1
of
the return
probe. If a function doesn't have a return value,
arg1
isn't defined.
While a specified function only has a single point of entry, it might have many different
points where it returns to its caller. FBT collects a function's multiple return sites into
a single return
probe. If you want to know the exact return path, you can
examine the return
probe arg0
value, which indicates the
offset in bytes of the returning instruction in the function text.
fbt Examples
You can use the fbt
provider to explore the kernel's implementation. The
following example script creates an aggregation on the number of times different functions
allocate kernel virtual memory. The results of the aggregation are printed when the script
exits. This would help somebody to monitor what functions are memory intensive. Type the
following D source code and save it in a file named getkmemalloc.d
:
#pragma D option quiet
fbt::kmem*alloc*:entry
{
@[caller] = count();
}
dtrace:::END
{
printa("%40a %@10d\n", @);
}
Running this script results in output similar to the following:
vmlinux`vm_area_alloc+0x1a 1
vmlinux`__sigqueue_alloc+0x65 1
vmlinux`__create_xol_area+0x4d 1
vmlinux`__create_xol_area+0x6f 1
vmlinux`vmstat_start+0x39 1
vmlinux`proc_alloc_inode+0x1d 1
vmlinux`proc_self_get_link+0x5b 1
vmlinux`security_inode_alloc+0x24 1
vmlinux`avc_alloc_node+0x1c 1
vmlinux`ep_ptable_queue_proc+0x3d 2
vmlinux`kernfs_fop_open+0xbf 2
vmlinux`kernfs_fop_open+0x2e8 2
vmlinux`disk_seqf_start+0x25 2
vmlinux`__alloc_skb+0x16c 6
vmlinux`skb_clone+0x4b 6
vmlinux`ep_insert+0xbb 8
vmlinux`ep_insert+0x34c 8
vmlinux`__d_alloc+0x29 9
vmlinux`kernfs_iop_get_link+0x33 9
vmlinux`single_open+0x2a 15
vmlinux`proc_reg_open+0x6e 17
vmlinux`seq_open+0x2a 21
vmlinux`__alloc_file+0x23 29
vmlinux`security_file_alloc+0x24 29
vmlinux`getname_flags.part.0+0x2c 40
The output shows the internal kernel functions that are making calls to the
kmem*alloc
system calls and can be used to find which kernel functions
most often allocate kernel virtual memory on a system.
fbt Stability
The fbt
provider uses DTrace's stability mechanism to describe its
stabilities. These stability values are listed in the following table.
Element | Name Stability | Data Stability | Dependency Class |
---|---|---|---|
Provider |
Evolving |
Evolving |
Common |
Module |
Private |
Private |
Unknown |
Function |
Private |
Private |
ISA |
Name |
Evolving |
Evolving |
Common |
Arguments |
Private |
Private |
ISA |