Syscall Provider
The syscall provider makes available a probe at the entry to and return
from every system call in the system. Because system calls are the primary interface between
user-level applications and the operating system kernel, the syscall
provider can offer tremendous insight into application behavior with respect to the system.
syscall Probes
syscall provides a pair of probes for each system call: an
entry probe that fires before the system call is entered, and a
return probe that fires after the system call has completed, but before
control has been transferred back to user-level. For all syscall probes,
the function name is set as the name of the instrumented system call.
Often, the system call names that are provided by syscall correspond to
names in the Section 2 manual pages. However, some syscall provider probes
don't directly correspond to any documented system call, such as the case where a system
call might be a sub operation of another system call or where a system call might be private
in that they span the user-kernel boundary.
syscall Probe Arguments
For entry probes, the arguments,
arg0 ...
argn
, are
arguments to the system call. For return probes, both
arg0 and arg1 contain the
return value. A non-zero value in the D variable
errno indicates a system call failure.
syscall Stability
The syscall provider uses DTrace's stability
mechanism to describe its stabilities. These stability values
are listed in the following table.
| Element | Name Stability | Data Stability | Dependency Class |
|---|---|---|---|
|
Provider |
Evolving |
Evolving |
Common |
|
Module |
Private |
Private |
Unknown |
|
Function |
Private |
Private |
Instruction set architecture (ISA) |
|
Name |
Evolving |
Evolving |
Common |
|
Arguments |
Private |
Private |
ISA |