Providers and Probes
The examples in the Getting Started section described two probes named BEGIN
and END
. DTrace probes come from a set of kernel modules called providers, each of which performs a particular kind of instrumentation to create probes. When you use DTrace, each provider is given an opportunity to publish the probes it can provide to the DTrace framework. You can then enable and bind your tracing actions to any of the probes that have been published. To list all of the available probes on your system, type the following command:
# dtrace -l
ID PROVIDER MODULE FUNCTION NAME
1 dtrace BEGIN
2 dtrace END
3 dtrace ERROR
4 lockstat genunix mutex_enter adaptive-acquire
5 lockstat genunix mutex_enter adaptive-block
6 lockstat genunix mutex_enter adaptive-spin
7 lockstat genunix mutex_exit adaptive-release
... many lines of output omitted ...
#
It might take some time to display all of the output. To count up all your probes, type the following command:
# dtrace -l | wc -l
30122
You might observe a different total on your system, as the number of probes varies depending on the operating platform and the software you have installed. As you can see, there are a very large number of probes available to you. In fact, this output is not the complete list because, some providers offer the ability to create new probes based on your tracing requests, making the actual number of DTrace probes virtually unlimited. The output of the dtrace -l
command displays the probes. Notice that each probe has an integer ID and a probe description. A probe description is composed of four parts shown as separate columns in the dtrace
output:
- Provider
-
Name of the DTrace provider that is publishing this probe. The provider name typically corresponds to the name of the DTrace kernel module that performs the instrumentation to enable the probe.
- Module
-
Name of the module in which the probe is located, if this probe corresponds to a specific program location. The name is either of a kernel module or of a user library.
- Function
-
Name of the program function in which the probe is located, if this probe corresponds to a specific program location.
- Name
-
Identifier that indicates the purpose of the probe, such as
BEGIN
orEND
.This name can be referenced in a D program by using the built-in variable
probename
.
When writing a probe description, write all four parts of the description separated by colons.
provider:module:function:name
Notice that some of the probes in the output do not have values for module and function, such as the BEGIN
and END
probes used earlier. Some probes leave these two fields blank because these probes do not correspond to any specific instrumented program function or location. Instead, these probes refer to a more abstract concept like the idea of the end of your tracing request. A probe that has a module and function as part of its name is known as an anchored probe, and one that does not is known as unanchored.
By convention, if you do not specify all of the fields of a probe description, DTrace matches your request to all of the probes that have matching values in the parts of the name that you specify. In other words, when you used the probe name BEGIN
earlier, you were actually telling DTrace to match any probe whose name field is BEGIN
, regardless of the value of the provider, module, and function fields. As it happens, there is only one probe matching that description, so the result is the same. But you now know that the true name of the BEGIN
probe is dtrace:::BEGIN
, which indicates that this probe is provided by the DTrace framework itself and is not anchored to any function. Therefore, the hello.d
program could have been written as follows and would produce the same result:
dtrace:::BEGIN { trace("hello, world"); exit(0); }