SystemTapLinux下的萬能觀測工具Systemtap

SystemTap

Linux下的萬能觀測工具褚霸核心系統(tǒng)數(shù)據(jù)庫組chuba@2010/11/18Agenda介紹SystemTap

安裝和系統(tǒng)要求

實(shí)踐例子

參考和雜項(xiàng)

結(jié)論SystemTap是什么？Accordingto/systemtap/

SystemTapprovidesfreesoftware(GPL)infrastructuretosimplifythegatheringofinformationabouttherunningLinuxsystem.Thisassistsdiagnosisofaperformanceorfunctionalproblem.SystemTapeliminatestheneedforthedevelopertogothroughthetediousanddisruptiveinstrument,recompile,install,andrebootsequencethatmaybeotherwiserequiredtocollectdata.

觀察活體系統(tǒng)最佳工具，前提是你懂得如何觀察！SystemTap是如何工作的1.writeorchooseascriptdescribingwhatyouwanttoobserve

2.staptranslatesitintoakernelmodule

3.staploadsthemoduleandcommunicateswithit

4.justwaitforyourdata

五步走#

stap-uvtest.stp

Pass1:parseduserscriptand74libraryscript(s)using86868virt/20488res/1792shrkb,in190usr/20sys/209realms.

Pass2:analyzedscript:1probe(s),0function(s),0embed(s),0global(s)using87264virt/21148res/1976shrkb,in10usr/0sys/7realms.

Pass3:translatedtoCinto"/tmp/stapz2iv97/stap_aef621603e006af62084b361e0a0c981_553.c"using87264virt/21332res/2144shrkb,in0usr/0sys/0realms.

Pass4:compiledCinto"stap_aef621603e006af62084b361e0a0c981_553.ko"in1230usr/160sys/1384realms.

Pass5:startingrun.

Pass5:runcompletedin10usr/20sys/12331realms.SystemTap探測點(diǎn)例子SystemTapisallaboutexecutingcertainactionswhenhittingcertainprobepoints.

syscall.read

whenenteringread()systemcallsyscall.close.return

whenreturningfromtheclose()systemcallmodule("floppy").function("*")

whenenteringanyfunctionfromthe"floppy"modulekernel.function("*@net/socket.c").return

whenreturningfromanyfunctioninlenet/socket.ckernel.statement("*@kernel/sched.c:2917")

whenhittingline2917oflekernel/sched.c更多探測點(diǎn)例子timer.ms(200)

every200milliseconds

process("/bin/ls").function("*")

whenenteringanyfunctionin/bin/ls(notitslibrariesorsyscalls)

process("/lib/libc.so.6").function("*malloc*")

whenenteringanyglibcfunctionwhichhas"malloc"initsname

kernel.function("*exit*").return

whenreturning

fromanykernelfunctionwhichhas"exit"initsname

RTFMformore(manstapprobes).SystemTap編程語言mostlyC-stylesyntaxwithafeelingofawk

builtinassociativearrays

builtinaggregatesofstatisticaldata

veryeasytocollectdataanddostatisticsonit(average,min,

max,count,...)

manyhelperfunctions(builtinandintapsets)

RTFM:SystemTapLanguageReferenceshippedwithSystemTap

(langref.pdf)Performancesandsafetylanguage-levelsafetyfeaturesnopointersnounboundedloopstypeinferenceyoucanalsowriteprobehandlersinC(with-g)butdon'tcomplainifyoubreakstuff

runtimesafetyfeaturesstapenforcesmaximumruntimeforeachprobehandlervariousconcurrencyconstraintsareenforcedoverloadprocessing(don'tallowstaptotakeupalltheCPUtime)manythingscanbeoverridenmanuallyifyoureallywantseeSAFETYANDSECURITYsectionofstap(1)

Theoverheaddependsalotofwhatyouaretryingtodobutingeneralstapwilltrytostopyoufromdoingsomethingstupid(butthenyoucanstillforceittodoit).

Somehelperfunctionsyou'llseealotpid()whichprocessisthis?

uid()whichuserisrunningthis?

execname()whatisthenameofthisprocess?

tid()whichthreadisthis?

gettimeofday_s()epochtimeinseconds

probefunc()whatfunctionarewein?

print_backtrace()figureouthowweendeduphere

Therearemanymanymore.RTFM(manstapfuncs)andexplore

/usr/share/systemtap/tapset/.Somecoolstapoptions-xtraceonlyspeciedPID(onlyforuserlandprobing)

-crungivencommandandonlytraceitanditschildren

(willstilltraceallthreadsforkernelprobes)

-Llistprobepointsmatchinggivenpatternalongwith

availablevariables

-dloadgivenmoduledebuginfotohelpwithsymbolresolutioninbacktraces

-gembedCcodeinstapscript

unsafe,dangerousandfunAgenda介紹SystemTap

安裝和系統(tǒng)要求

實(shí)踐例子

參考

結(jié)論RequirementsSystemTap探測用戶空間程序需要utrace的支持，但是這個特性還沒有被Linux上游吸收。Redhat的發(fā)行版本目前支持這個特性。

源碼級別跟蹤需要安裝符號信息包層面需要安裝package-debuginfoonRPMdistros用戶自己的程序需要gcc

-g-gdwarf-2-g3編譯

stap腳本是編譯成內(nèi)核模塊運(yùn)行的，需要root權(quán)限

安裝SystemTapRHEL5U4需要安裝內(nèi)核符號信息:rpm-ikernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm

rpm-ikernel-debuginfo-2.6.18-164.el5.x86_64.rpm

由于5U4帶的SystemTap是0.97版本，需要升級到1.3:./configureprefix=/usr&&make&&makeinstall

如何驗(yàn)證是否成功：#staptopsys.stp

SYSCALL

COUNT

read

48

fcntl

42

...

fstat

1

--------------------------------------------------------------Agenda介紹SystemTap

安裝和系統(tǒng)要求

實(shí)踐例子

參考和雜項(xiàng)

結(jié)論Example:誰在執(zhí)行我們的程序Listing:exec.stp

probesyscall.exec*{

printf("exec%s%s\n",execname(),argstr)

}

$stap-L'syscall.exec*'

syscall.execvename:stringfilename:stringargs:stringargstr:string$filename:char*$argv:char**$envp:char**$regs:structpt_regs*

#stapexec.stp

execsshd/usr/sbin/sshd"-R"

execsshd/bin/bash

例子:誰殺了我的程序Listing:sigkill.stpprobesignal.send{

if(sig_name=="SIGKILL")

printf("%swassentto%s(pid:%d)by%suid:%d\n",sig_name,pid_name,sig_pid,execname(),uid())

}#kill-9`pgreptop`

#

stapsigkill.stp

SIGKILLwassenttotop(pid:19281)bybashuid:50920Exampletac.c:工具函數(shù)#include<stdio.h>

#include<stddef.h>

#include<string.h>char*haha="wahaha\n";char*read_line(FILE*fp,char*buf,size_tlen){

returnfgets(buf,len,fp);}char*reverse_line(char*line,size_tl){

char*s=line,*e=s+l-sizeof("\n"),t;

while(s<e){

t=*s,*s=*e,*e=t;s++,e--;}

returnline;}voidwrite_line(char*line){fputs(line,stdout);}

Exampletac.ccontinued:主程序intmain(intargc,char*argv[]){

charbuf[4096],*line;

FILE*fp=stdin;

if(argc!=1){fp=fopen(argv[1],"r");}

if(fp==NULL){fprintf(stdout,"usage:%sfilename\n",argv[0]);return-1;}

while((line=read_line(fp,buf,sizeof(buf)))){

line=reverse_line(line,strlen(line));

write_line(line);

}

if(argc!=1)fclose(fp);

return0;

}編譯tac

#必須要帶調(diào)試信息#gcc-g-gdwarf-2-g3tac.c

#確認(rèn)符號信息的存在

#stap-L'process("a.out").function("*")'

process("/tmp/a.out").function("main@/tmp/tac.c:25")$argc:int$argv:char**$buf:char[]$line:char*$fp:FILE*

process("/tmp/a.out").function("read_line@/tmp/tac.c:7")$fp:FILE*$buf:char*$len:size_t

process("/tmp/a.out").function("reverse_line@/tmp/tac.c:11")$line:char*$l:size_t$s:char*$e:char*$t:char

process("/tmp/a.out").function("write_line@/tmp/tac.c:21")$line:char*Example1:讀出程序的參數(shù)functionget_argv_1:long(argv:long)%{/*pure*/

THIS->__retvalue=(long)((char**)THIS->argv)[1];

%}

probeprocess("a.out").function("main"){

filename="stdin";

if($argc>1){

filename=user_string(get_argv_1($argv));

}

println(filename);

}Example1continued:#

echo"hi"|./a.out

#

./a.outtac.c

#

stap-gu./ex1.stp

:)

stdin

tac.cExample2:callgraphforanythingfunctiontrace(entry_p,extra){

%($#>1%?if(tid()intrace)%)

printf("%s%s%s%s\n",

thread_indent(entry_p),

(entry_p>0?"->":"<-"),

probefunc(),

extra)

}

probe$1.call

{trace(1,$$parms)}probe$1.return{trace(-1,$$return)}Example2continued:

#

echo"hi"|./a.out

#

sudostap./ex2.stp'process("a.out").function("*")'

:)

0a.out(18123):->mainargc=0x1argv=0x7fff351ee0c8

30a.out(18123):->readlinefp=0x3f7bb516a0buf=0x7fff351ecfd0len=0x1000

590a.out(18123):<-readlinereturn=0x7fff351ecfd0

611a.out(18123):->reverse_lineline=0x7fff351ecfd0l=0x3

625a.out(18123):<-reverse_linereturn=0x7fff351ecfd0

642a.out(18123):->write_lineline=0x7fff351ecfd0

731a.out(18123):<-write_line

748a.out(18123):->readlinefp=0x3f7bb516a0buf=0x7fff351ecfd0len=0x1000

762a.out(18123):<-readlinereturn=0x0

770a.out(18123):<-mainreturn=0x0Example3:

獲取行長度globalline_len

probeprocess("a.out").statement("reverse_line@tac.c+1"){

line_len<<<($e-$s+2);

}

probeend{

if(@count(line_len)>0)print(@hist_linear(line_len,8,128,8));

}Example3continued:#ls-al|./a.out#

./ex3.stp

:)value|--------------------------------------------------count

<8|@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

64

8|@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

69

16|@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

68

24|@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

68

32|@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

68

40|@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

68

48|@@@@@@@@@@@@@@@@@@@@@@@@@

50

56|

0

64|

0Example4:

行反轉(zhuǎn)平均時間globalt,call_time

probeprocess("a.out").function("reverse_line"){

t=gettimeofday_ns()

}

probeprocess("a.out").function("reverse_line").return{

call_time<<<(gettimeofday_ns()-t)

}

probeend{

if(@count(call_time)>0)printf("avgreverse_lineexecutetime:%dns\n",@avg(call_time))

}Example4continued:#ls-al|./a.out#

./ex4.stp

:)

avgreverse_lineexecutetime:6651nsExample5:列出調(diào)用棧probeprocess(@1).function(@2){

print_ubacktrace();

exit();

}Example5continued:#ls-al|./a.out#stap./ex5.stp'./a.out''*_line'

:)

0x40066d:reverse_line+0xc/0x61[a.out]

0x40078f:main+0xaf/0x100[a.out]

0x3bd441d994[libc-2.5.so+0x1d994/0x357000]Example6:修改程序的行為globallinefunctionalert_line(line:long)%{/*pure*/

strcpy((char*)THIS->line,"abcdefg\n");

%}

probeprocess("a.out")