zoukankan      html  css  js  c++  java
  • systemtap 脚本示例

    1.[root@localhost ~]# stap -v -e 'probe vfs.read {printf("read performed
    "); exit()}'
    
    Pass 1: parsed user script and 85 library script(s) using 146900virt/23668res/3024shr/21332data kb, in 130usr/40sys/183real ms.
    Pass 2: analyzed script: 1 probe(s), 1 function(s), 3 embed(s), 0 global(s) using 257648virt/78000res/6100shr/71736data kb, in 510usr/870sys/2099real ms.
    Pass 3: using cached /root/.systemtap/cache/e2/stap_e2a36f2dcc498d9e1b0e44a8fa8004fa_1020.c
    Pass 4: using cached /root/.systemtap/cache/e2/stap_e2a36f2dcc498d9e1b0e44a8fa8004fa_1020.ko
    Pass 5: starting run.
    read performed
    Pass 5: run completed in 10usr/40sys/344real ms.
    
    
    2.[root@localhost ~]# uname -m
      x86_64
    
    
    3.[root@localhost ~]# uname -r
      2.6.18-128.el5
    
    
    4.[root@localhost ~]# uname -a
      Linux localhost.localdomain 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86_64 x86_64 GNU/Linux
    
    5.stap -r kernel_version script -m module_name
    
         stap -r 2.6.18-128.el5 -e 'probe vfs.read {exit()}' -m simple
         生成simple.ko
    
         staprun  simple.ko
    
    
    6. [root@localhost ~]# echo "probe timer.s(10) {exit()}" | stap -v -
        
       说明:To instruct stap to read a SystemTap script from standard input, use the - switch instead of the file name
    
    
    7.stap -e 'probe module("ext3").function("*") {println(execname()," ",pid()) }'
    
    
    8.stap -e 'probe timer.s(4) {println(execname()," ",pid()) }'
    
    
    9.stap -e 'probe begin{printf ("hello world
    "); exit() }'
    
    
    10.stap -e 'probe syscall.open { printf("%s(%d) open
    ", execname(), pid()) }'
    
    
    11.[root@localhost ~]# cat >thread_indent.stp
    probe kernel.function("*@net/socket.c").call
    {
      printf ("%s -> %s
    ", thread_indent(1), probefunc())
    }
    probe kernel.function("*@net/socket.c").return
    {
      printf ("%s <- %s
    ", thread_indent(-1), probefunc())
    }
    [root@localhost ~]# stap thread_indent.stp
         0 pcscd(4230): -> sock_poll
        13 pcscd(4230): <- sock_poll
         0 pcscd(4230): -> sock_poll
         6 pcscd(4230): <- sock_poll
    
    12.
     [root@localhost ~]# cat 2.stp
       probe syscall.* {
         if(pid() == target())
             printf("%s
    ", name)
           }
      stap 2.stp -x 1
    
    
    13.[root@localhost ~]# stap 2.stp -c "ls -a"
    
    
    
    14.[root@localhost ~]# stap -L 'kernel.function("vfs_read")'
    kernel.function("vfs_read@fs/read_write.c:248") $file:struct file* $buf:char* $count:size_t $pos:loff_t*
    
    
    
    15.
    stap -e 'probe kernel.function("vfs_read") {
                       printf ("current files_stat max_files: %d
    ",
                       @var("files_stat@fs/file_table.c")->max_files);
                       exit(); }'
    
    
    16.打印刷 函数的(vfs_read)四个参数
    
    [root@localhost ~]# stap -e 'probe kernel.function("vfs_read") {printf("%s
    ", $$parms); exit(); }'
    
    file=0xffff81005429d0c0 buf=0x7fff98a0c270 count=0x2004 pos=0xffff8100363d3f50    
    
    说明:There are four parameters passed into vfs_read: file, buf, count, and pos.
    The $$parms generates a string for the parameters passed into the function.
    In this case all but the count parameter are pointers.
    
    17.打印数据结构
    stap -e 'probe kernel.function("vfs_read") {printf("%s
    ", $$parms$); exit(); }'
    
    file={            .f_u={...}, 
                      .f_dentry=0xffff81003492c660,
                      .f_vfsmnt=0xffff810047fb70c0, 
              .f_op=0xffffffff886594a0, 
              .f_count={...}, 
              .f_flags=34818, 
              .f_mode=15, 
              .f_pos=0, 
              .f_owner={...}, 
              .f_uid=0, 
              .f_gid=0, 
              .f_ra={...}, 
              .f_version=0, 
              .f_security=0x0, 
              .private_data=0x0, 
              .f_ep_links={...}, 
              .f_ep_lock={...}, 
              .f_mapping=0xffff8100346125c0
              }
    buf="" 
    count=8196 
    pos=-139637099405488
    
    18.打印更详细的数据结构
    stap -e 'probe kernel.function("vfs_read") {printf("%s
    ", $$parms$$); exit(); }'
    file={.f_u={.fu_list={.next=0xffff810057a3e0f8, 
                          .prev=0xffff8100440d70c0},
                  .fu_rcuhead={.next=0xffff810057a3e0f8, 
                               .func=0xffff8100440d70c0
                      }
                  }, 
           .f_dentry=0xffff810032dbb150, 
           .f_vfsmnt=0xffff810047fb70c0, 
           .f_op=0xffffffff8865b040, 
           .f_count={.counter=2}, 
           .f_flags=34818, 
           .f_mode=15, 
           .f_pos=0, 
           .f_owner={.lock={.raw_lock={.lock=16777216}}, 
                            .pid=0, 
                    .uid=0, 
                    .euid=0, 
                    .security=0x0, 
                    .signum=0}, 
                    .f_uid=0, 
                    .f_gid=0, 
                    .f_ra={.start=0, 
                           .size=0,
                       .flags=0, 
                       .cache_hit=0,
                       .prev_page=18446744073709551615,
                       .ahead_start=0,
                       .ahea
    说明:With the “$” suffix fields that are composed of data structures are not expanded. 
         The “$$” suffix will print the values contained within the nested data structures
    
    18.@cast:类型转换
    function task_state:long (task:long)
    {
        return @cast(task, "task_struct", "kernel<linux/sched.h>")->state
    }
    
    
    The function returns the value of the state field from a task_struct pointed to by the long task.
    The first argument of the @cast operator, task, is the pointer to the object. 
    The second argument is the type to cast the object to, task_struct. 
    The third argument lists what file that the type definition information comes from and is optional. 
    
    19.命令行参数传递
        Use $ if you are expecting the user to enter an integer as a command-line argument, 
        and @ if you are expecting a string. 
       
       cat >4.stp
       probe kenel.function(@1)
           {
                printfln( execname(),@1)
    
           }
    
    
     [root@localhost ~]# stap  stap 4.stp vfs_read
    
    
     20.
    foo["tom"] = 23
    foo["dick"] = 24
    foo["harry"] = 25
    device[pid(),execname(),uid(),ppid(),"W"] = devname
    
    All associate arrays must be declared as global,
    regardless of whether the associate array is used in one or multiple probes
    
    21.
    global reads
    probe vfs.read
    {
      reads[execname()] ++
    }
    probe timer.s(3)
    {
      foreach (count in reads)
        printf("%s : %d 
    ", count, reads[count])
    
    }
    
    22.
    probe timer.s(3)
    {
      foreach (count in reads- limit 10)
        printf("%s : %d 
    ", count, reads[count])
    }
    
    reads:数组
    limit 10:
    The limit 10 option instructs the foreach to only process the first ten iterations 
    (that is, print the first 10, starting with the highest value).
    -:in descending order 
    
    cat >16.stp
    
    global reads
    probe vfs.read
    {
      reads[execname()] ++
    }
    
    probe timer.s(3)
    {
      printf("=======
    ")
      foreach (count in reads-)
        printf("%s : %d 
    ", count, reads[count])
      if(["stapio"] in reads) {
        printf("stapio read detected, exiting
    ")
      
      }
    
    
      23.
    
    global reads
    probe vfs.read
    {
      reads[execname(),pid()] <<< 1
    }
    probe timer.s(3)
    {
      foreach([var1,var2] in reads)
        printf("%s (%d) : %d 
    ", var1, var2, @count(reads[var1,var2]))
    }
    @count(reads[execname()]) will return how many values are stored in each unique key in array reads.
    @sum(reads[execname()]) will return the total of all values stored in each unique key in array reads.
    the operator <<< $count stores the amount returned by $count to
    the associated value of the corresponding execname() in the reads array
  • 相关阅读:
    nginx能访问html静态文件但无法访问php文件
    LeetCode "498. Diagonal Traverse"
    LeetCode "Teemo Attacking"
    LeetCode "501. Find Mode in Binary Search Tree"
    LeetCode "483. Smallest Good Base" !!
    LeetCode "467. Unique Substrings in Wraparound String" !!
    LeetCode "437. Path Sum III"
    LeetCode "454. 4Sum II"
    LeetCode "445. Add Two Numbers II"
    LeetCode "486. Predict the Winner" !!
  • 原文地址:https://www.cnblogs.com/zengkefu/p/4805935.html
Copyright © 2011-2022 走看看