Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Linux introspection and SystemTap: An interface and language for dynamic kernel analysis

Nov 11, 2009, 12:33 (0 Talkback[s])
(Other stories by M. Tim Jones)

"SystemTap is a dynamic method of monitoring and tracing the operation of a running Linux kernel. The key word there is dynamic, because instead of building a special kernel with instrumentation, SystemTap allows you to install that instrumentation dynamically at run time. It does this with an application programming interface (API) called Kprobes, which this article explores. Let's begin with an exploration of some of the earlier kernel tracing approaches, then dig into the SystemTap architecture and its use.

"Kernel tracing

"SystemTap is similar to an older technology called DTrace, which originated in the Sun Solaris operating system. Within DTrace, developers can write scripts in the D programming language (a subset of the C language but modified to support trace-specific behaviors). A DTrace script contains a number of probes and associated actions that occur when the probe "fires." For example, a probe can represent something as simple as invoking a system call or more complicated interactions such as a particular line of code being executed. Listing 1 shows a simple example of a DTrace script that counts the number of system calls made by each process. (Note the use of the dictionary to associate counts with processes). The format of the script includes the probe (which fires when a system call is made) and an action (the corresponding action script)."

Complete Story

Related Stories: