---

Linux introspection and SystemTap: An interface and language for dynamic kernel analysis

“SystemTap is a dynamic method of monitoring and tracing the
operation of a running Linux kernel. The key word there is dynamic,
because instead of building a special kernel with instrumentation,
SystemTap allows you to install that instrumentation dynamically at
run time. It does this with an application programming interface
(API) called Kprobes, which this article explores. Let’s begin with
an exploration of some of the earlier kernel tracing approaches,
then dig into the SystemTap architecture and its use.

“Kernel tracing

“SystemTap is similar to an older technology called DTrace,
which originated in the Sun Solaris operating system. Within
DTrace, developers can write scripts in the D programming language
(a subset of the C language but modified to support trace-specific
behaviors). A DTrace script contains a number of probes and
associated actions that occur when the probe “fires.” For example,
a probe can represent something as simple as invoking a system call
or more complicated interactions such as a particular line of code
being executed. Listing 1 shows a simple example of a DTrace script
that counts the number of system calls made by each process. (Note
the use of the dictionary to associate counts with processes). The
format of the script includes the probe (which fires when a system
call is made) and an action (the corresponding action script).”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis