This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Userspace probing


Hey Mandar,

As you already noted there is $syscall variable with a
'process("path").syscall' style probe. To check whether it is an
'open()' system call, we'd have to compare $syscall to the corresponding
syscall number (this varies slightly by architecture).  On my system,
running 'grep __NR_open /usr/include/*/* ' shows 2 and 5 relating to
SYS_open (which is what we want here). From there we'd just want to
create conditionals where the $syscall matches.

Drawing from that, running a script such as:
$stap -e 'probe process("ping").syscall {
if($syscall == 2)
printf("open 2: %s (%d)\n", execname(), pid())
if($syscall == 5)
printf("open 5: %s (%d)\n", execname(), pid())
}' -c 'ping -c 3 google.com'

would return only the open() syscalls, feel free to change the segments
following the if()'s however you want.

Another method would be to probe via syscall.open and filter by
execname() or target().

Using a similar example to above you could write a script such as:

stap -e 'probe syscall.open {
if(execname() == "ping")
printf("pid: %d\n", pid())
}' -c 'ping -c 3 google.com'

Hope this helps,

Lukas Berk

* Mandar Gurav <mandarwce@gmail.com> [2011-05-08 06:06]:
> Hi all!
> 
> I want to trace disk io for my program using userspace probing as
> 
> probe("PATH").syscall
> 
> It is said that the system call number is available with $syscall. Can
> anyone tell how can I check whether it is a "open" system call....???
> 
> -- 
> Mandar Gurav


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]