Systemtap user-space probing

最近几天再看systemtap的官方文档,已经被无所不能的systemtap给深深折服。
1. SystemTap Beginner’s Guide
2. Tutorial A walk-through that give a taste of SystemTap.
3. Language Reference: A compendium of SystemTap scripting language elements

下面就介绍一下使用systemtap输出函数的调用栈

先举个简单的例子：查看sum函数的调用栈

#include<stdio.h>void sum(int a, int b){    int c = a + b;}int main(){    int i = 1;    sum(1, i);}

sudo stap -d a.out -e 'probe process("a.out").function("sum") {print_usyms(ubacktrace())}' -c ./a.outWARNING: Child process exited with status 2 0x4004b4 : sum+0x0/0x17 [/home/game/flameGraph/a.out] 0x4004e9 : main+0x1e/0x25 [/home/game/flameGraph/a.out] 0x7ff25d79976d : 0x7ff25d79976d [/lib/x86_64-linux-gnu/libc-2.15.so+0x2176d/0x3be000]

再试试服务器的redis,setCommand的调用栈

sudo stap -d /usr/local/bin/redis-server -e '\        probe process("redis-server").function("setCommand") {\        if (pid() == 1449) {\            print_usyms(ubacktrace())\         }\    }'    127.0.0.1:6379> set key a    WARNING: task_finder inode-uprobes callback for task 15715 failed: -22    WARNING: Missing unwind data for a module, rerun with 'stap -d /lib/x86_64-linux-gnu/libc-2.15.so'     0x43526f : setCommand+0xf/0x1b0 [/usr/local/bin/redis-server]     0x41e020 : call+0x70/0x2b0 [/usr/local/bin/redis-server]     0x4208c5 : processCommand+0x375/0x510 [/usr/local/bin/redis-server]     0x42960f : processInputBuffer+0x4f/0xc0 [/usr/local/bin/redis-server]     0x429742 : readQueryFromClient+0xc2/0x200 [/usr/local/bin/redis-server]     0x419025 : aeProcessEvents+0x145/0x380 [/usr/local/bin/redis-server]     0x4192fb : aeMain+0x2b/0x40 [/usr/local/bin/redis-server]     0x418010 : main+0x320/0x440 [/usr/local/bin/redis-server]

除了能够打印出函数的调用栈之外，还能打印函数的传入的参数，函数的局部变量
例如下面输出传入的redisClient->redisDb->id 的值

redis的源码如下typedef struct redisClient {    int fd;    redisDb *db;    ...}typedef struct redisDb {    ...    int id; /* Database ID */    ...    }                void setCommand(redisClient *c);

开始追踪sudo stap -d /usr/local/bin/redis-server -e '\        probe process("redis-server").function("setCommand") {\        if (pid() == 1449) {\            print_usyms(ubacktrace());\            printf("redisClient->redisDb->id=%d\n", $c->db->id);\         }\    }'

执行redis切换db 执行set命令127.0.0.1:6379> SELECT 1OK127.0.0.1:6379[1]> set key aOK

0x43526f : setCommand+0xf/0x1b0 [/usr/local/bin/redis-server]0x41e020 : call+0x70/0x2b0 [/usr/local/bin/redis-server]0x4208c5 : processCommand+0x375/0x510 [/usr/local/bin/redis-server]0x42960f : processInputBuffer+0x4f/0xc0 [/usr/local/bin/redis-server]0x429742 : readQueryFromClient+0xc2/0x200 [/usr/local/bin/redis-server]0x419025 : aeProcessEvents+0x145/0x380 [/usr/local/bin/redis-server]0x4192fb : aeMain+0x2b/0x40 [/usr/local/bin/redis-server]0x418010 : main+0x320/0x440 [/usr/local/bin/redis-server]0x7ff21416b76d : 0x7ff21416b76d [/lib/x86_64-linux-gnu/libc-2.15.so+0x2176d/0x3b9000]redisClient->redisDb->id = 1

systemtap功能是真的强大,动态的插入探针，输出函数的变量 有了这个还有什么程序bug是查不出来的！
输出用户程序的调用栈和变量只是systemtap功能的九牛一毛已经够我玩很久了，还有很多延时，系统调用，网络，io，cpu，全都能追踪，简直无敌。
慢慢学，加油~ :)