Wiki - README‎ > ‎Computers‎ > ‎OpenSolaris‎ > ‎

DTrace

DTrace Oneliners (link)


command line options

-q: records only the actions that are explicitly stated in script.  suppresses the default output

-F: coalesce trace output by identifying function entry and return.  function entry probe reports are indented and their output is prefixed with ->.  Function return probe reports are unindented and their output is prefixed with <-.  syscall entries use => and <=.

-o output: specifies output file

when specifying command options in script, make sure the -s option is last.
can specify options using #pragma D option [option]

DTrace Consumer Options (pg 30 of DTrace User Guide)
destructive: allow destructive actions
quiet: output only explicitly traced data

built-in macro variables
$[0-9]+: macro args
$egid: effective group-ID
$euid: effective user-ID
$gid: real group-ID
$pid: process id
$ppid: parent process id
$uid: real user-id

commonly used variables

pid: current process id
execname: current executable name
timestamp: time since boot in ns
curthread: ptr to ktherad_t struct representing current thread
probemod: module name of current probe
probefunc: function name of current probe
probename: name of current probe

built-in functions

trace(expression): traces result of expression to the directed buffer
tracemem(address, nbytes): traces nbytes bytes of memory starting at expression address
printf(format, ...): formatted trace print
printa(aggregation); printa(format, aggregation): aggregate trace

process destructive actions

stop( ): the process firing probe will stop upon leaving the kernel
raise(signal): raises signal to currently running process
copyout(buf, addr, nbytes): copies nbytes from buf to addr (in address space of current thread)
copyoutstr(str, addr, maxlen): copies string to addr
system(program, ...): causes program to be executed by the system as if it were given to the shell as input

kernel destructive actions

breakpoint( ): induces a kernel breakpoint, causing the system to stop and transfer control to kernel debugger
panic( ): induces kernel panic, forcing a system crash dump at time of interest
chill(nanoseconds): causes DTrace to spin for specified nanoseconds

some functions are destructive, interfering with process.  must explicitly enable destructive actions with -w option

Comments