Skip to content

Release Notes for DTrace 2.0.0 0.8

Jump to bottom
Elena Zannoni edited this page Aug 26, 2020 · 1 revision

DTrace v2.0 is a re-implementation of DTrace on top of existing Linux kernel tracing facilities, like eBPF, that did not exist when DTrace was first ported to Linux. The new implementation relieves DTrace from relying on specialized kernel patches.

DTrace V2.0 doesn't rely on libdtrace-ctf any longer. The functionality of that library has been integrated into the Linux toolchain.

Functionality is being delivered as it becomes available, starting with a limited set of capabilities (primarily framework functionality that does not offer many user visible features) but ultimately reaching, and then exceeding, earlier support.

Here are some examples of what is available with DTrace v2.0 with this initial release.

They assume running as root and having /usr/sbin in the path.

 # dtrace -V

 DTrace 2.0.0 [Pre-Release with limited functionality]
 dtrace: Oracle D 2.0

One can list probes:

 # dtrace -l

 DTrace 2.0.0 [Pre-Release with limited functionality]

    ID   PROVIDER    MODULE                     FUNCTION NAME
     1     dtrace                                        BEGIN
     2     dtrace                                        END
     3     dtrace                                        ERROR
     4        fbt   vmlinux     trace_initcall_finish_cb entry
     5        fbt   vmlinux     trace_initcall_finish_cb return
     6        fbt   vmlinux         initcall_blacklisted entry
     7        fbt   vmlinux         initcall_blacklisted return

On this particular system, there were:

  • 3 dtrace probes
  • 87890 fbt probes (based on kprobes)
  • 1262 sdt probes (based on Linux tracepoints)
  • 666 syscall probes

You can use the -S option (to see the compiled D code as an eBPF program) with the -e option (to exit after compilation):

 # dtrace -Sen 'write:entry { trace(1) }'
 DTrace 2.0.0 [Pre-Release with limited functionality]

 Disassembly of ::write:entry

 DIFO 0x46af600 returns D type (integer) (size 8) [record 16 bytes]

 INS OFF  OPCODE                  INSTRUCTION
 000 000: 62 a 0 fef8 ffffffff    stw  [%fp-264], -1     ! = EPID
 001 008: 62 a 0 fefc 00000000    stw  [%fp-260], 0
 002 016: 7a a 0 ff00 00000000    stdw [%fp-256], 0
 003 024: 7a a 0 ff08 00000000    stdw [%fp-248], 0
 004 032: 7a a 0 ff10 00000000    stdw [%f
 [...]

Another example:

 # dtrace -n '
       write:entry,
       write:return
       {
           this->x = 3;                /* clause-local variables */
           this->y = 8;
           trace(this->x * this->y);
           trace(&`max_pfn);
       }'

In the above:

  • Probe write() system call entry and exit (multiple probes at once);
  • Probe with recording the address of a kernel identifier (max_pfn) and other data items;
  • Probes are named (explicitly, no wildcards) with the same action.
  • Clause-local variables are used.
  • The trace() action is used to report output.

Obviously, you can use any system call probe, tracepoint probe, or FBT probe that can be enabled with the examples shown above.

What works in this release:

  • The majority of underlying core DTrace functionality has been reimplemented (D compiler, provider API, probe management) much of which used to reside in the kernel.

  • The D compiler has been retargetted to generate eBPF code, and the majority of the D language is already supported by the compiler.

  • Support has been added for reporting BPF verifier output. When compiled D scripts are loaded as BPF program into the kernel, the BPF verifier performs a static code analysis to ensure safety of the program. When this analysis fails, output is generated and DTrace will report this output to the user.

  • Function Boundary Tracing (FBT) probes with functions grouped by module (regardless of whether the module is compiled in or loadable) if the kernel provides this information in /proc/kallsyms (or /proc/kallmodsyms).

  • Syscall entry and return probes (systrace provider), with support for typed probe arguments (so far, only available in -lv output).

  • Statically Defined Tracing (SDT) probes based on Linux tracepoints, with support for typed probe arguments (so far, only available in -lv output).

Notable Limitations of this release:

  • The printf() function is not yet implemented; use trace().

  • The trace() action currently works only on numeric values, not strings.

  • Most actions, like exit(), are not yet implemented.

  • Of the three variable scopes, Global ("x") and thread-local ("self->x") are not yet implemented

  • Many providers (like dtrace or profile) -- including probes like BEGIN, END, and profile-1n -- are not yet functional

  • Probe descriptions (provider:module:function:name) that match multiple probes through the use of wildcards are not yet supported. E.g. write:entry works because it matches syscall:vmlinux:write:entry only, but write:* does not because it matches both syscall:vmlinux:write:entry and syscall:vmlinux:write:return.

Clone this wiki locally