SystemTap的probe定义:
probe PROBEPOINT [, PROBEPOINT] { [STMT ...] }
一个probe可以定义多个PROBEPOINT(也称为event),它们共享一个handler函数。PROBEPOINT可分为两种:
a)同步(synchronous):
A synchronous event occurs when any process executes an instruction at a particular location in kernel code. This gives other events a reference point from which more contextual data may be available.
像syscall.system_call,kernel.function("function")都属于同步PROBEPOINT。
b)异步(asynchronous):
Asynchronous events are not tied to a particular instruction or location in code. This family of probe points consists mainly of counters, timers, and similar constructs.
begin,end,timer等都属于异步PROBEPOINT。
参考资料:
SystemTap Scripts。