SystemTap 笔记 (1)—— probe定义

SystemTapprobe定义:

probe PROBEPOINT [, PROBEPOINT] { [STMT ...] }

一个probe可以定义多个PROBEPOINT(也称为event),它们共享一个handler函数。PROBEPOINT可分为两种:

a)同步(synchronous):

A synchronous event occurs when any process executes an instruction at a particular location in kernel code. This gives other events a reference point from which more contextual data may be available.

syscall.system_callkernel.function("function")都属于同步PROBEPOINT

b)异步(asynchronous):

Asynchronous events are not tied to a particular instruction or location in code. This family of probe points consists mainly of counters, timers, and similar constructs.

beginendtimer等都属于异步PROBEPOINT

参考资料:
SystemTap Scripts

 

发表评论

邮箱地址不会被公开。 必填项已用*标注

This site uses Akismet to reduce spam. Learn how your comment data is processed.