how to find arguments mean in dtrace

StackOverflow https://stackoverflow.com/questions/20840154

  •  22-09-2022
  •  | 
  •  

Question

the code 

dtrace -n 'syscall::read:entry /execname != "dtrace"/ { @reads[execname, fds[arg0].fi_pathname] = count(); }'
   dtrace: description 'syscall::read:entry ' matched 1 probe
   ^C
   bash            /proc/1709/psinfo                                                 1
   loader          /zp/space/f2                                                      1
   nscd            /etc/user_attr                                                    1
   bash            /export/home/mauroj/.bash_history                                 2
   loader          /zp/space/f3                                                      2
   nscd            /etc/group                                                        2
   su              /etc/default/su                                                   8
   su              /devices/pseudo/sy@0:tty                                          9
   bash            /dev/pts/5                                                       66
   Xorg            /devices/pseudo/conskbd@0:kbd                                   152
   gnome-terminal  /devices/pseudo/clone@0:ptm                                     254

the dtrace code fds[arg0].fi_pathname

how to see the dtrace call arguments what's mean,i try to use 

trace -lv 'syscall:fds:read:entry' |head
   ID   PROVIDER            MODULE                          FUNCTION NAME
    1     dtrace                                                     BEGIN

    Probe Description Attributes
        Identifier Names: Stable
        Data Semantics:   Stable
        Dependency Class: Common

    Argument Attributes
        Identifier Names: Stable

but can't find the arguments? how see these argements mean? eg fds[arg0].fi_pathname

give another example:

 dtrace -n 'io:::start { @bytes = quantize(args[0]->b_bcount); }'

how to known the args[0]->b_count meant syscall bytes

Was it helpful?

Solution

As the documentation explains, for the syscall provider's entry probes, arg0, arg1 etc. are the system call's arguments themselves. For syscall::read:entry, then, looking at the read(2) man page shows

 ssize_t read(int fildes, void *buf, size_t nbyte);

and so arg0 is the value of fildes.

Unfortunately, fds[] doesn't appear to be described in the official documentation. fds[] is something, similar to a subroutine, that DTrace provides to translate a file descriptor into a fileinfo_t. The fileinfo_t is a stable structure that provides useful information about a file without exposing the implementation details to the user.

The documentation for the io provider states that, for io:::start, args[0] is a pointer to a struct buf. This is another documentation bug: it's actually a pointer to a struct bufinfo, which is described on the same page.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top