Systemtap examples, Profiling - 5 Tracking Most Frequently Used System Calls
背景
例子来自topsys.stp 脚本, 上一篇的例子是选取一部分带来系统等待的系统调用作为事件, 输出等待事件排行前20的进程信息.
本文说的这个例子把所有的系统调用作为触发事件, 统计所有系统调用的调用次数, 输出前20位系统调用的名称和调用次数.
脚本内容以及注解 :
[root@db-172-16-3-150 network]# cd /usr/share/systemtap/testsuite/systemtap.examples/profiling
[root@db-172-16-3-150 profiling]# cat topsys.stp
#! /usr/bin/env stap
#
# This script continuously lists the top 20 systemcalls in the interval
# 5 seconds
#
global syscalls_count
probe syscall.* { // 通配符, 匹配所有的系统调用
syscalls_count[name]++ // 自增, 数组索引为系统调用名.
// 在所有系统调用probe alias中都会有name变量. 可以去tapset看原型
}
function print_systop () { // 输出系统调用统计信息的函数
printf ("%25s %10s\n", "SYSCALL", "COUNT") // 头信息
foreach (syscall in syscalls_count- limit 20) { // 按syscalls_count倒序输出20个数组值
printf("%25s %10d\n", syscall, syscalls_count[syscall])
}
delete syscalls_count // 输出后清空数组
}
probe timer.s(5) {
print_systop () // 每隔5秒调用输出函数
printf("--------------------------------------------------------------\n")
}
执行输出举例 :
[root@db-172-16-3-150 profiling]# stap topsys.stp
SYSCALL COUNT
write 951
read 222
poll 183
ioctl 132
recvmsg 132
ppoll 25
rt_sigprocmask 24
rt_sigaction 6
nanosleep 6
fcntl 4
pselect6 1
epoll_wait 1
select 1
socket 1
connect 1
close 1
--------------------------------------------------------------
查看所有支持的系统调用探针
[root@db-172-16-3-150 profiling]# stap -L syscall.**
syscall.accept flags:long flags_str:string name:string sockfd:long addr_uaddr:long addrlen_uaddr:long argstr:string $fd:int $upeer_sockaddr:struct sockaddr* $upeer_addrlen:int* $flags:int $address:struct __kernel_sockaddr_storage
syscall.accept.return name:string retstr:string $return:long int $fd:int $upeer_sockaddr:struct sockaddr* $upeer_addrlen:int* $flags:int $address:struct __kernel_sockaddr_storage
syscall.access name:string pathname:string mode:long mode_str:string argstr:string $filename:char const* $mode:int
syscall.access.return name:string retstr:string $return:long int $filename:char const* $mode:int
... 略
查看linux系统调用
man syscalls
The list of system calls that are available as at kernel 2.6.28 (or in a few cases only on older kernels) is as
follows:
System call Kernel Notes
------------------------------------------------------------------------
_llseek(2) 1.2
_newselect(2)
_sysctl(2)
accept(2)
accept4(2) 2.6.28
access(2)
...略
参考
1. https://sourceware.org/systemtap/SystemTap_Beginners_Guide/mainsect-profiling.html
2. https://sourceware.org/systemtap/examples/
3. /usr/share/systemtap/testsuite/systemtap.examples
4. systemtap-testsuite
5. /usr/share/systemtap/testsuite/systemtap.examples/index.txt
6. /usr/share/systemtap/testsuite/systemtap.examples/keyword-index.txt
7. /usr/share/systemtap/tapset