Hi
Is it possible to use regular expression or wild cards or
blank in for the "$pid" in the probe description in the pid privider?
Suppose, if I want to monitor the libraries beling loaded dynamically
by different processes at runtime, and if I use the following probe
description, it doesn''t seem to help.
pid*::dlopen:entry
OR
::dlopen:entry
Are there any approaches ( other provider) that need to be used, if we
want to monitor use of an library API across systemwide?
Thanks
Vasanth
phil.harman@gmail.com
2011-Feb-05 10:19 UTC
[dtrace-discuss] Using regexp for $pid in pid provider
Think of it this way: the fbt provider instruments function boundaries in the
kernel''s address space; the pid provider does the same (and more) for
processes. There is one kernel address space, but many process address spaces.
Implementing pid*::dlopen:entry has at least two huge implications: stopping and
instrumenting every current process in the system; and instrumenting every new
process address space over time (i.e. dealing with fork and exec). The impact on
system performance would be huge.
Some have been creative in scripting around these challenges for small, specific
sets of processes (e.g. tracing fork and exec syscalls, identifying target
processes, stopping them, calling system() to start a pid provider scripts on
them, etc) but you really have to want to do that :)
Another starting point for your current need might be to trace file opens across
the system, predicating on file names that look like shared libraries.
----- Reply message -----
From: "Vasanth Bhat" <vasanth at sun.com>
To: <dtrace-discuss at opensolaris.org>
Subject: [dtrace-discuss] Using regexp for $pid in pid provider
Date: Sat, Feb 5, 2011 08:59
Hi
Is it possible to use regular expression or wild cards or
blank in for the "$pid" in the probe description in the pid privider?
Suppose, if I want to monitor the libraries beling loaded dynamically
by different processes at runtime, and if I use the following probe
description, it doesn''t seem to help.
pid*::dlopen:entry
OR
::dlopen:entry
Are there any approaches ( other provider) that need to be used, if we
want to monitor use of an library API across systemwide?
Thanks
Vasanth
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss at opensolaris.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20110205/55d06ca3/attachment.html>
Thanks Phil. --Vasanth> Think of it this way: the fbt provider instruments function boundaries > in the kernel''s address space; the pid provider does the same (and > more) for processes. There is one kernel address space, but many > process address spaces. > > Implementing pid*::dlopen:entry has at least two huge implications: > stopping and instrumenting every current process in the system; and > instrumenting every new process address space over time (i.e. dealing > with fork and exec). The impact on system performance would be huge. > > Some have been creative in scripting around these challenges for > small, specific sets of processes (e.g. tracing fork and exec > syscalls, identifying target processes, stopping them, calling > system() to start a pid provider scripts on them, etc) but you really > have to want to do that :) > > Another starting point for your current need might be to trace file > opens across the system, predicating on file names that look like > shared libraries. > > ----- Reply message ----- > From: "Vasanth Bhat" <vasanth at sun.com> > To: <dtrace-discuss at opensolaris.org> > Subject: [dtrace-discuss] Using regexp for $pid in pid provider > Date: Sat, Feb 5, 2011 08:59 > > > Hi > > Is it possible to use regular expression or wild cards or > blank in for the "$pid" in the probe description in the pid privider? > > Suppose, if I want to monitor the libraries beling loaded dynamically > by different processes at runtime, and if I use the following probe > description, it doesn''t seem to help. > > pid*::dlopen:entry > > OR > > ::dlopen:entry > > Are there any approaches ( other provider) that need to be used, if we > want to monitor use of an library API across systemwide? > > Thanks > Vasanth > > > _______________________________________________ > dtrace-discuss mailing list > dtrace-discuss at opensolaris.org
Nico Williams
2011-Feb-05 18:14 UTC
[dtrace-discuss] Using regexp for $pid in pid provider
Phil explains why you can''t do quite what you want. But there is something you can do: use the syscall or fbt providers to catch calls to mmap() (older builds/releases) or mmapobj( (Solaris 11 Express), then stop() the victims of interest if you need to trace them with the PID provider and use system() to launch a dtrace instace to trace each new victim process (being careful not to do this more than once per process, or to set the victim back to running anyways). Nico -- -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20110205/ae5f4048/attachment.html>
Thanks Nico. I guess I will also have to look for open system call called before mmap, as I need the path of the library that is being loaded dynamically. I think my interest would be open or open64 followed by mmap or mmap64 that uses the file descriptor returned by open. Thanks Vasanth> Phil explains why you can''t do quite what you want. But there is > something you can do: use the syscall or fbt providers to catch calls > to mmap() (older builds/releases) or mmapobj( (Solaris 11 Express), > then stop() the victims of interest if you need to trace them with the > PID provider and use system() to launch a dtrace instace to trace each > new victim process (being careful not to do this more than once per > process, or to set the victim back to running anyways). > > Nico > -- >