wan_jm
2007-Dec-25 13:13 UTC
[dtrace-discuss] what is differenct between syscall::write:entry fbt::write:entry
what is differenct between syscall::write:entry fbt::write:entry are the two probe fires at the same place. -- This message posted from opensolaris.org
Roman Shaposhnik
2007-Dec-25 22:35 UTC
[dtrace-discuss] what is differenct between syscall::write:entry fbt::write:entry
On Dec 25, 2007, at 5:13 AM, wan_jm wrote:> what is differenct between syscall::write:entry fbt::write:entry > > are the two probe fires at the same place.There''s a difference. syscall provider is a "semantics" provider. You can be sure that it''ll fire off regardless of how the actual functions that handle syscalls in the kernel are named. It is also reasonable to expect it to fire not only on Solaris but under any OS that supports a notion of a system call and has a DTrace ported to it. fbt provider on the other hand, is very kernel implementation dependent. It will only fire for functions that you list in the probe and you will be in charge of knowing what these functions are doing. Here''s a test: what makes you believe that fbt::write corresponds to a system call write, in the first place? Thanks, Roman.
i write a sript which monitor both syscall::write:entry fbt::write:entry; when this two fires I trace the ustack of them, and found that they are equal. -- This message posted from opensolaris.org
from your words "You can be sure that it''ll fire off regardless of how the actual functions that handle syscalls in the kernel are named.",does it mean that maybe someday syscall::write:entry fires in a write_a function. at this point, in the fbt probe, it should be fbt::write_a:entry instead. -- This message posted from opensolaris.org
On Dec 25, 2007, at 11:59 PM, wan_jm wrote:> i write a sript which monitor both syscall::write:entry > fbt::write:entry; > when this two fires I trace the ustack of them, and found that they > are equal.I disagree a bit. What you''ve found is a positive correlation, which might not necessarily mean that the two objects are equal. ;-) Thanks, Roman.
On Dec 26, 2007, at 12:01 AM, wan_jm wrote:> from your words "You can be sure that it''ll fire off regardless of > how the actual > functions that handle syscalls in the kernel are named.",does it > mean that maybe someday syscall::write:entry fires in a write_a > function. at this point, in the fbt probe, it should be > fbt::write_a:entry instead.That''s pretty much what I meant. Thanks, Roman.
Adam Leventhal
2007-Dec-27 19:37 UTC
[dtrace-discuss] what is differenct between syscall::write:entry fbt::write:entry
On Tue, Dec 25, 2007 at 05:13:08AM -0800, wan_jm wrote:> what is differenct between syscall::write:entry fbt::write:entry > > are the two probe fires at the same place.While the two probes fire at the same place with respect to user-land code, they correspond to different locations in the kernel''s execution and to probes with quite different uses. The first is from the syscall provider which only provides probes related to system calls; the probe arguments are the arguments to the system calls. The second is from the fbt provider (function boundry tracing) which makes probes available at the entry and return for (nearly) every function in the kernel. While the write(2) system call happens to be implemented by a function in the kernel called write, there''s no guarantee of this correlation. For example, the prof(2) syscall is implemented in the kernel by a function call profil. Further, the two providers have different stabilities; you can write a script which uses syscall::write:entry and know that it will continue to work on future versions of Solaris (and on other operating systems). Conversely, the fbt::write:entry probe might not exist on future or other systems. Adam -- Adam Leventhal, FishWorks http://blogs.sun.com/ahl