* the system call number
@ 2011-07-23 4:23 Zheng Da
2011-07-23 23:11 ` Turgis, Frederic
0 siblings, 1 reply; 4+ messages in thread
From: Zheng Da @ 2011-07-23 4:23 UTC (permalink / raw)
To: systemtap
Hello,
I try to trace all system calls in a period of time, and then print
out all system calls and the invokers.
How do I get the system call number, or better the names of the system calls?
I tried $syscall, but it doesn't work.
probe syscall.* {
if ($syscall != 4) {
curr_time = gettimeofday_us()
if (curr_time > start_time + 1000000 * 3)
printf ("%s calls %d\n", execname(), $syscall)
}
}
Thanks,
Da
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: the system call number
2011-07-23 4:23 the system call number Zheng Da
@ 2011-07-23 23:11 ` Turgis, Frederic
2011-07-25 9:51 ` Mark Wielaard
0 siblings, 1 reply; 4+ messages in thread
From: Turgis, Frederic @ 2011-07-23 23:11 UTC (permalink / raw)
To: Zheng Da, systemtap
[-- Attachment #1: Type: text/plain, Size: 3077 bytes --]
Hi,
I think all syscalls in tapset have "name" variable defined to the correct name.
Attached an example to compute syscalls per process and call duration, to finally get this kind of output (get_32k() is TI custom, can use do_gettimeofday):
System Call execname:pid Count Total 32K Avg 32K Min 32K Max 32K
setitimer init:1 2 0 0 0 0
select init:1 1 164091 164091 164091 164091
stat init:1 4 2 0 0 1
fstat init:1 2 1 0 0 1
gettimeofday init:1 2 0 0 0 0
ioctl avahi-daemon:1105 2 0 0 0 0
write avahi-daemon:1105 18 3 0 0 1
poll avahi-daemon:1105 5 16790 3358 0 13309
recvmsg avahi-daemon:1105 2 2 1 1 1
gettimeofday avahi-daemon:1105 34 4 0 0 1
read avahi-daemon:1105 6 1 0 0 1
gettimeofday dropbear:1147 14 1 0 0 1
write dropbear:1147 6 9 1 1 2
select dropbear:1147 13 286941 22072 0 278520
read dropbear:1147 12 3 0 0 1
Regards
FRed
Frederic Turgis
OMAP Platform Business Unit - OMAP System Engineering - Platform Enablement
>
Texas Instruments France SA, 821 Avenue Jack Kilby, 06270 Villeneuve Loubet. 036 420 040 R.C.S Antibes. Capital de EUR 753.920
-----Original Message-----
> From: systemtap-owner@sourceware.org
> [mailto:systemtap-owner@sourceware.org] On Behalf Of Zheng Da
> Sent: Saturday, July 23, 2011 6:24 AM
> To: systemtap@sourceware.org
> Subject: the system call number
>
> Hello,
>
> I try to trace all system calls in a period of time, and then
> print out all system calls and the invokers.
> How do I get the system call number, or better the names of
> the system calls?
> I tried $syscall, but it doesn't work.
>
> probe syscall.* {
> if ($syscall != 4) {
> curr_time = gettimeofday_us()
> if (curr_time > start_time + 1000000 * 3)
> printf ("%s calls %d\n",
> execname(), $syscall)
> }
> }
>
> Thanks,
> Da
>
[-- Attachment #2: syscall_times.stp --]
[-- Type: application/octet-stream, Size: 1091 bytes --]
global starttime, timebycall
probe begin {
printf("Collecting data - type Ctrl-C to print output and exit... %d\n", get_32k())
}
probe syscall.* {
starttime[name, tid()] = get_32k()
}
probe syscall.*.return {
# Skip if we have not seen this before
if (!([name, tid()] in starttime)) next
delta = get_32k() - starttime[name, tid()]
# Totals
timebycall[name, tid(), execname()] <<< delta
delete starttime[name, tid()]
}
function print_header() {
printf("%22s %16s:%-6s %10s %12s %12s %12s %12s\n",
"System Call", "execname", "pid", "Count", "Total 32K",
"Avg 32K", "Min 32K", "Max 32K")
}
probe end {
printf("END TIME %d\n", get_32k())
printf("\nTimes for XXX:\n\n")
print_header()
foreach ([call, pidt+, exe] in timebycall)
printf("%22s %16s:%-6d %10d %12d %12d %12d %12d\n", call, exe, pidt,
@count(timebycall[call, pidt, exe]),
@sum(timebycall[call, pidt, exe]),
@avg(timebycall[call, pidt, exe]),
@min(timebycall[call, pidt, exe]),
@max(timebycall[call, pidt, exe]))
delete timebycall
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: the system call number
2011-07-23 23:11 ` Turgis, Frederic
@ 2011-07-25 9:51 ` Mark Wielaard
2011-07-25 17:46 ` Da Zheng
0 siblings, 1 reply; 4+ messages in thread
From: Mark Wielaard @ 2011-07-25 9:51 UTC (permalink / raw)
To: Turgis, Frederic; +Cc: Zheng Da, systemtap
On Sun, 2011-07-24 at 01:11 +0200, Turgis, Frederic wrote:
> Hi,
>
> I think all syscalls in tapset have "name" variable defined to the correct name.
Yes, that is the most convenient way to refer to the syscall matched by
a probe. See also the comment at the top of tapset/syscall.stp for some
of the other generic probe syscall.*[.return] convenience variables:
/* Each syscall returns the calls parameters. In addition, the following
* variables are set:
*
* name - generally the syscall name minus the "sys_".
*
* argstr - a string containing the decoded args in an easy-to-read format.
* It doesn't need to contain everything, but should have all the
* important args. Set in entry probes only. Values enclosed in
* square brackets are user-space pointers. Values in curly
* braces are decoded structs.
*
* retstr - a string containing the return value in an easy-to-read format.
* Set in return probes only.
*/
An alternative way to intercept syscalls using numbers is the
process[(pid|name)].syscall probe. This exposes a $syscall variable
which is just the architecture specific number. I find this one less
convenient to use, but it has as advantage that it automatically
restricts itself to the target process. Example:
stap -e 'probe process.syscall
{ printf("%s called %d\n", execname(), $syscall) }' -c /bin/ls
nd_syscall.stp provides even another way to intercept syscalls, using
non-dwarf kprobe, but that tapset isn't fully finished and needs more
cross-architecture work to be really useful.
Cheers,
Mark
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: the system call number
2011-07-25 9:51 ` Mark Wielaard
@ 2011-07-25 17:46 ` Da Zheng
0 siblings, 0 replies; 4+ messages in thread
From: Da Zheng @ 2011-07-25 17:46 UTC (permalink / raw)
To: Mark Wielaard; +Cc: Turgis, Frederic, systemtap
Hello,
On 07/25/11 02:51, Mark Wielaard wrote:
> On Sun, 2011-07-24 at 01:11 +0200, Turgis, Frederic wrote:
>> Hi,
>>
>> I think all syscalls in tapset have "name" variable defined to the correct name.
> Yes, that is the most convenient way to refer to the syscall matched by
> a probe. See also the comment at the top of tapset/syscall.stp for some
> of the other generic probe syscall.*[.return] convenience variables:
>
> /* Each syscall returns the calls parameters. In addition, the following
> * variables are set:
> *
> * name - generally the syscall name minus the "sys_".
> *
> * argstr - a string containing the decoded args in an easy-to-read format.
> * It doesn't need to contain everything, but should have all the
> * important args. Set in entry probes only. Values enclosed in
> * square brackets are user-space pointers. Values in curly
> * braces are decoded structs.
> *
> * retstr - a string containing the return value in an easy-to-read format.
> * Set in return probes only.
> */
>
> An alternative way to intercept syscalls using numbers is the
> process[(pid|name)].syscall probe. This exposes a $syscall variable
> which is just the architecture specific number. I find this one less
> convenient to use, but it has as advantage that it automatically
> restricts itself to the target process. Example:
>
> stap -e 'probe process.syscall
> { printf("%s called %d\n", execname(), $syscall) }' -c /bin/ls
>
> nd_syscall.stp provides even another way to intercept syscalls, using
> non-dwarf kprobe, but that tapset isn't fully finished and needs more
> cross-architecture work to be really useful.
Thanks a lot. I found `name' is also mentioned in the Beginners Guide.
Da
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-25 17:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-23 4:23 the system call number Zheng Da
2011-07-23 23:11 ` Turgis, Frederic
2011-07-25 9:51 ` Mark Wielaard
2011-07-25 17:46 ` Da Zheng
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).