public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
* the system call number
@ 2011-07-23  4:23 Zheng Da
  2011-07-23 23:11 ` Turgis, Frederic
  0 siblings, 1 reply; 4+ messages in thread
From: Zheng Da @ 2011-07-23  4:23 UTC (permalink / raw)
  To: systemtap

Hello,

I try to trace all system calls in a period of time, and then print
out all system calls and the invokers.
How do I get the system call number, or better the names of the system calls?
I tried $syscall, but it doesn't work.

probe syscall.* {
        if ($syscall != 4) {
                curr_time = gettimeofday_us()
                        if (curr_time > start_time + 1000000 * 3)
                                printf ("%s calls %d\n", execname(), $syscall)
        }
}

Thanks,
Da

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: the system call number
  2011-07-23  4:23 the system call number Zheng Da
@ 2011-07-23 23:11 ` Turgis, Frederic
  2011-07-25  9:51   ` Mark Wielaard
  0 siblings, 1 reply; 4+ messages in thread
From: Turgis, Frederic @ 2011-07-23 23:11 UTC (permalink / raw)
  To: Zheng Da, systemtap

[-- Attachment #1: Type: text/plain, Size: 3077 bytes --]

Hi,

I think all syscalls in tapset have "name" variable defined to the correct name.

Attached an example to compute syscalls per process and call duration, to finally get this kind of output (get_32k() is TI custom, can use do_gettimeofday):
           System Call         execname:pid         Count    Total 32K      Avg 32K      Min 32K      Max 32K
             setitimer             init:1               2            0            0            0            0
                select             init:1               1       164091       164091       164091       164091
                  stat             init:1               4            2            0            0            1
                 fstat             init:1               2            1            0            0            1
          gettimeofday             init:1               2            0            0            0            0
                 ioctl     avahi-daemon:1105            2            0            0            0            0
                 write     avahi-daemon:1105           18            3            0            0            1
                  poll     avahi-daemon:1105            5        16790         3358            0        13309
               recvmsg     avahi-daemon:1105            2            2            1            1            1
          gettimeofday     avahi-daemon:1105           34            4            0            0            1
                  read     avahi-daemon:1105            6            1            0            0            1
          gettimeofday         dropbear:1147           14            1            0            0            1
                 write         dropbear:1147            6            9            1            1            2
                select         dropbear:1147           13       286941        22072            0       278520
                  read         dropbear:1147           12            3            0            0            1


Regards
FRed

Frederic Turgis
OMAP Platform Business Unit - OMAP System Engineering - Platform Enablement



>
Texas Instruments France SA, 821 Avenue Jack Kilby, 06270 Villeneuve Loubet. 036 420 040 R.C.S Antibes. Capital de EUR 753.920

-----Original Message-----

> From: systemtap-owner@sourceware.org
> [mailto:systemtap-owner@sourceware.org] On Behalf Of Zheng Da
> Sent: Saturday, July 23, 2011 6:24 AM
> To: systemtap@sourceware.org
> Subject: the system call number
>
> Hello,
>
> I try to trace all system calls in a period of time, and then
> print out all system calls and the invokers.
> How do I get the system call number, or better the names of
> the system calls?
> I tried $syscall, but it doesn't work.
>
> probe syscall.* {
>         if ($syscall != 4) {
>                 curr_time = gettimeofday_us()
>                         if (curr_time > start_time + 1000000 * 3)
>                                 printf ("%s calls %d\n",
> execname(), $syscall)
>         }
> }
>
> Thanks,
> Da
>

[-- Attachment #2: syscall_times.stp --]
[-- Type: application/octet-stream, Size: 1091 bytes --]

global starttime, timebycall

probe begin {
	printf("Collecting data - type Ctrl-C to print output and exit... %d\n", get_32k())
}

probe syscall.* {
    starttime[name, tid()] = get_32k()
}

probe syscall.*.return {
    # Skip if we have not seen this before
    if (!([name, tid()] in starttime)) next

    delta = get_32k() - starttime[name, tid()]

    # Totals
    timebycall[name, tid(), execname()] <<< delta

    delete starttime[name, tid()]
}

function print_header() {
	printf("%22s %16s:%-6s %10s %12s %12s %12s %12s\n",
	       "System Call", "execname", "pid", "Count", "Total 32K",
	       "Avg 32K", "Min 32K", "Max 32K")
}

probe end {
  printf("END TIME %d\n", get_32k())

  printf("\nTimes for XXX:\n\n")
  print_header()
  foreach ([call, pidt+, exe] in timebycall)
    printf("%22s %16s:%-6d %10d %12d %12d %12d %12d\n", call, exe, pidt, 
      @count(timebycall[call, pidt, exe]),
      @sum(timebycall[call, pidt, exe]),
      @avg(timebycall[call, pidt, exe]),
      @min(timebycall[call, pidt, exe]),
      @max(timebycall[call, pidt, exe]))


  delete timebycall
}

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: the system call number
  2011-07-23 23:11 ` Turgis, Frederic
@ 2011-07-25  9:51   ` Mark Wielaard
  2011-07-25 17:46     ` Da Zheng
  0 siblings, 1 reply; 4+ messages in thread
From: Mark Wielaard @ 2011-07-25  9:51 UTC (permalink / raw)
  To: Turgis, Frederic; +Cc: Zheng Da, systemtap

On Sun, 2011-07-24 at 01:11 +0200, Turgis, Frederic wrote:
> Hi,
> 
> I think all syscalls in tapset have "name" variable defined to the correct name.

Yes, that is the most convenient way to refer to the syscall matched by
a probe. See also the comment at the top of tapset/syscall.stp for some
of the other generic probe syscall.*[.return] convenience variables:

/* Each syscall returns the calls parameters. In addition, the following
* variables are set:
*
* name - generally the syscall name minus the "sys_".
*
* argstr - a string containing the decoded args in an easy-to-read format.
*          It doesn't need to contain everything, but should have all the
*          important args. Set in entry probes only. Values enclosed in
*          square brackets are user-space pointers. Values in curly
*          braces are decoded structs.
*
* retstr - a string containing the return value in an easy-to-read format.
*          Set in return probes only.
*/

An alternative way to intercept syscalls using numbers is the
process[(pid|name)].syscall probe. This exposes a $syscall variable
which is just the architecture specific number. I find this one less
convenient to use, but it has as advantage that it automatically
restricts itself to the target process. Example:

stap -e 'probe process.syscall
 { printf("%s called %d\n", execname(), $syscall) }' -c /bin/ls

nd_syscall.stp provides even another way to intercept syscalls, using
non-dwarf kprobe, but that tapset isn't fully finished and needs more
cross-architecture work to be really useful.

Cheers,

Mark

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: the system call number
  2011-07-25  9:51   ` Mark Wielaard
@ 2011-07-25 17:46     ` Da Zheng
  0 siblings, 0 replies; 4+ messages in thread
From: Da Zheng @ 2011-07-25 17:46 UTC (permalink / raw)
  To: Mark Wielaard; +Cc: Turgis, Frederic, systemtap

Hello,

On 07/25/11 02:51, Mark Wielaard wrote:
> On Sun, 2011-07-24 at 01:11 +0200, Turgis, Frederic wrote:
>> Hi,
>>
>> I think all syscalls in tapset have "name" variable defined to the correct name.
> Yes, that is the most convenient way to refer to the syscall matched by
> a probe. See also the comment at the top of tapset/syscall.stp for some
> of the other generic probe syscall.*[.return] convenience variables:
>
> /* Each syscall returns the calls parameters. In addition, the following
> * variables are set:
> *
> * name - generally the syscall name minus the "sys_".
> *
> * argstr - a string containing the decoded args in an easy-to-read format.
> *          It doesn't need to contain everything, but should have all the
> *          important args. Set in entry probes only. Values enclosed in
> *          square brackets are user-space pointers. Values in curly
> *          braces are decoded structs.
> *
> * retstr - a string containing the return value in an easy-to-read format.
> *          Set in return probes only.
> */
>
> An alternative way to intercept syscalls using numbers is the
> process[(pid|name)].syscall probe. This exposes a $syscall variable
> which is just the architecture specific number. I find this one less
> convenient to use, but it has as advantage that it automatically
> restricts itself to the target process. Example:
>
> stap -e 'probe process.syscall
>   { printf("%s called %d\n", execname(), $syscall) }' -c /bin/ls
>
> nd_syscall.stp provides even another way to intercept syscalls, using
> non-dwarf kprobe, but that tapset isn't fully finished and needs more
> cross-architecture work to be really useful.
Thanks a lot. I found `name' is also mentioned in the Beginners Guide.

Da

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-25 17:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-23  4:23 the system call number Zheng Da
2011-07-23 23:11 ` Turgis, Frederic
2011-07-25  9:51   ` Mark Wielaard
2011-07-25 17:46     ` Da Zheng

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).