Use SystemTap to debug the kernel

Article title: use SystemTap to debug the kernel. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

SystemTap is a novel Linux kernel diagnostic tool that provides the ability to quickly and securely obtain information from the running Linux kernel. SystemTap is a good news for kernel developers and system administrators, because it allows them to collect real-time kernel data by writing or reusing simple scripts, without having to endure the long run of modifying the source code, compiling the kernel, and restarting the system. This article introduces the installation, use, and basic principles of SystemTap, and uses some interesting examples to reveal the powerful capabilities provided by SystemTap.

Before SystemTap appeared, it was often a nightmare for Linux programmers or system administrators to debug the kernel. For example, if you suspect that the fd parameter passed to the system to call read has a problem and want to print it out, what you need to do is: first obtain the kernel source code and find sys_read () insert the printk () statement into the function body, recompile the kernel, and then restart the system with the new kernel. Thank God, you finally saw what you want to see, but you will soon find a new problem: unless you restart the system to the original kernel, printk () will print it endlessly.

The purpose of SystemTap is to save people from this quagmire. SystemTap provides a simple command line interface and a powerful scripting language, while predefines a wide range of script libraries. Based on the kprobe in the kernel, SystemTap allows you to freely collect debugging information and performance data from the running kernel for later analysis and processing. You can start or stop this collection process at any time without the need for a long cycle of code modification, kernel compilation, and system restart. SystemTap simplifies the problem above. it is as simple as a command:

stap -e 'probe syscall.read { printf("fd = %d\n",fd) }

SystemTap features similar to Sun's DTrace and IBM's dprobe tool. But unlike them, SystemTap is an open-source software project that complies with GPL. As a result, the Linux community also has a powerful and easy-to-use dynamic kernel debugging tool. Currently, SystemTap is mainly developed by RedHat, IBM, Intel, and Hitachi, and includes engineers from the IBM China Development Center.

Install SystemTap

Before installing SystemTap, make sure that the other two software packages are installed in the system:

• Kernel-debuginfo RPM: SystemTap uses kernel debugging information to locate kernel functions and variables. For the general release version, the kernel-debuginfo RPM is not installed. we can download it from the release version download site. For Fedora Core 6 on my ThinkPad, this address is: http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/debug/
• Elfutils RPM: SystemTap requires the library functions provided by the elfutils software package to analyze debugging information. Current SystemTap requires installation of elfutils-0.123 or later versions. The latest version is 0.124-0.1. If necessary, we can download the RPM or source code from the SystemTap site to upgrade. Yes: ftp://sources.redhat.com/pub/SystemTap/elfutils/i386/

You can install SystemTap in the following two ways:

1. you have installed systemtap by default when Installing Fedora Core 6 through RPM. If not, you can also download from the address below: http://download.fedora.redhat.com/pub/fedora/linux/
Core/updates/testing/6/i386/SystemTap-0.5.10-1.fc6.i386.rpm

2. install the SDK through source code:

Download the latest source code from the FTP site of SystemTap

Ftp://sources.redhat.com/pub/SystemTap/snapshots/SystemTap-20061104.tar.bz2

The installation is as follows:

/root > tar -jxf SystemTap-20061104.tar.bz2/root > cd src/root/src> ./configure/root/src> make/root/src> make install

Run SystemTap

The root permission is required to run SystemTap.

There are three ways to run SystemTap:

1. read and run the script from a file (usually with. stp as the filename suffix): stap [option] file name

2. read and run the script from the standard input: stap [option]-

3. run the script in the command line: stap [option]-e script

4. run the script file directly (the executable property is required and # is added to the first line #! /Usr/bin/stap): Run "Ctrl + C" on the script file name to stop running SystemTap.

Systemtap options are constantly being expanded and updated. The most common options include:

-V -- print intermediate information

-P NUM -- stop after Pass Num is run (to Pass 5 by default)

-K -- the temporary files are retained and not deleted after the running is completed.

-B -- use the RelayFS file system to transmit data from the kernel space to the user space

-M -- valid only when the-B option is used. separate data files of each CPU are not merged at the end of running.

-O FILE -- output to the FILE instead of the standard output

-C CMD -- after the probe is started, run the CMD command and exit after the command ends.

-G -- uses the guru mode, allowing the script to embed C statements

For more options, see The stap manual.

[1] [2] [3] Next page