博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
MAC OS 内核跟踪监视工具dtrace 使用示例说明
阅读量:6371 次
发布时间:2019-06-23

本文共 5602 字,大约阅读时间需要 18 分钟。

//

syscall

dtrace -ln 'syscall::write*:'   //显示可使用的probe

dtrace -ln 'syscall::*read*:entry' //显示可使用的probe

dtrace -n 'syscall::write:entry {@dist[execname] = quantize(arg0)}'  //之后CTRL+C

dtrace -n 'syscall::socket:entry {@dist[execname] = quantize(arg0)}' //之后CTRL+C

dtrace -n 'syscall:::entry { @sc[execname, probefunc] = count(); }'  #dtrace -n 'syscall:::entry'

dtrace -n 'syscall::open:entry { printf("%s %s", execname, copyinstr(arg0)); }'

dtrace -n 'syscall::fork*: { trace(pid); }'

dtrace -n 'syscall::exec*: { trace(execname); }'

Showing Read Byte Distributions by Process
 dtrace -n 'syscall::read:return { @[execname] = quantize(arg0); }'
一秒打印一次进程数
dtrace -n 'profile-997 { @[execname] = count(); } tick-1s { printa(@); trunc(@); }'
Most function calls will return from the same thread that they enter,6 so a thread- local variable can be used to associate these events. Here a time stamp is saved on the write(2) entry so that the time can be calculated on return:
dtrace -n 'syscall::write:entry { self->s = timestamp; } syscall::write:return /self->s/
syscall Provider
dtrace -n 'syscall:::entry { @[probefunc] = count(); }'
Which processes are executing the most system calls?
dtrace -n 'syscall:::entry { @[pid, execname] = count(); }'
What system calls are a given process name executing (for example, firefox-bin)?
dtrace -n 'syscall:::entry /execname == "firefox"/ { @[probefunc] = count(); }'
dtrace -qn 'syscall::read:entry,syscall::write:entry /fds[arg0].fi_fs == "sockfs"/ { @[probefunc] = sum(arg2); } tick-1sec { printa(@); trunc(@); }'  #暂无打印
dtrace -n 'syscall::read:entry,syscall::write:entry /execname == "firefox" && fds[arg0].fi_fs == "sockfs"/ { @[execname,pid] = count(); }'   #暂无打印

/
指定进程的MALLOC调用情况
dtrace -n 'pid$target::malloc:entry { @[ustack()] = quantize(arg0); }' -p 513 
//
Disk I/O
dtrace -n 'io:::start { @[execname, pid] = count(); }'
bash-3.2# dtrace -qn 'syscall:::entry /execname == "firefox"/
{ @[pid, probefunc] = count(); } END { trunc(@, 10); printa(@); }'
dtrace -n 'syscall::pread*:entry,syscall::pwrite*:entry /execname == "java"/
 { @[fds[arg0].fi_fs] = count(); }'
dtrace -n 'syscall::pread*:entry,syscall::pwrite*:entry /execname == "java"/
{ @[fds[arg0].fi_pathname] = count(); }'
/
Memory
Tracking process user stack sizes:
Tracking which processes are growing their address space heap segment:
Tracking memory page faults by process name:
dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }'
Tracking pages paged in by process name:
dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }'
Tracking pages paged out by process name:
dtrace -n 'vminfo:::pgpgout { @pg[execname] = sum(arg0); }'
sched Provider

dtrace -n 'sched:::on-cpu { @[pid, execname] = count(); }'

Tracking process user stack sizes:
dtrace -n 'sched:::on-cpu { @[execname] = max(curthread->t_procp->p_stksize);}'
Tracking which processes are growing their address space heap segment:
dtrace -n 'fbt::brk:entry { @mem[execname] = count(); }'
fbt Provider
Tracking which processes are growing their address space stack segment:
dtrace -n 'fbt::grow:entry { @mem[execname] = count(); }'
///

I/O

Which processes are executing common I/O system calls?
dtrace -n 'syscall::*read:entry,syscall::*write:entry { @rw[execname,probefunc] =
count(); }'
Which file system types are targeted for reads and writes?
dtrace -n 'syscall::*read:entry,syscall::*write:entry { @fs[execname, probefunc,fds[arg0].fi_fs] = count(); }'
Which files are being read, and by which processes?
dtrace -n 'syscall::*read:entry { @f[execname, fds[arg0].fi_pathname] = count(); }'
Which files are being written, and by which processes?
dtrace -n 'syscall::*write:entry { @f[execname, fds[arg0].fi_pathname] = count(); }'
Which processes are generating network I/O (Solaris)?
dtrace -n 'fbt:sockfs::entry { @[execname, probefunc] = count(); }'  #暂时无法使用
What is the rate of disk I/O being issued?
dtrace -n 'io:::start { @io = count(); } tick-1sec { printa("Disk I/Os per second: %@d \n", @io); trunc(@io); }'

 

 

检查socket 调用情况

 dtrace -n 'syscall::socket:entry  { @[execname] = quantize(arg0); }'

 

 dtrace -n 'syscall::write:entry /execname=="VineSample"/ { @[execname] = quantize(arg0); }'

 

//

lquantize解释:https://blogs.oracle.com/swan/entry/dtrace%E7%AE%80%E4%BB%8B_3

  使用lquantize(所指定表达式的值的线性频率分布),我们了解需要调查的表达式的分布情况。比如,我们想知道系统调用write打开的文件描述符(file descriptor)的线性分布情况。

     

'syscall::write:entry{@fds[execname]=lquantize(arg0,0,100,1)}'  #参数说明:标量表达式,下限,上限,步长值

dtrace: description 'syscall::write:entry' matched 1 probe

\^C
  dtrace
           value  ------------- Distribution ------------- count
               0 |                                         0
               1 |@@@@@@@@@@@@@@@@@@@@ 1
               2 |                                         0
  sshd
           value  ------------- Distribution ------------- count
               3 |                                         0
               4 |@@@@@@@@@@@@@@@@@@@@                     1
               5 |                                         0
               6 |                                         0
               7 |                                         0
               8 |@@@@@@@@@@@@@@@@@@@@                     1
               9 |                                         0

      在上例中,我们可以看到,在该时间内,sshd进程对文件描述符4操作了1次,对文件描述符8操作了1次。虽然不具有实际意义,但可以帮助我们理解lquantize的作用。

 

如果要聚合的表达式的值非常大,使用lquantize可能会输出太多信息,这种情况下可以使用quantize(所指定表达式的值的二次方幂频率分布)来聚合。

 

下面是一个统计执行程序系统调用的时间分布的D脚本: time.d

#!/usr/sbin/dtrace -s
syscall:::entry
{
        self->ts=timestamp;
}
syscall:::return
/self->ts/
{
        @time[execname]=quantize(timestamp-self->ts);
}

执行一段时间,按Ctrl+C中断。限于篇幅,下面只列出部分信息。

# ./time.d

dtrace: script './time.d' matched 462 probes
\^C
  sendmail
           value  ------------- Distribution ------------- count
            1024 |                                         0
            2048 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@          7
            4096 |@@@@                                     1
            8192 |@@@@                                     1
           16384 |                                         0
  sshd
           value  ------------- Distribution ------------- count
            1024 |                                         0
            2048 |@@@@@@@@@@@@@@@@@@@                      7
            4096 |@@@@@                                    2
            8192 |@@@@@                                    2
           16384 |@@@@@                                    2
           32768 |                                         0
           65536 |@@@@@                                    2
          131072 |                                         0
  

     以sendmail程序为例:

     系统调用执行时间(从entry到return)在大于等于2048纳秒并小于4096纳秒区间共有7次,在大于等于4096纳秒小于8192纳秒区间共有1次,在大于等于8192纳秒小于16384纳秒区间共有1次。

转载地址:http://yguqa.baihongyu.com/

你可能感兴趣的文章
JSP标签JSTL的使用(1)--表达式操作
查看>>
SAP顾问的人脉比技术更为重要
查看>>
FI/CO PA考试试卷
查看>>
汽车介质应用非常严苛?没关系,新技术带来的高精度传感器十分适应!
查看>>
天合光能 - 用计算捕捉“光的能量”
查看>>
使用sysbench压力测试MySQL(一)(r11笔记第3天)
查看>>
css知多少(11)——position
查看>>
【Spring】定时任务详解实例-@Scheduled
查看>>
先有的资源,能看的速度看,不能看的,抽时间看。说不定那天就真的打不开了(转)...
查看>>
哪些领域适合开发微信小程序
查看>>
谁说数据库防火墙风险大?可能你还不知道应用关联防护
查看>>
ASP.NET Core应用针对静态文件请求的处理[2]: 条件请求与区间请求
查看>>
怎样做一个企业?尤其是在这个互联网时代
查看>>
DVNA:Node.js打造的开源攻防平台
查看>>
17个案例带你3分钟搞定Linux正则表达式
查看>>
Java 8 比较器:如何对 List 排序
查看>>
苹果是否步思科后尘折戟中国
查看>>
漏洞预警!微软曝光震网三代漏洞,隔离网面临重大危机
查看>>
协鑫集成第二批1000台E-KwBe光伏储能设备即将启运澳洲
查看>>
爱立信物联网广州路演
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-01-13 11:33:21   当前IP: 18.119.166.141   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我