分享
分享赚钱 收藏 举报 版权申诉 / 38

类型Linux下的万能观测工具.ppt

  • 上传人:hskm5268
  • 文档编号:8115814
  • 上传时间:2019-06-09
  • 格式:PPT
  • 页数:38
  • 大小:134.50KB
  • 配套讲稿:

    如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。

    特殊限制:

    部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。

    关 键  词:
    Linux下的万能观测工具.ppt
    资源描述:

    1、SystemTap Linux下的万能观测工具,褚霸 核心系统数据库组 http:/yufeng.info 2010/11/18,Agenda,介绍SystemTap安装和系统要求实践例子参考和杂项结论,SystemTap是什么?,According to http:/sourceware.org/systemtap/SystemTap provides free software (GPL) infrastructure to simplify the gathering of information about the running Linux system. This assists

    2、 diagnosis of a performance or functional problem. SystemTap eliminates the need for the developer to go through the tedious and disruptive instrument, recompile, install, and reboot sequence that may be otherwise required to collect data.观察活体系统最佳工具,前提是你懂得如何观察!,SystemTap是如何工作的,1. write or choose a s

    3、cript describing what you want to observe2. stap translates it into a kernel module3. stap loads the module and communicates with it4. just wait for your data,五步走,# stap -uv test.stp Pass 1: parsed user script and 74 library script(s) using 86868virt/20488res/1792shr kb, in 190usr/20sys/209real ms.

    4、Pass 2: analyzed script: 1 probe(s), 0 function(s), 0 embed(s), 0 global(s) using 87264virt/21148res/1976shr kb, in 10usr/0sys/7real ms. Pass 3: translated to C into “/tmp/stapz2iv97/stap_aef621603e006af62084b361e0a0c981_553.c“ using 87264virt/21332res/2144shr kb, in 0usr/0sys/0real ms. Pass 4: comp

    5、iled C into “stap_aef621603e006af62084b361e0a0c981_553.ko“ in 1230usr/160sys/1384real ms. Pass 5: starting run. Pass 5: run completed in 10usr/20sys/12331real ms.,SystemTap 探测点例子,SystemTap is all about executing certain actions when hitting certain probe points.syscall.readwhen entering read() syste

    6、m call syscall.close.returnwhen returning from the close() system call module(“floppy“).function(“*“)when entering any function from the “floppy“ module kernel.function(“*net/socket.c“).returnwhen returning from any function in le net/socket.c kernel.statement(“*kernel/sched.c:2917“)when hitting lin

    7、e 2917 of le kernel/sched.c,更多探测点例子,timer.ms(200)every 200 millisecondsprocess(“/bin/ls“).function(“*“) when entering any function in /bin/ls (not its libraries orsyscalls)process(“/lib/libc.so.6“).function(“*malloc*“)when entering any glibc function which has “malloc“ in its namekernel.function(“*e

    8、xit*“).returnwhen returning from any kernel function which has “exit“ in its nameRTFM for more (man stapprobes).,SystemTap编程语言,mostly C-style syntax with a feeling of awkbuiltin associative arraysbuiltin aggregates of statistical datavery easy to collect data and do statistics on it (average, min,ma

    9、x, count,. . . )many helper functions (builtin and in tapsets)RTFM: SystemTap Language Reference shipped with SystemTap (langref.pdf),Performances and safety,language-level safety features no pointers no unbounded loops type inference you can also write probe handlers in C (with -g) but dont complai

    10、n if you break stuff runtime safety features stap enforces maximum run time for each probe handler various concurrency constraints are enforced overload processing (dont allow stap to take up all the CPU time) many things can be overriden manually if you really want see SAFETY AND SECURITY section o

    11、f stap(1)The overhead depends a lot of what you are trying to do but in general stap will try to stop you from doing something stupid (but then you can still force it to do it).,Some helper functions youll see a lot,pid() which process is this? uid() which user is running this? execname() what is th

    12、e name of this process? tid() which thread is this? gettimeofday_s() epoch time in seconds probefunc() what function are we in? print_backtrace() figure out how we ended up hereThere are many many more. RTFM (man stapfuncs) and explore /usr/share/systemtap/tapset/.,Some cool stap options,-x trace on

    13、ly speci ed PID (only for userland probing)-c run given command and only trace it and its children (will still trace all threads for kernel probes)-L list probe points matching given pattern along with available variables-d load given module debuginfo to help with symbol resolution in backtraces-g e

    14、mbed C code in stap script unsafe, dangerous and fun,Agenda,介绍SystemTap安装和系统要求实践例子参考结论,Requirements,SystemTap探测用户空间程序需要utrace的支持,但是这个特性还没有被Linux上游吸收。Redhat的发行版本目前支持这个特性。源码级别跟踪需要安装符号信息 包层面需要安装package-debuginfo on RPM distros 用户自己的程序需要gcc -g -gdwarf-2 -g3编译stap脚本是编译成内核模块运行的,需要root权限,安装SystemTap,RHEL5U

    15、4需要安装内核符号信息: rpm -i kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm rpm -i kernel-debuginfo-2.6.18-164.el5.x86_64.rpm由于5U4带的SystemTap是0.97版本,需要升级到1.3: ./configure prefix=/usr & make & make install如何验证是否成功: # stap topsys.stp SYSCALL COUNT read 48 fcntl 42. fstat 1 -,Agenda,介绍SystemTap安装和系统要求实践例子参考和

    16、杂项结论,Example: 谁在执行我们的程序,Listing: exec.stpprobe syscall.exec* printf(“exec %s %sn“, execname(), argstr) $ stap -L syscall.exec* syscall.execve name:string filename:string args:string argstr:string $filename:char* $argv:char* $envp:char* $regs:struct pt_regs*# stap exec.stp exec sshd /usr/sbin/sshd “-

    17、R“ exec sshd /bin/bash,例子: 谁杀了我的程序,Listing: sigkill.stp probe signal.send if(sig_name = “SIGKILL“) printf(“%s was sent to %s (pid:%d) by %s uid :%dn“, sig_name, pid_name , sig_pid, execname(), uid() # kill -9 pgrep top# stap sigkill.stp SIGKILL was sent to top (pid:19281) by bash uid :50920,Example

    18、tac.c: 工具函数,#include #include #include char* haha = “wahahan“; char* read_line(FILE* fp, char* buf, size_t len) return fgets(buf, len, fp); char* reverse_line(char* line, size_t l) char *s = line, *e = s + l - sizeof(“n“), t; while(s e) t =*s, *s = *e, *e = t; s+, e-; return line; void write_line(ch

    19、ar* line) fputs(line, stdout);,Example tac.c continued : 主程序,int main(int argc, char * argv) char buf4096, *line; FILE* fp = stdin;if(argc != 1 ) fp = fopen(argv1, “r“); if(fp = NULL)fprintf(stdout, “usage: %s filenamen“, argv0);return -1;while(line = read_line(fp, buf, sizeof(buf) line = reverse_li

    20、ne(line, strlen(line); write_line(line); if(argc != 1) fclose(fp);return 0; ,编译tac,# 必须要带调试信息 # gcc -g -gdwarf-2 -g3 tac.c# 确认符号信息的存在 # stap -L process(“a.out“).function(“*“) process(“/tmp/a.out“).function(“main/tmp/tac.c:25“) $argc:int $argv:char* $buf:char $line:char* $fp:FILE* process(“/tmp/a.out

    21、“).function(“read_line/tmp/tac.c:7“) $fp:FILE* $buf:char* $len:size_t process(“/tmp/a.out“).function(“reverse_line/tmp/tac.c:11“) $line:char* $l:size_t $s:char* $e:char* $t:char process(“/tmp/a.out“).function(“write_line/tmp/tac.c:21“) $line:char*,Example 1: 读出程序的参数,function get_argv_1:long(argv:lon

    22、g) % /* pure */ THIS-_retvalue =(long) (char*)THIS-argv)1; %probe process(“a.out“).function(“main“) filename = “stdin“; if($argc 1) filename = user_string(get_argv_1($argv); println(filename); ,Example 1 continued:,# echo “hi“|./a.out # ./a.out tac.c# stap -gu ./ex1.stp :) stdin tac.c,Example 2: cal

    23、lgraph for anything,function trace(entry_p, extra) %( $# 1 %? if (tid() in trace) %) printf(“%s%s%s %sn“, thread_indent (entry_p), (entry_p0?“-“:“-“), probefunc (), extra) probe $1.call trace(1, $parms) probe $1.return trace(-1, $return) ,Example 2 continued:,# echo “hi“|./a.out # sudo stap ./ex2.st

    24、p process(“a.out“).function(“*“) :) 0 a.out(18123):-main argc=0x1 argv=0x7fff351ee0c8 30 a.out(18123): -readline fp=0x3f7bb516a0 buf=0x7fff351ecfd0 len=0x1000 590 a.out(18123): reverse_line line=0x7fff351ecfd0 l=0x3 625 a.out(18123): write_line line=0x7fff351ecfd0 731 a.out(18123): readline fp=0x3f7

    25、bb516a0 buf=0x7fff351ecfd0 len=0x1000 762 a.out(18123): -readline return=0x0 770 a.out(18123):-main return=0x0,Example 3: 获取行长度,global line_lenprobe process(“a.out“).statement(“reverse_linetac.c+1“) line_len 0) print(hist_linear(line_len, 8, 128, 8); ,Example 3 continued:,# ls -al|./a.out # ./ex3.st

    26、p :) value |- count 8 | 64 8 | 69 16 | 68 24 | 68 32 | 68 40 | 68 48 | 50 56 | 0 64 | 0,Example 4: 行反转平均时间,global t, call_timeprobe process(“a.out“).function(“reverse_line“) t = gettimeofday_ns() probe process(“a.out“).function(“reverse_line“).return call_time 0) printf(“avg reverse_line execute tim

    27、e: %d nsn“, avg(call_time) ,Example 4 continued :,# ls -al|./a.out # ./ex4.stp :) avg reverse_line execute time: 6651 ns,Example 5: 列出调用栈,probe process(1).function(2) print_ubacktrace(); exit(); ,Example 5 continued:,# ls -al|./a.out # stap ./ex5.stp ./a.out *_line :) 0x40066d : reverse_line+0xc/0x6

    28、1 a.out 0x40078f : main+0xaf/0x100 a.out 0x3bd441d994 libc-2.5.so+0x1d994/0x357000,Example 6: 修改程序的行为,global line function alert_line(line:long) % /* pure */ strcpy(char*)THIS-line, “abcdefgn“); %probe process(“a.out“).function(“reverse_line“) line = user_string($line); probe process(“a.out“).functi

    29、on(“reverse_line“).return if(isinstr(line, “tac“) $return = $haha; else if (isinstr(line, “hello“) alert_line($return); ,Example 6 continued:,# stap ./ex6.stp# echo tac|./a.out wahaha # echo hello|./a.out abcdefg # echo world|./a.out dlrow,Agenda,介绍SystemTap安装和系统要求实践例子参考和杂项结论,Emacs Systemtap mode,在这

    30、里下载 systemtap-mode.el: http:/coderepos.org/share/browser/lang/elisp/systemtap-mode/systemtap-mode.el?format=txt 在.emacs里面添加以下二行: (autoload systemtap-mode “systemtap-mode“) (add-to-list auto-mode-alist (“.stp$“ . systemtap-mode),参考文献,http:/sourceware.org/systemtap/langref/http:/sourceware.org/systemtap/tapsets/http:/ is often described as “DTrace for Linux“.OProfile takes sample every $N CPU cycles so you can try to fi gureout what each CPU is spending its time on.SystemTap ,居家必备!,谢谢大家!,Any question?,

    展开阅读全文
    提示  道客多多所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
    关于本文
    本文标题:Linux下的万能观测工具.ppt
    链接地址:https://www.docduoduo.com/p-8115814.html
    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    道客多多用户QQ群:832276834  微博官方号:道客多多官方   知乎号:道客多多

    Copyright© 2025 道客多多 docduoduo.com 网站版权所有世界地图

    经营许可证编号:粤ICP备2021046453号    营业执照商标

    1.png 2.png 3.png 4.png 5.png 6.png 7.png 8.png 9.png 10.png



    收起
    展开