dtrace for linux 2.0.0-1.14, implemented in the form of a user of the process using the EBPF subsystem and standard mechanisms Trace of Linux core. In terms of functionality, the implementation of DTRACE based on EBPF is close to the first implementation of the DTRACE for Linux, made in the form of a nucleus module. Project code is distributed under the license gplv2.
The tools can be used with Linux standard nuclei supporting BPF. The work requires LibCTF library with the implementation of the CTF (Compact Type Format) support format, which is part of the Binutils package, starting with the release of 2.40, or the library Libdtrace-ctf, ported from Solaris. Optionally, two patches are offered to the nucleus 6.7, allowing you to use advanced opportunities to obtain additional data on modules and nucleus.
DTRACE technology was developed to solve problems on the dynamic tracer of the nucleus and end applications in the Solaris operating system. DTRACE gives the user the opportunity to track the behavior of the system in detail and, in real time, diagnose problems. In the process of debugging, DTRACE does not affect the operation of the studied applications and does not affect their performance in any way, which allows you to organize the analysis of working systems on the fly. From the strengths of DTRACE, a high-level Dtrace language is similar to AWK, in which it is much easier to create trace scenarios than when using the processors of processors in the EBPF in the languages C, Python and Lua with external libraries.
The main features:
- Available error, launched before or after other checks, as well as if errors occur.
- fbt (Function Boundary Tracing) – tracking appeals to the functions of the nucleus.
- Lockstat – tracking the state of locks.
- pid – monitoring the appeals to the functions in the processes working in the user space.