Part 1: With tens of thousands of probes into the most remote corners of your system, there's not much DTrace can't tell you about 什么's going on under the hood.

 查理·舒丁(Charlie Schluting) 现在DTrace在OS X 10.5(Leopard)中可用,我赢了’称赞它为Solaris偏执狂。谢谢苹果。 DTrace是本世纪针对Unix风格发布的最具创新性的软件。它提供了前所未有的系统可见性,使系统管理员,开发人员甚至用户都可以获得以前不可能解决的问题的答案。这周我们’我将讨论DTrace及其用法,然后下周我们’我将学习D脚本教程。

DTrace is a Dynamic Tracing facility, originally built into Solaris 10. It enables both programmers and administrators to quickly identify system problems by allowing them to look into exactly 什么 userland programs or the operating system is doing. DTrace has a 41-chapter manual, a large part of which explains the usage of D, the DTrace language. Suspiciously similar to Awk D语言提供了一种方法,管理员可以通过该方法询问操作系统的任意问题。 DTrace拥有超过46,000个测试点,提供了市场上最灵活的方法来诊断深入的问题。那不是说’过于复杂,仅对复杂问题有用。事实上,情况正好相反。


DTrace一旦程序动态修改 ’已加载到内存中。在执行任何操作之前,必须将其加载到内存中。因此,像DTrace这样的足够智能的跟踪程序可以在程序运行之前将代码插入程序中。显然,这必须以管理权限运行。

Before DTrace, the only way to debug an application was to recompile it with debugging symbols enabled. This allowed a debugger to run the application, and gather information as it ran. The resulting binary would be much larger, and would also run much slower. DTrace can be used on any application without recompiling it, and even without restarting it. Other user-space programs designed to show you 什么 system calls are being executed, like truss or strace, actually stop the program’每次系统调用后执行。这带来了巨大的性能问题,甚至可能使某些应用程序崩溃。 DTrace无需担心:它可以在生产系统上使用,而不必担心崩溃。它在不使用时不使用任何资源,在激活时很少使用其他系统调用。

User-space programs are one thing, and indeed you can get a bit of information in some form (list of system calls) without DTrace, but finding out 什么 the kernel is doing was historically impossible. DTrace probes, programmable sensors, are present in the kernel, so you can ask almost anything you want. There are more than 40,000 probes that can be activated at will, depending on the OS in question. A given sensor is programmed to provide the information of value to you, and when it’触发后,DTrace会收集数据。

A DTrace script will often ask for timestamps or arguments to functions. A DTrace user can see how long a function call takes, how often it executes, 什么 the stack trace looks like, and answer many other difficult questions.



首先,应该注意,我们可以使用以下命令获取所有可用探针的列表:‘dtrace –l’. It’s not so useful unless you know 什么 you’重新寻找,但是如果您希望使用探针收集信息,则需要知道如何查找此信息’不是预写脚本的一部分。

DTT(DTrace工具包)提供了一组脚本,这些脚本本身可以提供很多信息,’有些系统管理员可能永远都不需要学习D脚本。 DTT中包含的Docs / Contents文件说明了每个脚本的作用。您会发现DTrace可以复制您所使用的每个系统范围的统计工具’曾经使用过(想想:iostat,vmstat),但它又走了一步。 DTT为系统管理员和应用程序开发人员提供了最有用的脚本。使用tcpsnoop查看哪些进程正在发送什么数据包,或者使用iosnoop查看哪些进程正在写什么文件。看到的能力“what” and “how much”留下一个无语。在DTrace出现之前,经常会发现管理员盯着终端机想知道,“what’s happening,” or “what’s doing that.” Not any more.


让’s begin by asking 什么 system calls are taking place. In this example, we're asking to instrument all syscall entry porints, by specifying the syscall provider and name "entry":

跟踪-n 'syscall:::entry’
0   9299          ioctl:entry

样本输出行是’如此有用,因为它仅表明某些进程进行了ioctl()调用。你的东西’ll see over and over again is the command to summarize, and list by process name. The syscall:::entry example above can be modified to summarize 什么 process made the most system calls:

跟踪-n 'syscall:::entry {@[execname]=count(); }'
smbd           5638
save           14378
ruby           182150

It’很明显,该服务器正在相对繁忙地运行Samba,该程序称为‘save,’和一个红宝石程序。 prstat或top等标准工具也应反映这一点。我们’重新进入D脚本领域,所以我们’现在就停在那里。