3 A New Scripting Dynamic Tracing Tool For Linux
4 [www.ktap.org][homepage]
6 ktap is a new scripting dynamic tracing tool for Linux,
7 it uses a scripting language and lets users trace the Linux kernel dynamically.
8 ktap is designed to give operational insights with interoperability
9 that allows users to tune, troubleshoot and extend kernel and application.
10 It's similar with Linux Systemtap and Solaris Dtrace.
12 ktap have different design principles from Linux mainstream dynamic tracing
13 language in that it's based on bytecode, so it doesn't depend upon GCC,
14 doesn't require compiling kernel module for each script, safe to use in
15 production environment, fulfilling the embedded ecosystem's tracing needs.
17 More information can be found at [ktap homepage][homepage].
19 [homepage]: http://www.ktap.org
23 * simple but powerful scripting language
24 * register based interpreter (heavily optimized) in Linux kernel
25 * small and lightweight (6KLOC of interpreter)
26 * not depend on gcc for each script running
27 * easy to use in embedded environment without debugging info
28 * support for tracepoint, kprobe, uprobe, function trace, timer, and more
29 * supported in x86, arm, ppc, mips
34 1. Clone ktap from github
36 $ git clone http://github.com/ktap/ktap.git
41 $ make #generate ktapvm kernel module and ktap binary
43 3. Load ktapvm kernel module(make sure debugfs mounted)
45 $ make load #need to be root or have sudo access
49 $ ./ktap samples/helloworld.kp
54 1. simplest one-liner command to enable all tracepoints
56 ktap -e "trace *:* { print(argevent) }"
58 2. syscall tracing on target process
60 ktap -e "trace syscalls:* { print(argevent) }" -- ls
62 3. ftrace(kernel newer than 3.3, and must compiled with CONFIG_FUNCTION_TRACER)
64 ktap -e "trace ftrace:function { print(argevent) }"
66 ktap -e "trace ftrace:function /ip==mutex*/ { print(argevent) }"
68 4. simple syscall tracing
71 print(cpu(), pid(), execname(), argevent)
74 5. syscall tracing in histogram style
78 trace syscalls:sys_enter_* {
88 trace probe:do_sys_open dfd=%di fname=%dx flags=%cx mode=+4($stack) {
89 print("entry:", execname(), argevent)
92 trace probe:do_sys_open%return fd=$retval {
93 print("exit:", execname(), argevent)
98 trace probe:/lib/libc.so.6:malloc {
99 print("entry:", execname(), argevent)
102 trace probe:/lib/libc.so.6:malloc%return {
103 print("exit:", execname(), argevent)
106 8. stapsdt tracing (userspace static marker)
108 trace sdt:/lib64/libc.so.6:lll_futex_wake {
109 print("lll_futex_wake", execname(), argevent)
114 #trace all static mark in libc
115 trace sdt:/lib64/libc.so.6:* {
116 print(execname(), argevent)
122 printf("time fired on one cpu\n");
126 printf("time fired on every cpu\n");
129 10. FFI (Call kernel function from ktap script, need compile with FFI=1)
132 int printk(char *fmt, ...);
135 C.printk("This message is called from ktap ffi\n")
137 More examples can be found at [samples][samples_dir] directory.
139 [samples_dir]: https://github.com/ktap/ktap/tree/master/samples
144 You can subscribe to ktap mailing list at link (subscribe before posting):
145 http://www.freelists.org/list/ktap
148 ## Copyright and License
150 ktap is licensed under GPL v2
152 Copyright (C) 2012-2013, Jovi Zhangwei <jovi.zhangwei@gmail.com>.
158 ktap is still under active development, so contributions are welcome.
159 You are encouraged to report bugs, provide feedback, send feature request,
165 More info can be found at [documentation][tutorial]
166 [tutorial]: http://www.ktap.org/doc/tutorial.html