-
Notifications
You must be signed in to change notification settings - Fork 2
Home
XProbes is a framework for static user space probes. It serves the same purposes as DTrace, SystemTap and LTTng, but focuses solely on user space applications, and provides efficient probing with natural data access for them.
Static probe is actually a pair of concepts: static probe site (or simply probe site), and probe action (or simply probe).
Probe site is a special construct in the source code that describes a place where probe action may be executed, and what data will be available to that action. It is called static because you have to compile probe site into your application binary, and can’t change its definition after that.
Probe action is a piece of code that may be attached to a probe site. Whenever probe site is hit, attached probe action is executed on the arguments provided by that site. You can attach different actions to a given site at different times, or none at all, and you can do this without stopping the running process. When no action is attached to a site, it imposes zero or very little overhead.
In other words, sites are static in a sense that you can’t change (without recompiling the application) where (code-wise) the action will take place, nor the argument list that will be provided to it. However probes are dynamic in a sense that you can change what action will be performed at a given site, without even restarting the application.
| DTrace | SystemTap | LTTng | XProbes | |
| detached site | no-op (zero overhead) | no-op (zero overhead) | few instructions | few instructions |
| attached site | trap instruction (slow) | trap instruction or system call (slow) | shared library call (fast) | shared library call (fast) |
| probe language | interpreted script (yet another language to learn, inflexible, slow) | script translated to native code, loaded into kernel (yet another language to learn, inflexible) | fixed action (logging) | same as application (C/C++) |
| data access | limited type support via casts | limited type support via casts | n/a | native access to application types (type-safe) and methods (type-safe when probe is linked with application libraries) |
| can call back application code? | no | no | n/a | yes |
XProbes is written in C, and contains no architecture-dependent code. However it heavily relies on extensions provided by GNU C compiler. It requires GCC version 4.1 or higher, GNU assembler and GNU linker (or compatible tools) to build, not only XProbes itself, but also the applications that use it, and any probe modules for them. Some of the symbol attributes that XProbes uses require ELF object file format. On the other hand, it doesn’t require GNU C library.
In other words, XProbes is expected to work on any modern distribution of Linux, *BSD, Mac OS X, Solaris, and any other ELF system with installed GCC suite.
For now, README file contains a complete step-by-step use example. Start with it.