This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: How do uprobes work?

From: Rayson Ho <raysonlogin at gmail dot com>
To: systemtap at sourceware dot org
Date: Thu, 26 May 2016 10:23:59 -0400
Subject: Re: How do uprobes work?
Authentication-results: sourceware.org; auth=none
References: <CAKuwthhAKDkQZPsEsefoMtULZJMUpFeKX5LxKNAhW2-WxUAh7Q at mail dot gmail dot com>

If you are referring to the "Basic User-Space Instrumentation" in the
wiki, then read the code in sdt.h, which was written by Roland
McGrath.

In there, you can find the C compiler macro called "_SDT_ASM_BODY",
which is what a DTRACE_PROBE would get transformed into after all the
macro expansion.

I would say most of the magic is in that macro, which besides adding a
nop instruction, it also pushes the address into special sections in
the ELF file.

More on the internals of the internals in:
https://sourceware.org/systemtap/wiki/UserSpaceProbeImplementation

Rayson

==================================================
Open Grid Scheduler - The Official Open Source Grid Engine
http://gridscheduler.sourceforge.net/
http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html


On Thu, May 26, 2016 at 4:44 AM, Evan Klitzke <evan@eklitzke.org> wrote:
> Hi,
>
> I'm interested in learning more about how uprobes work with systemtap.
> I read the wiki page about userspace probes which covers how to add
> markers to a userspace application, and which mentions that the probes
> expand to a single nop instruction. How does systemtap then actually
> probe the process? If I had to guess I'd speculate that similar to a
> GDB breakpoint, the nop for a probed process is replaced with a trap
> instruction, and then the kernel knows that a trap generated at that
> address is intended for systemtap; but I don't really know, and I'm
> interested to learn more.
>
> Another related question: when I run a systemtap script to trace a
> userspace process, what functionality exactly is running in the kernel
> and what is running in userspace? I found the uprobetracer.txt
> document in the kernel and it looks like the uprobe events can be
> controlled and written via sysfs files. Is it accurate that systemtap
> scripts work by implementing most of the logic (e.g. maintaining hash
> tables, counters, and so forth) in a userspace process which gets it
> data from reading sysfs files?
>
> Cheers,
> Evan

References:
- How do uprobes work?
  - From: Evan Klitzke

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]