3.2.2. SystemTap Handler/Body

Consider the following sample script:

Example 3.4. helloworld.stp

probe begin{ printf ("hello world\n") exit ()}
In Example 3.4, “helloworld.stp”, the event begin(that is, the start of the session) triggers the handler enclosed in{ }, which simply prints hello world followed by a new-line, then exits.

Note

SystemTap scripts continue to run until theexit() function executes. If the users wants to stop the execution of the script, it can interrupted manually withCtrl+C.
printf ( ) Statements
The printf () statement is one of the simplest functions for printing data. printf () can also be used to display data using a wide variety of SystemTap functions in the following format:
printf ("format string\n", arguments)
The format string specifies howarguments should be printed. The format string of Example 3.4, “helloworld.stp” instructs SystemTap to printhello world, and contains no format specifiers.
You can use the format specifiers %s (for strings) and %d (for numbers) in format strings, depending on your list of arguments. Format strings can have multiple format specifiers, each matching a corresponding argument; multiple arguments are delimited by a comma (,).

Note

Semantically, the SystemTap printf function is very similar to its C language counterpart. The aforementioned syntax and format for SystemTap's printf function is identical to that of the C-style printf.
To illustrate this, consider the following probe example:

Example 3.5. variables-in-printf-statements.stp

probe syscall.open{ printf ("%s(%d) open\n", execname(), pid())}
Example 3.5, “variables-in-printf-statements.stp” instructs SystemTap to probe all entries to the system call open; for each event, it prints the current execname() (a string with the executable name) andpid() (the current process ID number), followed by the wordopen. A snippet of this probe's output would look like:
vmware-guestd(2206) openhald(2360) openhald(2360) openhald(2360) opendf(3433) opendf(3433) opendf(3433) openhald(2360) open
SystemTap Functions
SystemTap supports a wide variety of functions that can be used asprintf () arguments. Example 3.5, “variables-in-printf-statements.stp”uses the SystemTap functions execname() (name of the process that called a kernel function/performed a system call) andpid() (current process ID).
The following is a list of commonly-used SystemTap functions:
tid()
The ID of the current thread.
uid()
The ID of the current user.
cpu()
The current CPU number.
gettimeofday_s()
The number of seconds since UNIX epoch (January 1, 1970).
ctime()
Convert number of seconds since UNIX epoch to date.
pp()
A string describing the probe point currently being handled.
thread_indent()
This particular function is quite useful in providing you with a way to better organize your print results. The function takes one argument, an indentation delta, which indicates how many spaces to add or remove from a thread's "indentation counter". It then returns a string with some generic trace data along with an appropriate number of indentation spaces.
The generic data included in the returned string includes a timestamp (number of microseconds since the first call to thread_indent() by the thread), a process name, and the thread ID. This allows you to identify what functions were called, who called them, and the duration of each function call.
If call entries and exits immediately precede each other, it is easy to match them. However, in most cases, after a first function call entry is made several other call entries and exits may be made before the first call exits. The indentation counter helps you match an entry with its corresponding exit by indenting the next function call if it is not the exit of the previous one.
Consider the following example on the use of thread_indent():

Example 3.6. thread_indent.stp

probe kernel.function("*@net/socket.c").call{ printf ("%s -> %s\n", thread_indent(1), probefunc())}probe kernel.function("*@net/socket.c").return{ printf ("%s <- %s\n", thread_indent(-1), probefunc())}
Example 3.6, “thread_indent.stp” prints out the thread_indent() and probe functions at each event in the following format:
0 ftp(7223): -> sys_socketcall1159 ftp(7223): -> sys_socket2173 ftp(7223): -> __sock_create2286 ftp(7223): -> sock_alloc_inode2737 ftp(7223): <- sock_alloc_inode3349 ftp(7223): -> sock_alloc3389 ftp(7223): <- sock_alloc3417 ftp(7223): <- __sock_create4117 ftp(7223): -> sock_create4160 ftp(7223): <- sock_create4301 ftp(7223): -> sock_map_fd4644 ftp(7223): -> sock_map_file4699 ftp(7223): <- sock_map_file4715 ftp(7223): <- sock_map_fd4732 ftp(7223): <- sys_socket4775 ftp(7223): <- sys_socketcall
This sample output contains the following information:
  • The time (in microseconds) since the initial thread_indent() call for the thread (included in the string from thread_indent()).
  • The process name (and its corresponding ID) that made the function call (included in the string from thread_indent()).
  • An arrow signifying whether the call was an entry (<-) or an exit (->); the indentations help you match specific function call entries with their corresponding exits.
  • The name of the function called by the process.
name
Identifies the name of a specific system call. This variable can only be used in probes that use the event syscall.system_call.
target()
Used in conjunction with stap script -x process ID or stap script -c command. If you want to specify a script to take an argument of a process ID or command, use target() as the variable in the script to refer to it. For example:

Example 3.7. targetexample.stp

probe syscall.* { if (pid() == target()) printf("%s\n", name)}
When Example 3.7, “targetexample.stp” is run with the argument -x process ID, it watches all system calls (as specified by the event syscall.*) and prints out the name of all system calls made by the specified process.
This has the same effect as specifying if (pid() == process ID) each time you wish to target a specific process. However, using target() makes it easier for you to re-use the script, giving you the ability to pass a process ID as an argument each time you wish to run the script (that is, stap targetexample.stp -x process ID).
For more information about supported SystemTap functions, refer toman stapfuncs.