Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 4. Probe points

4.1. General syntax

The general probe point syntax is a dotted-symbol sequence. This divides the event namespace into parts, analogous to the style of the Domain Name System. Each component identifier is parameterized by a string or number literal, with a syntax analogous to a function call.
The following are all syntactically valid probe points.
kernel.function("foo")
kernel.function("foo").return
module{"ext3"}.function("ext3_*")
kernel.function("no_such_function") ?
syscall.*
end
timer.ms(5000)
Probes may be broadly classified into synchronous or asynchronous. A synchronous event occurs when any processor executes an instruction matched by the specification. This gives these probes a reference point (instruction address) from which more contextual data may be available. Other families of probe points refer to asynchronous events such as timers, where no fixed reference point is related. Each probe point specification may match multiple locations, such as by using wildcards or aliases, and all are probed. A probe declaration may contain several specifications separated by commas, which are all probed.

4.1.1. Prefixes

Prefixes specify the probe target, such as kernel, module, timer, and so on.

4.1.2. Suffixes

Suffixes further qualify the point to probe, such as .return for the exit point of a probed function. The absence of a suffix implies the function entry point.

4.1.3. Wildcarded file names, function names

A component may include an asterisk (*) character, which expands to other matching probe points. An example follows.
kernel.syscall.*
kernel.function("sys_*)

4.1.4. Optional probe points

A probe point may be followed by a question mark (?) character, to indicate that it is optional, and that no error should result if it fails to expand. This effect passes down through all levels of alias or wildcard expansion.
The following is the general syntax.
kernel.function("no_such_function") ?