Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 3. Components of a SystemTap script

The main construct in the scripting language identifies probes. Probes associate abstract events with a statement block, or probe handler, that is to be executed when any of those events occur.
The following example shows how to trace entry and exit from a function using two probes. 
probe kernel.function("sys_mkdir") { log ("enter") }
probe kernel.function("sys_mkdir").return { log ("exit") }
To list the probe-able functions in the kernel, use the last-pass option to the translator. The output needs to be filtered because each inlined function instance is listed separately. The following statement is an example. 
# stap -p2 -e 'probe kernel.function("*") {}' | sort | uniq

3.1. Probe definitions

The general syntax is as follows. 
probe PROBEPOINT [, PROBEPOINT] { [STMT ...] }
Events are specified in a special syntax called probe points. There are several varieties of probe points defined by the translator, and tapset scripts may define others using aliases. The provided probe points are listed in the stapprobes(5) man pages.
The probe handler is interpreted relative to the context of each event. For events associated with kernel code, this context may include variables defined in the source code at that location. These target variables are presented to the script as variables whose names are prefixed with a dollar sign ($). They may be accessed only if the compiler used to compile the kernel preserved them, despite optimization. This is the same constraint imposed by a debugger when working with optimized code. Other events may have very little context.