http://www.cnblogs.com/hdflzh/archive/2012/07/25/2608910.html
$ cd $HOME
$ sudo apt-get install dpkg-dev debhelper gawk
apt-get install ncurses-dev
$ mkdir tmp
$ cd tmp
$ sudo apt-get build-dep --no-install-recommends linux-image-$(uname -r)
$ apt-get source linux-image-$(uname -r)
$ cd linux-2.6.31 (this is currently the kernel version of 9.10)
$ fakeroot debian/rules clean
$ AUTOBUILD=1 fakeroot debian/rules binary-generic skipdbg=false
$ sudo dpkg -i ../linux-image-debug-2.6.31-19-generic_2.6.31-19.56_amd64.ddeb
http://sourceware.org/systemtap/wiki/SystemtapOnUbuntu
/usr/share/systemtap/runtime/transport/relay_v2.c:241:2: error: initialization from incompatible pointer type [-Werror]
/usr/share/systemtap/runtime/transport/relay_v2.c:241:2: error: (near initialization for ?._stp_relay_callbacks.create_buf_file?. [-Werror]
In file included from /usr/share/systemtap/runtime/print.c:18:0,
from /usr/share/systemtap/runtime/runtime.h:128,
from /tmp/stapXuHMle/stap_f534cd5578062befad3b2b49cf30135c_2471.c:59:
/usr/share/systemtap/runtime/transport/transport.c: In function ?.stp_get_root_dir?.
/usr/share/systemtap/runtime/transport/transport.c:386:8: error: ?.truct hlist_head?.has no member named ?.ext?
In file included from /tmp/stapXuHMle/stap_f534cd5578062befad3b2b49cf30135c_2471.c:61:0:
/usr/share/systemtap/runtime/stat.c: In function ?.stp_stat_get?.
/usr/share/systemtap/runtime/stat.c:213:2: error: ?.pu_possible_map?.undeclared (first use in this function)
/usr/share/systemtap/runtime/stat.c:213:2: note: each undeclared identifier is reported only once for each function it appears in
/usr/share/systemtap/runtime/stat.c: In function ?.stp_stat_clear?.
/usr/share/systemtap/runtime/stat.c:248:2: error: ?.pu_possible_map?.undeclared (first use in this function)
cc1: all warnings being treated as errors
http://blog.sina.com.cn/s/blog_820c67660101cgke.html
stap -e 'probe kernel.function("vfs_read") { printf("%s \n", $$vars)}' -vv
Systemtap最初是用于内核态的探针的,但是基于用户态的探针能定位解决用户的程序问题。Systemtap0.6能往用户态的进程中放入探针。SystemTap能支持在用户态的进程中的某个方法的入口和出口的地方放入探针。
用户态Systemtap的探针要求安装utrace内核扩展。utrace的介绍在:
http://sourceware.org/systemtap/wiki/utrace
使用命令来判断当前系统是否安装了utrace
grep CONFIG_UTRACE /boot/config-`uname -r`
如果支持用户态探针,会输出:
CONFIG_UTRACE=y
用户态Systemtap也需要uprobes内核模块。如果没有安装的话,你在运行需要uprobes模块的时候会出现下面的问题:
用户态事件以process开始,有下面几种形式
PATH是可执行程序的路径
process("PATH").function("function")
process("PATH").statement("statement")
process("PATH").mark("marker")
process.begin
process.thread.begin
process.end
process.thread.end
process.syscall