NAME
perf-probe - Define new dynamic tracepointsSYNOPSIS
perf probe [options] --add=PROBE [...] or perf probe [options] PROBE or perf probe [options] --del=[GROUP:]EVENT [...] or perf probe --list[=[GROUP:]EVENT] or perf probe [options] --line=LINE or perf probe [options] --vars=PROBEPOINT or perf probe [options] --funcs or perf probe [options] --definition=PROBE [...]
DESCRIPTION
This command defines dynamic tracepoint events, by symbol and registers without debuginfo, or by C expressions (C line numbers, C function names, and C local variables) with debuginfo.OPTIONS
-k, --vmlinux=PATHSpecify vmlinux path which has debuginfo
(Dwarf binary). Only when using this with --definition, you can give an
offline vmlinux file.
Specify module name in which perf-probe
searches probe points or lines. If a path of module file is passed, perf-probe
treat it as an offline module (this means you can add a probe on a module
which has not been loaded yet).
Specify path to kernel source.
Be more verbose (show parsed arguments, etc). Can not use with -q.
Do not show any warnings or messages. Can not
use with -v.
Define a probe event (see PROBE SYNTAX for
detail).
Delete probe events. This accepts glob
wildcards( *, ?) and character classes(e.g. [a-z],
[!A-Z]).
List up current probe events. This can also
accept filtering patterns of event names. When this is used with --cache, perf
shows all cached probes instead of the live probes.
Show source code lines which can be probed.
This needs an argument which specifies a range of the source code. (see LINE
SYNTAX for detail)
Show available local variables at given probe
point. The argument syntax is same as PROBE SYNTAX, but NO ARGs.
(Only for --vars) Show external defined
variables in addition to local variables.
(Only for --add) Search only for non-inlined
functions. The functions which do not have instances are ignored.
Show available functions in given module or
kernel. With -x/--exec, can also list functions in a user space executable /
shared library. This also can accept a FILTER rule argument.
Show trace-event definition converted from
given probe-event instead of write it into tracing/[k,u]probe_events.
(Only for --vars and --funcs) Set filter.
FILTER is a combination of glob pattern, see FILTER PATTERN for detail.
Default FILTER is "! k???tab_* & !crc_*" for --vars, and
"!_*" for --funcs. If several filters are specified, only the last
filter is used.
Forcibly add events with existing name.
Dry run. With this option, --add and --del
doesn’t execute actual adding and removal operations.
(With --add) Cache the probes. Any events
which successfully added are also stored in the cache file. (With --list) Show
cached probes. (With --del) Remove cached probes.
Set the maximum number of probe points for an
event. Default is 128.
Specify path to the executable or shared
library file for user space tracing. Can also be used with --funcs
option.
Demangle application symbols. --no-demangle is
also available for disabling demangling.
Demangle kernel symbols. --no-demangle-kernel
is also available for disabling kernel demangling.
PROBE SYNTAX
Probe points are defined by following syntax.1) Define event based on function name [[GROUP:]EVENT=]FUNC[@SRC][:RLN|+OFFS|%return|;PTN] [ARG ...]
2) Define event based on source file with line number [[GROUP:]EVENT=]SRC:ALN [ARG ...]
3) Define event based on source file with lazy pattern [[GROUP:]EVENT=]SRC;PTN [ARG ...]
4) Pre-defined SDT events or cached event with name %[sdt_PROVIDER:]SDTEVENT or, sdt_PROVIDER:SDTEVENT
ESCAPED CHARACTER
In the probe syntax, =, @, +, : and ; are treated as a special character. You can use a backslash ( \) to escape the special characters. This is useful if you need to probe on a specific versioned symbols, like @GLIBC_... suffixes, or also you need to specify a source file which includes the special characters. Note that usually single backslash is consumed by shell, so you might need to pass double backslash (\\) or wrapping with single quotes ('AAA\@BBB'). See EXAMPLES how it is used.PROBE ARGUMENT
Each probe argument follows below syntax.[NAME=]LOCALVAR|$retval|%REG|@SYMBOL[:TYPE][@user]
TYPES
Basic types (u8/u16/u32/u64/s8/s16/s32/s64) and hexadecimal integers (x8/x16/x32/x64) are integer types. Prefix s and u means those types are signed and unsigned respectively, and x means that is shown in hexadecimal format. Traced arguments are shown in decimal (sNN/uNN) or hex (xNN). You can also use s or u to specify only signedness and leave its size auto-detected by perf probe. Moreover, you can use x to explicitly specify to be shown in hexadecimal (the size is also auto-detected). String type is a special type, which fetches a "null-terminated" string from kernel space. This means it will fail and store NULL if the string container has been paged out. You can specify string type only for the local variable or structure member which is an array of or a pointer to char or unsigned char type. Bitfield is another special type, which takes 3 parameters, bit-width, bit-offset, and container-size (usually 32). The syntax is;b<bit-width>@<bit-offset>/<container-size>
LINE SYNTAX
Line range is described by following syntax."FUNC[@SRC][:RLN[+NUM|-RLN2]]|SRC[:ALN[+NUM|-ALN2]]"
LAZY MATCHING
The lazy line matching is similar to glob matching but ignoring spaces in both of pattern and target. So this accepts wildcards( *, ?) and character classes(e.g. [a-z], [!A-Z]).FILTER PATTERN
The filter pattern is a glob matching pattern(s) to filter variables. In addition, you can use "!" for specifying filter-out rule. You also can give several rules combined with "&" or "|", and fold those rules as one rule by using "(" ")".EXAMPLES
Display which lines in schedule() can be probed:./perf probe --line schedule
./perf probe schedule:12 cpu or ./perf probe --add='schedule:12 cpu'
./perf probe schedule* or ./perf probe --add='schedule*'
./perf probe 'schedule;update_rq_clock*' or ./perf probe --add='schedule;update_rq_clock*'
./perf probe --del='schedule*'
./perf probe -x /bin/zsh zfree or ./perf probe /bin/zsh zfree
./perf probe -x /lib/libc.so.6 malloc or ./perf probe /lib/libc.so.6 malloc
./perf probe --target-ns <target pid> -x /lib64/libc.so.6 malloc
./perf probe --target-ns <target pid> -x /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/jre/lib/amd64/server/libjvm.so %sdt_hotspot:thread__sleep__end
./perf probe -x /lib64/libc-2.25.so 'malloc_get_state\@GLIBC_2.2.5'
./perf probe -x /opt/test/a.out 'foo\+bar.c:4'
PERMISSIONS AND SYSCTL
Since perf probe depends on ftrace (tracefs) and kallsyms (/proc/kallsyms), you have to care about the permission and some sysctl knobs.•Since tracefs and kallsyms requires
root or privileged user to access it, the following perf probe commands also
require it; --add, --del, --list (except for --cache option)
•The system admin can remount the
tracefs with 755 (sudo mount -o remount,mode=755 /sys/kernel/tracing/) to
allow unprivileged user to run the perf probe --list command.
•/proc/sys/kernel/kptr_restrict = 2
(restrict all users) also prevents perf probe to retrieve the important
information from kallsyms. You also need to set to 1 (restrict non CAP_SYSLOG
users) for the above commands. Since the user-space probe doesn’t need
to access kallsyms, this is only for probing the kernel function
(kprobes).
•Since the perf probe commands read the
vmlinux (for kernel) and/or the debuginfo file (including user-space
application), you need to ensure that you can read those files.
SEE ALSO
perf-trace(1), perf-record(1), perf-buildid-cache(1)2024-06-21 | perf |