Article on Sun's DTrace

Steven Smith sos22 at cantab.net
Thu Jul 8 02:13:15 PDT 2004 

> - It has no impact on the system when it is not used.  So you can
> 	leave it in all the time, instead of having a debug kernel and
> 	a production kernel.
> 
> 	[I don't know how they achieve the "no impact" but they claim
> 	that they really mean "no", not just "negligible".]
The primary mechanism seems to be modifying the kernel at run time to
insert calls to the probe functions only where necessary.  You have
some magic provider code which crawls over the symbol table looking
for functions, and then changes the prolog from

push %ebp
mov %esp, %ebp
...

or whatever into

call probe_function
...

with probe_function then emulating the first few instructions of the
annotated function before returning, to make up for having clobbered
them when installing the probe.  They give up on functions that don't
have a frame pointer; one of the papers claimed this was less than 5%
in the Solaris kernel on x86.

Obviously, when the probe isn't active, you just have the normal
function prolog, so the cost per-probe is zero.  You still use up
memory and other resources keeping all of the infrastructure loaded,
though, so it isn't quite true to say that the cost is zero.

It's also possible to put probes on the return instruction of the
function.  I'm not sure how they're actually finding that, though.

There's also some dynamic linker jiggery pokery to allow kernel
developers to put in explicit, static calls to probe functions in
interesting places, and then have those changed into nops when the
probe is not in use.  These probes do have some per-probe cost, but
it's very small.

One of the really cool properties of the implemented system is that
probes can be inserted almost anywhere, including in interrupt
handlers or the middle of the scheduler.  Arranging this was probably
quite a large part of the design work. :)

> It looks very nice.  I wish I'd had it during my forays into the
> FreeBSD kernel.  Is it hopelessly solaris-specific?
I don't know anything about the implementation, but none of the
publically-documented bits that I've seen would be unimplementable
under FreeBSD.  It'd just be time consuming.

Steven.
-- 
One day, I'm going to get an Alice-bot to answer all my email for me,
and see how long it takes people to notice.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20040708/3b218cf3/attachment.bin

More information about the freebsd-hackers mailing list