arg offset

Question

arg offset

brendangregg opened this issue 11 years ago · comments

Currently, the arg0..N variable is offset by +2 to where I'd expect it would be. I don't know if this is intentional or not. This ticket is to either:

A) confirm and document the current state. Eg, in the ktap Tutorial.

or,

B) change the offset to remove the +2.

If either are done, I'll I know I can rely on the interface. I don't know right now if my scripts will break in a future ktap update, if the +2 is removed, as the documentation does not say that this is intentional. (Although, it is used this way in the example scripts, so maybe this is intentional).

Here's a demo of the current functionality (this could be added to the ktap Tutorial, if this was intentional):

read() by file descriptor (arg2):

# ktap -e 's = {}; trace syscalls:sys_enter_read { s[arg2] += 1 } trace_end { print("FD:"); histogram(s); }'
^C
FD:
                          value ------------- Distribution ------------- count
                               5 |@@@@@@@@@@@@@@@@@@@@@                  43     
                               4 |@@@@@@@@@@                             21     
                               3 |@@@@@                                  10     
                               9 |@                                      2      
                               0 |                                       1

read() by requested bytes (arg4):

# ktap -e 's = {}; trace syscalls:sys_enter_read { s[arg4] += 1 } trace_end { print("bytes requested:"); histogram(s); }'
^C
bytes requested:
                          value ------------- Distribution ------------- count
                              16 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@        41     
                           16384 |@@@@                                   6      
                               1 |@                                      2      
                          131072 |                                       1

Jovi Zhangwei · Answer 1 · Tue Nov 26 2013 21:38:25 GMT+0800 (China Standard Time)

Hi Brendand,

Actually the arg offset(1..9) is determined by event format shown in debugfs, for example:

#cat /sys/kernel/debug/tracing/events/sched/sched_switch/format
name: sched_switch
ID: 268
format:
     field:char prev_comm[32];         <- arg1
     field:pid_t prev_pid;                   <- arg2
     field:int prev_prio;                     <- arg3
     field:long prev_state;                <- arg4
     field:char next_comm[32];         <- arg5
     field:pid_t next_pid;                  <- arg6
     field:int next_prio;                     <- arg7

There have some special for syscall event, because arg1 of syscall event is syscall number,
so the normal function argument of syscall event is indexed from arg2. kprobe and uprobe
event is similar, the arg1 value is _probe_ip, for example:

# ktap -e 'trace probe:/lib64/libc.so.6:malloc size=%di'

# cat /sys/kernel/debug/tracing/events/ktap_uprobes_3796/malloc/format
     field:unsigned long __probe_ip;   <- arg1
     field:u64 size;                           <- arg2

I already document this in tutorial now, this arg offset rule would be stable because ktap
is based on event debugfs format heavily in design, the arg offset have to align between
in tracepoint, kprobe and uprobe.

Thank you.

Jovi

Brendan Gregg · Answer 2 · Fri Jan 10 2014 06:21:05 GMT+0800 (China Standard Time)

Thanks, the docs now make it clear!