1

我有一个简单的 ST 脚本,它计算每个文件的进程 io 大小:

global fds, counts

probe syscall.open.return {
        if ( ( pid() == target() ) & ( $return != -1 ) ) {
                printf("%s opened as %d\n", user_string($filename), $return)
                fds[$return] = user_string($filename)
        }
}

probe syscall.read.return, syscall.write.return {
        if ( (pid() == target()) & ($return > 0) ) {
                counts[fds[$fd]] += $return
        }
}

probe end {
        foreach (fname in counts+) {
                count = counts[fname]
                if ( count > 1024) {
                        count = count / 1024
                        bs = "Kb"
                } else {
                        bs = "B"
                }
                printf("%s: %d %s\n", fname, count, bs)
        }
}

当我跑步时,stap test.stp -c 'cat test.stp'我得到:

global fds, counts

probe syscall.open.return {
    if ( ( pid() == target() ) & ( $return != -1 ) ) {
        printf("%s opened as %d\n", user_string($filename), $return)
        fds[$return] = user_string($filename)
    }
}

probe syscall.read.return, syscall.write.return {
    if ( (pid() == target()) & ($return > 0) ) {
        counts[fds[$fd]] += $return
    }
}

probe end {
    foreach (fname in counts+) {
        count = counts[fname]
        if ( count > 1024) {
            count = count / 1024
            bs = "Kb"
        } else {
            bs = "B"
        }
        printf("%s: %d %s\n", fname, count, bs)
    }
}
/etc/ld.so.cache opened as 3
/lib64/libc.so.6 opened as 3
/usr/lib/locale/locale-archive opened as 3
test.stp opened as 3
test.stp: 541 B
: 541 B
/lib64/libc.so.6: 832 B

这几乎是正确的。但是当我执行时,stap test.stp -c 'cat test.stp > /dev/null'我得到了一些奇怪的东西:

/etc/ld.so.cache opened as 3
/lib64/libtinfo.so.5 opened as 3
/lib64/libdl.so.2 opened as 3
/lib64/libc.so.6 opened as 3
/dev/tty opened as 3
/usr/lib/locale/locale-archive opened as 3
/proc/meminfo opened as 3
/usr/lib64/gconv/gconv-modules.cache opened as 3
/lib64/libtinfo.so.5: 832 B
/lib64/libdl.so.2: 832 B
/lib64/libc.so.6: 832 B
/proc/meminfo: 1024 B

为什么我 test.stp opened as 3在第二种情况下看不到?

我用 strace 做了一些测试:

1)strace -e open -o trace cat test.stp

open("/home/al/lib/tls/x86_64/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/al/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/al/lib/x86_64/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/al/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("test.stp", O_RDONLY)              = 3
+++ exited with 0 +++

2)strace -e open -o trace cat test.stp > /dev/null

open("/home/al/lib/tls/x86_64/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/al/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/al/lib/x86_64/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/home/al/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("test.stp", O_RDONLY)              = 3
+++ exited with 0 +++

没有区别。

4

1 回答 1

1

这是因为cat test.stp > /dev/null需要运行 shell(bash)(注意输出重定向用>),所以 bash 进程(不是 cat)的 PI​​D 将被识别为target().

您可以检查是否pid()是孩子target()。在 DTrace 中调用了一个动作progenyof()来确定当前任务是否是预定义任务的子任务pid()。SystemTap 中没有类似物,但您可以像这样轻松地复制它:

function progenyof(pid:long) {
    parent = task_parent(task_current());
    task = pid2task(pid);

    while(parent && task_pid(parent) > 0) {
        if(task == parent)
            return 1;

        parent = task_parent(parent);
    }
}
于 2015-02-25T20:45:36.287 回答