39

在 OSX 10.11.1 上运行 iosnoop 命令时,出现以下文本错误:

dtrace: invalid probe specifier
 /*
  * Command line arguments
  */
 inline int OPT_dump    = 0;
 inline int OPT_device  = 0;
 inline int OPT_delta   = 0;
 inline int OPT_devname = 0;
 inline int OPT_file    = 0;
 inline int OPT_args    = 0;
 inline int OPT_ins     = 0;
 inline int OPT_nums    = 0;
 inline int OPT_dtime   = 0;
 inline int OPT_mount   = 0;
 inline int OPT_start   = 0;
 inline int OPT_pid     = 0;
 inline int OPT_name    = 0;
 inline int OPT_end     = 0;
 inline int OPT_endstr  = 0;
 inline int FILTER  = 0;
 inline int PID     = 0;
 inline string DEVICE   = ".";
 inline string FILENAME = ".";
 inline string MOUNT    = ".";
 inline string NAME     = ".";

 #pragma D option quiet
 #pragma D option switchrate=10hz

 /*
  * Print header
  */
 dtrace:::BEGIN
 {
    last_event[""] = 0;

    /* print optional headers */
    OPT_start   ? printf("%-14s ","STIME")   : 1;
    OPT_end     ? printf("%-14s ","TIME")    : 1;
    OPT_endstr  ? printf("%-20s ","STRTIME") : 1;
    OPT_devname ? printf("%-7s ","DEVICE")   : 1;
    OPT_ins     ? printf("%-3s ","INS")      : 1;
    OPT_nums    ? printf("%-3s %-3s ","MAJ","MIN") : 1;
    OPT_delta   ? printf("%-10s ","DELTA")   : 1;
    OPT_dtime   ? printf("%-10s ","DTIME")   : 1;

    /* print main headers */
    OPT_dump ?
        printf("%s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s\n",
        "TIME", "STIME", "DELTA", "DEVICE", "INS", "MAJ", "MIN", "UID",
        "PID", "PPID", "D", "BLOCK", "SIZE", "MOUNT", "FILE", "PATH",
        "COMM","ARGS") :
        printf("%5s %5s %1s %8s %6s ", "UID", "PID", "D", "BLOCK", "SIZE");
    OPT_args == 0 ? printf("%10s %s\n", "COMM", "PATHNAME") : 1;
    OPT_args == 1 ? printf("%28s %s\n", "PATHNAME", "ARGS") : 1;
 }

 /*
  * Check event is being traced
  */
 io:::start
 {
    /* default is to trace unless filtering, */
    self->ok = FILTER ? 0 : 1;

    /* check each filter, */
    (OPT_device == 1 && DEVICE == args[1]->dev_statname)? self->ok = 1 : 1;
    (OPT_file == 1 && FILENAME == args[2]->fi_pathname) ? self->ok = 1 : 1;
    (OPT_mount == 1 && MOUNT == args[2]->fi_mount) ? self->ok = 1 : 1;
    (OPT_name == 1 && NAME == strstr(NAME, execname)) ? self->ok = 1 : 1;
    (OPT_name == 1 && execname == strstr(execname, NAME)) ? self->ok = 1 : 1;
    (OPT_pid == 1 && PID == pid) ? self->ok = 1 : 1;
 }

 /*
  * Reset last_event for disk idle -> start
  * this prevents idle time being counted as disk time.
  */
 io:::start
 /! pending[args[1]->dev_statname]/
 {
    /* save last disk event */
    last_event[args[1]->dev_statname] = timestamp;
 }

 /*
  * Store entry details
  */
 io:::start
 /self->ok/
 {
    /* these are used as a unique disk event key, */
    this->dev = args[0]->b_edev;
    this->blk = args[0]->b_blkno;

    /* save disk event details, */
    start_uid[this->dev, this->blk] = (int)uid;
    start_pid[this->dev, this->blk] = pid;
    start_ppid[this->dev, this->blk] = ppid;
    start_args[this->dev, this->blk] = (char *)curpsinfo->pr_psargs;
    start_comm[this->dev, this->blk] = execname;
    start_time[this->dev, this->blk] = timestamp;

    /* increase disk event pending count */
    pending[args[1]->dev_statname]++;

    self->ok = 0;
 }

 /*
  * Process and Print completion
  */
 io:::done
 /start_time[args[0]->b_edev, args[0]->b_blkno]/
 {
    /* decrease disk event pending count */
    pending[args[1]->dev_statname]--;

    /*
     * Process details
     */

    /* fetch entry values */
    this->dev = args[0]->b_edev;
    this->blk = args[0]->b_blkno;
    this->suid = start_uid[this->dev, this->blk];
    this->spid = start_pid[this->dev, this->blk];
    this->sppid = start_ppid[this->dev, this->blk];
    self->sargs = (int)start_args[this->dev, this->blk] == 0 ?
        "" : start_args[this->dev, this->blk];
    self->scomm = start_comm[this->dev, this->blk];
    this->stime = start_time[this->dev, this->blk];
    this->etime = timestamp; /* endtime */
    this->delta = this->etime - this->stime;
    this->dtime = last_event[args[1]->dev_statname] == 0 ? 0 :
        timestamp - last_event[args[1]->dev_statname];

    /* memory cleanup */
    start_uid[this->dev, this->blk]  = 0;
    start_pid[this->dev, this->blk]  = 0;
    start_ppid[this->dev, this->blk] = 0;
    start_args[this->dev, this->blk] = 0;
    start_time[this->dev, this->blk] = 0;
    start_comm[this->dev, this->blk] = 0;
    start_rw[this->dev, this->blk]   = 0;

    /*
     * Print details
     */

    /* print optional fields */
    OPT_start   ? printf("%-14d ", this->stime/1000) : 1;
    OPT_end     ? printf("%-14d ", this->etime/1000) : 1;
    OPT_endstr  ? printf("%-20Y ", walltimestamp) : 1;
    OPT_devname ? printf("%-7s ", args[1]->dev_statname) : 1;
    OPT_ins     ? printf("%3d ", args[1]->dev_instance) : 1;
    OPT_nums    ? printf("%3d %3d ",
        args[1]->dev_major, args[1]->dev_minor) : 1;
    OPT_delta   ? printf("%-10d ", this->delta/1000) : 1;
    OPT_dtime   ? printf("%-10d ", this->dtime/1000) : 1;

    /* print main fields */
    OPT_dump ?
        printf("%d %d %d %s %d %d %d %d %d %d %s %d %d %s %s %s %s %S\n",
        this->etime/1000, this->stime/1000, this->delta/1000,
        args[1]->dev_statname, args[1]->dev_instance, args[1]->dev_major,
        args[1]->dev_minor, this->suid, this->spid, this->sppid,
        args[0]->b_flags & B_READ ? "R" : "W",
        args[0]->b_blkno, args[0]->b_bcount, args[2]->fi_mount,
        args[2]->fi_name, args[2]->fi_pathname, self->scomm, self->sargs) :
        printf("%5d %5d %1s %8d %6d ",
        this->suid, this->spid, args[0]->b_flags & B_READ ? "R" : "W",
        args[0]->b_blkno, args[0]->b_bcount);
    OPT_args == 0 ? printf("%10s %s\n", self->scomm, args[2]->fi_pathname)
        : 1;
    OPT_args == 1 ? printf("%28s %S\n",
        args[2]->fi_pathname, self->sargs) : 1;

    /* save last disk event */
    last_event[args[1]->dev_statname] = timestamp;

    /* cleanup */
    self->scomm = 0;
    self->sargs = 0;
 }

 /*
  * Prevent pending from underflowing
  * this can happen if this program is started during disk events.
  */
 io:::done
 /pending[args[1]->dev_statname] < 0/
 {
    pending[args[1]->dev_statname] = 0;
 }
: probe description io:::start does not match any probes

在运行相同版本 OSX 的两台机器上测试并得到相同的错误。还在 10.10 上进行了测试,它可以正常工作。

4

2 回答 2

45

iosnoop 依赖于 dtrace 子系统。来自:http: //jimtechstuff.blogspot.com/2015/10/dtrace-broken-under-el-capitan.html


Dtrace 在 El Capitan 下被破坏

我在调试中经常使用的工具之一是“dtrace”以及使用它的各种实用程序。例如 open snoop、iotop 和一些我自己写的。

使用 El Capitan 的 GA,驻留在系统目录中的任何实用程序都无法被 dtrace 跟踪,这有点问题。我想看看照片应用程序正在使用什么开放系统调用并遇到了这个问题。

我知道我可以使用其他一些 Mac 实用程序(fs_usage、sc_usage 等),但我在这里展示了我的 Solaris 根,我仍然想使用 dtrace。

幸运的是,似乎有一种启用 dtrace 的方法:

Reboot the mac
Hold ⌘R during reboot
From the Utilities menu, run Terminal
Enter the following command
csrutil enable --without dtrace

请注意,这样做时我收到以下警告:

这是不受支持的配置,将来可能会中断并使您的机器处于未知状态。

我现在就忍受它。


(我只想对 Ara Yeressian 的大部分正确答案添加评论,但 stackoverflow 不会让我以我目前的低声誉)

于 2016-01-05T16:03:40.967 回答
15

这里找到解决方案。

事实证明,osx elcapitan 中的 root 用户没有对计算机的完全访问权限。要更改此行为,您需要重新启动计算机并在启动时按住command+R以进入恢复模式。从顶部打开终端menu->utility->terminal并执行下一个命令

csrutil disable 

然后重新启动计算机。现在您应该可以使用 iosnoop、iotop 和类似的 dtrace 相关命令了。

于 2015-11-19T12:26:11.577 回答