1STAP(1) General Commands Manual STAP(1)
2
3
4
6 stap - systemtap script translator/driver
7
8
9
11 stap [ OPTIONS ] FILENAME [ ARGUMENTS ]
12 stap [ OPTIONS ] - [ ARGUMENTS ]
13 stap [ OPTIONS ] -e SCRIPT [ ARGUMENTS ]
14 stap [ OPTIONS ] -l PROBE [ ARGUMENTS ]
15 stap [ OPTIONS ] -L PROBE [ ARGUMENTS ]
16 stap [ OPTIONS ] --dump-probe-types
17 stap [ OPTIONS ] --dump-probe-aliases
18 stap [ OPTIONS ] --dump-functions
19
20
22 The stap program is the front-end to the Systemtap tool. It accepts
23 probing instructions written in a simple domain-specific language,
24 translates those instructions into C code, compiles this C code, and
25 loads the resulting module into a running Linux kernel or a DynInst
26 user-space mutator, to perform the requested system trace/probe func‐
27 tions. You can supply the script in a named file (FILENAME), from
28 standard input (use - instead of FILENAME), or from the command line
29 (using -e SCRIPT). The program runs until it is interrupted by the
30 user, or if the script voluntarily invokes the exit() function, or by
31 sufficient number of soft errors.
32
33 The language, which is described the SCRIPT LANGUAGE section below, is
34 strictly typed, expressive, declaration free, procedural, prototyping-
35 friendly, and inspired by awk and C. It allows source code points or
36 events in the system to be associated with handlers, which are subrou‐
37 tines that are executed synchronously. It is somewhat similar concep‐
38 tually to "breakpoint command lists" in the gdb debugger.
39
40
42 The systemtap translator supports the following options. Any other
43 option prints a list of supported options. Options may be given on the
44 command line, as usual. If the file $SYSTEMTAP_DIR/rc exist, options
45 are also loaded from there and interpreted first. ($SYSTEMTAP_DIR
46 defaults to $HOME/.systemtap if unset.)
47
48 - Use standard input instead of a given FILENAME as probe language
49 input, unless -e SCRIPT is given.
50
51 -h --help
52 Show help message.
53
54 -V --version
55 Show version message.
56
57 -p NUM Stop after pass NUM. The passes are numbered 1-5: parse, elabo‐
58 rate, translate, compile, run. See the PROCESSING section for
59 details.
60
61 -v Increase verbosity for all passes. Produce a larger volume of
62 informative (?) output each time option repeated.
63
64 --vp ABCDE
65 Increase verbosity on a per-pass basis. For example, "--vp 002"
66 adds 2 units of verbosity to pass 3 only. The combination
67 "-v --vp 00004" adds 1 unit of verbosity for all passes, and 4
68 more for pass 5.
69
70 -k Keep the temporary directory after all processing. This may be
71 useful in order to examine the generated C code, or to reuse the
72 compiled kernel object.
73
74 -g Guru mode. Enable parsing of unsafe expert-level constructs
75 like embedded C.
76
77 -P Prologue-searching mode. This is equivalent to --pro‐
78 logue-searching=always. Activate heuristics to work around
79 incorrect debugging information for function parameter $context
80 variables.
81
82 -u Unoptimized mode. Disable unused code elision and many other
83 optimizations during elaboration / translation.
84
85 -w Suppressed warnings mode. Disables all warning messages.
86
87 -W Treat all warnings as errors.
88
89 -b Use bulk mode (percpu files) for kernel-to-user data transfer.
90 Use the stap-merge program to multiplex them back together
91 later.
92
93 -t Collect timing information on the number of times probe executes
94 and average amount of time spent in each probe-point. Also shows
95 the derivation for each probe-point.
96
97 -sNUM Use NUM megabyte buffers for kernel-to-user data transfer. On a
98 multiprocessor in bulk mode, this is a per-processor amount.
99
100 -I DIR Add the given directory to the tapset search directory. See the
101 description of pass 2 for details.
102
103 -D NAME=VALUE
104 Add the given C preprocessor directive to the module Makefile.
105 These can be used to override limit parameters described below.
106
107 -B NAME=VALUE
108 Add the given make directive to the kernel module build's make
109 invocation. These can be used to add or override kconfig
110 options.
111
112 -a ARCH
113 Use a cross-compilation mode for the given target architecture.
114 This requires access to the cross-compiler and the kernel build
115 tree, and goes along with the -B CROSS_COMPILE=arch-tool-prefix-
116 and -r /build/tree options.
117
118 --modinfo NAME=VALUE
119 Add the name/value pair as a MODULE_INFO macro call to the gen‐
120 erated module. This may be useful to inform or override various
121 module-related checks in the kernel.
122
123 -G NAME=VALUE
124 Sets the value of global variable NAME to VALUE when staprun is
125 invoked. This applies to scalar variables declared global in
126 the script/tapset.
127
128 -R DIR Look for the systemtap runtime sources in the given directory.
129
130 -r /DIR
131 Build for kernel in given build tree. Can also be set with the
132 SYSTEMTAP_RELEASE environment variable.
133
134 -r RELEASE
135 Build for kernel in build tree /lib/modules/RELEASE/build. Can
136 also be set with the SYSTEMTAP_RELEASE environment variable.
137
138 -m MODULE
139 Use the given name for the generated kernel object module,
140 instead of a unique randomized name. The generated kernel
141 object module is copied to the current directory.
142
143 -d MODULE
144 Add symbol/unwind information for the given module into the ker‐
145 nel object module. This may enable symbolic tracebacks from
146 those modules/programs, even if they do not have an explicit
147 probe placed into them.
148
149 --ldd Add symbol/unwind information for all shared libraries suspected
150 by ldd to be necessary for user-space binaries being probe or
151 listed with the -d option. Caution: this can make the probe
152 modules considerably larger.
153
154 --all-modules
155 Equivalent to specifying "-dkernel" and a "-d" for each kernel
156 module that is currently loaded. Caution: this can make the
157 probe modules considerably larger.
158
159 -o FILE
160 Send standard output to named file. In bulk mode, percpu files
161 will start with FILE_ (FILE_cpu with -F) followed by the cpu
162 number. This supports strftime(3) formats for FILE.
163
164 -c CMD Start the probes, run CMD, and exit when CMD finishes. This
165 also has the effect of setting target() to the pid of the com‐
166 mand ran.
167
168 -x PID Sets target() to PID. This allows scripts to be written that
169 filter on a specific process. Scripts run independent of the
170 PID's lifespan.
171
172 -e SCRIPT
173 Run the given SCRIPT specified on the command line.
174
175 -E SCRIPT
176 Run the given SCRIPT specified. This SCRIPT is run in addition
177 to the main script specified, through -e, or as a script file.
178 This option can be repeated to run multiple scripts, and can be
179 used in listing mode (-l/-L).
180
181 -l PROBE
182 Instead of running a probe script, just list all available probe
183 points matching the given single probe point. The pattern may
184 include wildcards and aliases, but not comma-separated multiple
185 probe points. The process result code will indicate failure if
186 there are no matches.
187
188 -L PROBE
189 Similar to "-l", but list probe points and script-level local
190 variables.
191
192 -F Without -o option, load module and start probes, then detach
193 from the module leaving the probes running. With -o option, run
194 staprun in background as a daemon and show its pid.
195
196 -S size[,N]
197 Sets the maximum size of output file and the maximum number of
198 output files. If the size of output file will exceed size ,
199 systemtap switches output file to the next file. And if the num‐
200 ber of output files exceed N , systemtap removes the oldest out‐
201 put file. You can omit the second argument.
202
203 --skip-badvars
204 Ignore unresolvable or run-time-inaccessible context variables
205 and substitute with 0, without errors.
206
207
208 --prologue-searching[=WHEN]
209 Prologue-searching mode. Activate heuristics to work around
210 incorrect debugging information for function parameter $con‐
211 text variables. WHEN can be either "never", "always", or "auto"
212 (i.e. enabled by heuristic). If WHEN is missing, then "always"
213 is assumed. If the option is missing, then "auto" is assumed.
214
215
216 --suppress-handler-errors
217 Wrap all probe handlers into something like this
218
219 try { ... } catch { next }
220
221 block, which causes any runtime errors to be quietly suppressed.
222 Suppressed errors do not count against MAXERRORS limits. In
223 this mode, the MAXSKIPPED limits are also suppressed, so that
224 many errors and skipped probes may be accumulated during a
225 script's runtime. Any overall counts will still be reported at
226 shutdown.
227
228
229 --compatible VERSION
230 Suppress recent script language or tapset changes which are in‐
231 compatible with given older version of systemtap. This may be
232 useful if a much older systemtap script fails to run. See the
233 DEPRECATION section for more details.
234
235
236 --check-version
237 This option is used to check if the active script has any con‐
238 structs that may be systemtap version specific. See the DEPRE‐
239 CATION section for more details.
240
241
242 --clean-cache
243 This option prunes stale entries from the cache directory. This
244 is normally done automatically after successful runs, but this
245 option will trigger the cleanup manually and then exit. See the
246 CACHING section for more details about cache limits.
247
248
249 --color[=WHEN], --colour[=WHEN]
250 This option controls coloring of error messages. WHEN can be ei‐
251 ther "never", "always", or "auto" (i.e. enable only if at a ter‐
252 minal). If WHEN is missing, then "always" is assumed. If the op‐
253 tion is missing, then "auto" is assumed.
254
255 Colors can be modified using the SYSTEMTAP_COLORS environment
256 variable. The format must be of the form
257 key1=val1:key2=val2:key3=val3 ...etc. Valid keys are "error",
258 "warning", "source", "caret", and "token". Values constitute
259 Select Graphic Rendition (SGR) parameter(s). Consult the docu‐
260 mentation of your terminal for the SGRs it supports. As an exam‐
261 ple, the default colors would be expressed as
262 error=01;31:warning=00;33:source=00;34:caret=01:token=01. If
263 SYSTEMTAP_COLORS is absent, the default colors will be used. If
264 it is empty or invalid, coloring is turned off.
265
266
267 --disable-cache
268 This option disables all use of the cache directory. No files
269 will be either read from or written to the cache.
270
271
272 --poison-cache
273 This option treats files in the cache directory as invalid. No
274 files will be read from the cache, but resulting files from this
275 run will still be written to the cache. This is meant as a
276 troubleshooting aid when stap's cached behavior seems to be mis‐
277 behaving.
278
279
280 --privilege[=stapusr | =stapsys | =stapdev]
281 This option instructs stap to examine the script looking for
282 constructs which are not allowed for the specified privilege
283 level (see UNPRIVILEGED USERS). Compilation fails if any such
284 constructs are used. If stapusr or stapsys are specified when
285 using a compile server (see --use-server), the server will exam‐
286 ine the script and, if compilation succeeds, the server will
287 cryptographically sign the resulting kernel module, certifying
288 that is it safe for use by users at the specified privilege lev‐
289 el.
290
291 If --privilege has not been specified, -pN has not been speci‐
292 fied with N < 5, and the invoking user is not root, and is not a
293 member of the group stapdev, then stap will automatically add
294 the appropriate --privilege option to the options already speci‐
295 fied.
296
297
298 --unprivileged
299 This option is equivalent to --privilege=stapusr.
300
301
302 --use-server[=HOSTNAME[:PORT] | =IP_ADDRESS[:PORT] | =CERT_SERIAL]
303 Specify compile-server(s) to be used for compilation and/or in
304 conjunction with --list-servers and --trust-servers (see below).
305 If no argument is supplied, then the default in unprivileged
306 mode (see --privilege) is to select compatible servers which are
307 trusted as SSL peers and as module signers and currently online.
308 Otherwise the default is to select compatible servers which are
309 trusted as SSL peers and currently online. --use-server may be
310 specified more than once, in which case a list of servers is ac‐
311 cumulated in the order specified. Servers may be specified by
312 host name, ip address, or by certificate serial number (obtained
313 using --list-servers). The latter is most commonly used when
314 adding or revoking trust in a server (see --trust-servers be‐
315 low). If a server is specified by host name or ip address, then
316 an optional port number may be specified. This is useful for ac‐
317 cessing servers which are not on the local network or to specify
318 a particular server.
319
320 IP addresses may be IPv4 or IPv6 addresses.
321
322 If a particular IPv6 address is link local and exists on more
323 than one interface, the intended interface may be specified by
324 appending the address with a percent sign (%) followed by the
325 intended interface name. For example,
326 "fe80::5eff:35ff:fe07:55ca%eth0".
327
328 In order to specify a port number with an IPv6 address, it is
329 necessary to enclose the IPv6 address in square brackets ([]) in
330 order to separate the port number from the rest of the address.
331 For example, "[fe80::5eff:35ff:fe07:55ca]:5000" or
332 "[fe80::5eff:35ff:fe07:55ca%eth0]:5000".
333
334 If --use-server has not been specified, -pN has not been speci‐
335 fied with N < 5, and the invoking user not root, is not a member
336 of the group stapdev, but is a member of the group stapusr, then
337 stap will automatically add --use-server to the options already
338 specified.
339
340
341 --use-server-on-error[=yes|=no]
342 Instructs stap to retry compilation of a script using a compile
343 server if compilation on the local host fails in a manner which
344 suggests that it might succeed using a server. If this option
345 is not specified, the default is no. If no argument is provid‐
346 ed, then the default is yes. Compilation will be retried for
347 certain types of errors (e.g. insufficient data or resources)
348 which may not occur during re-compilation by a compile server.
349 Compile servers will be selected automatically for the re-compi‐
350 lation attempt as if --use-server was specified with no argu‐
351 ments.
352
353
354 --list-servers[=SERVERS]
355 Display the status of the requested SERVERS, where SERVERS is a
356 comma-separated list of server attributes. The list of at‐
357 tributes is combined to filter the list of servers displayed.
358 Supported attributes are:
359
360 all specifies all known servers (trusted SSL peers, trusted
361 module signers, online servers).
362
363 specified
364 specifies servers specified using --use-server.
365
366 online filters the output by retaining information about servers
367 which are currently online.
368
369 trusted
370 filters the output by retaining information about servers
371 which are trusted as SSL peers.
372
373 signer filters the output by retaining information about servers
374 which are trusted as module signers (see --privilege).
375
376 compatible
377 filters the output by retaining information about servers
378 which are compatible with the current kernel release and
379 architecture.
380
381 If no argument is provided, then the default is specified. If
382 no servers were specified using --use-server, then the default
383 servers for --use-server are listed.
384
385 Note that --list-servers uses the avahi-daemon service to detect
386 online servers. If this service is not available, then
387 --list-servers will fail to detect any online servers. In order
388 for --list-servers to detect servers listening on IPv6 address‐
389 es, the avahi-daemon configuration file /etc/avahi/avahi-dae‐
390 mon.conf must contain an active "use-ipv6=yes" line. The service
391 must be restarted after adding this line in order for IPv6 to be
392 enabled.
393
394
395 --trust-servers[=TRUST_SPEC]
396 Grant or revoke trust in compile-servers, specified using
397 --use-server as specified by TRUST_SPEC, where TRUST_SPEC is a
398 comma-separated list specifying the trust which is to be granted
399 or revoked. Supported elements are:
400
401 ssl trust the specified servers as SSL peers.
402
403 signer trust the specified servers as module signers (see
404 --privilege). Only root can specify signer.
405
406 all-users
407 grant trust as an ssl peer for all users on the local
408 host. The default is to grant trust as an ssl peer for
409 the current user only. Trust as a module signer is always
410 granted for all users. Only root can specify all-users.
411
412 revoke revoke the specified trust. The default is to grant it.
413
414 no-prompt
415 do not prompt the user for confirmation before carrying
416 out the requested action. The default is to prompt the
417 user for confirmation.
418
419 If no argument is provided, then the default is ssl. If no
420 servers were specified using --use-server, then no trust will be
421 granted or revoked.
422
423 Unless no-prompt has been specified, the user will be prompted
424 to confirm the trust to be granted or revoked before the opera‐
425 tion is performed.
426
427
428 --dump-probe-types
429 Dumps a list of supported probe types and exits. If --privi‐
430 lege=stapusr is also specified, the list will be limited to
431 probe types available to unprivileged users.
432
433
434 --dump-probe-aliases
435 Dumps a list of all probe aliases found in library files and ex‐
436 its.
437
438
439 --dump-functions
440 Dumps a list of all functions found in library files and exits.
441 Also includes their parameters and types. A function of type
442 'unknown' indicates a function that does not return a value.
443 Note that not all function/parameter types may be resolved
444 (these are also shown by 'unknown'). This features is very memo‐
445 ry-intensive and thus may not work properly with --use-server if
446 the target server imposes an rlimit on process memory (i.e.
447 through the ~stap-server/.systemtap/rc configuration file, see
448 stap-server(8)).
449
450
451 --remote URL
452 Set the execution target to the given host. This option may be
453 repeated to target multiple execution targets. Passes 1-4 are
454 completed locally as normal to build the script, and then pass 5
455 will copy the module to the target and run it. Acceptable URL
456 forms include:
457
458 [USER@]HOSTNAME, ssh://[USER@]HOSTNAME
459 This mode uses ssh, optionally using a username not
460 matching your own. If a custom ssh_config file is in use,
461 add SendEnv LANG to retain internationalization function‐
462 ality.
463
464 libvirt://DOMAIN, libvirt://DOMAIN/LIBVIRT_URI
465 This mode uses stapvirt to execute the script on a domain
466 managed by libvirt. Optionally, LIBVIRT_URI may be speci‐
467 fied to connect to a specific driver and/or a remote
468 host. For example, to connect to the local privileged QE‐
469 MU driver, use:
470
471 --remote libvirt://MyDomain/qemu:///system
472
473 See the page at <http://libvirt.org/uri.html> for sup‐
474 ported URIs. Also see stapvirt(1) for more information on
475 how to prepare the domain for stap probing.
476
477 unix:PATH
478 This mode connects to a UNIX socket. This can be used
479 with a QEMU virtio-serial port for executing scripts in‐
480 side a running virtual machine.
481
482 direct://
483 Special loopback mode to run on the local host.
484
485 --remote-prefix
486 Prefix each line of remote output with "N: ", where N is the in‐
487 dex of the remote execution target from which the given line
488 originated.
489
490
491 --download-debuginfo[=OPTION]
492 Enable, disable or set a timeout for the automatic debuginfo
493 downloading feature offered by abrt as specified by OPTION,
494 where OPTION is one of the following:
495
496 yes enable automatic downloading of debuginfo with no time‐
497 out. This is the same as not providing an OPTION value to
498 --download-debuginfo
499
500 no explicitly disable automatic downloading of debuginfo.
501 This is the same as not using the option at all.
502
503 ask show abrt output, and ask before continuing download. No
504 timeout will be set.
505
506 <timeout>
507 specify a timeout as a positive number to stop the down‐
508 load if it is taking too long.
509
510 --rlimit-as=NUM
511 Specify the maximum size of the process's virtual memory (ad‐
512 dress space), in bytes. If nothing is specified, no limits are
513 imposed.
514
515
516 --rlimit-cpu=NUM
517 Specify the CPU time limit, in seconds. If nothing is specified,
518 no limits are imposed.
519
520
521 --rlimit-nproc=NUM
522 Specify the maximum number of processes that can be created. If
523 nothing is specified, no limits are imposed.
524
525
526 --rlimit-stack=NUM
527 Specify the maximum size of the process stack, in bytes. If
528 nothing is specified, no limits are imposed.
529
530
531 --rlimit-fsize=NUM
532 Specify the maximum size of files that the process may create,
533 in bytes. If nothing is specified, no limits are imposed.
534
535
536 --sysroot=DIR
537 Specify sysroot directory where target files (executables, li‐
538 braries, etc.) are located. With -r RELEASE, the sysroot will
539 be searched for the appropriate kernel build directory. With -r
540 /DIR, however, the sysroot will not be used to find the kernel
541 build.
542
543
544 --sysenv=VAR=VALUE
545 Provide an alternate value for an environment variable where the
546 value on a remote system differs. Path variables (e.g. PATH,
547 LD_LIBRARY_PATH) are assumed to be relative to the directory
548 provided by --sysroot, if provided.
549
550
551 --suppress-time-limits
552 Disable -DSTP_OVERLOAD related options as well as -DMAXACTION
553 and -DMAXTRYLOCK. This option requires guru mode.
554
555
556 --runtime=MODE
557 Set the pass-5 runtime mode. Valid options are kernel (default)
558 and dyninst. See ALTERNATE RUNTIMES below for more information.
559
560
561 --dyninst
562 Shorthand for --runtime=dyninst.
563
564
565 --save-uprobes
566 On machines that require SystemTap to build its own uprobes mod‐
567 ule (kernels prior to version 3.5), this option instructs Sys‐
568 temTap to also save a copy of the module in the current directo‐
569 ry (creating a new "uprobes" directory first).
570
571
572 --target-namespaces=PID
573 Allow for a set of target namespaces to be set based on the
574 namespaces the given PID is in. This is for namespace-aware
575 tapset functions. If the target namespaces was not set, the tar‐
576 get defaults to the stap process' namespaces.
577
578
580 Any additional arguments on the command line are passed to the script
581 parser for substitution. See below.
582
583
585 The systemtap script language resembles awk and C. There are two main
586 outermost constructs: probes and functions. Within these, statements
587 and expressions use C-like operator syntax and precedence.
588
589
590 GENERAL SYNTAX
591 Whitespace is ignored. Three forms of comments are supported:
592 # ... shell style, to the end of line, except for $# and @#
593 // ... C++ style, to the end of line
594 /* ... C style ... */
595 Literals are either strings enclosed in double-quotes (passing through
596 the usual C escape codes with backslashes, and with adjacent string
597 literals glued together, also as in C), or integers (in decimal, hexa‐
598 decimal, or octal, using the same notation as in C). All strings are
599 limited in length to some reasonable value (a few hundred bytes). In‐
600 tegers are 64-bit signed quantities, although the parser also accepts
601 (and wraps around) values above positive 2**63.
602
603 In addition, script arguments given at the end of the command line may
604 be inserted. Use $1 ... $<NN> for insertion unquoted, @1 ... @<NN> for
605 insertion as a string literal. The number of arguments may be accessed
606 through $# (as an unquoted number) or through @# (as a quoted number).
607 These may be used at any place a token may begin, including within the
608 preprocessing stage. Reference to an argument number beyond what was
609 actually given is an error.
610
611
612 PREPROCESSING
613 A simple conditional preprocessing stage is run as a part of parsing.
614 The general form is similar to the cond ? exp1 : exp2 ternary operator:
615
616 %( CONDITION %? TRUE-TOKENS %)
617 %( CONDITION %? TRUE-TOKENS %: FALSE-TOKENS %)
618
619 The CONDITION is either an expression whose format is determined by its
620 first keyword, or a string literals comparison or a numeric literals
621 comparison. It can be also composed of many alternatives and conjunc‐
622 tions of CONDITIONs (meant as in previous sentence) using || and && re‐
623 spectively. However, parentheses are not supported yet, so remembering
624 that conjunction takes precedence over alternative is important.
625
626 If the first part is the identifier kernel_vr or kernel_v to refer to
627 the kernel version number, with ("2.6.13-1.322FC3smp") or without
628 ("2.6.13") the release code suffix, then the second part is one of the
629 six standard numeric comparison operators <, <=, ==, !=, >, and >=, and
630 the third part is a string literal that contains an RPM-style version-
631 release value. The condition is deemed satisfied if the version of the
632 target kernel (as optionally overridden by the -r option) compares to
633 the given version string. The comparison is performed by the glibc
634 function strverscmp. As a special case, if the operator is for simple
635 equality (==), or inequality (!=), and the third part contains any
636 wildcard characters (* or ? or [), then the expression is treated as a
637 wildcard (mis)match as evaluated by fnmatch.
638
639 If, on the other hand, the first part is the identifier arch to refer
640 to the processor architecture (as named by the kernel build system
641 ARCH/SUBARCH), then the second part is one of the two string comparison
642 operators == or !=, and the third part is a string literal for matching
643 it. This comparison is a wildcard (mis)match.
644
645 Similarly, if the first part is an identifier like CONFIG_something to
646 refer to a kernel configuration option, then the second part is == or
647 !=, and the third part is a string literal for matching the value (com‐
648 monly "y" or "m"). Nonexistent or unset kernel configuration options
649 are represented by the empty string. This comparison is also a wild‐
650 card (mis)match.
651
652 If the first part is the identifier systemtap_v, the test refers to the
653 systemtap compatibility version, which may be overridden for old
654 scripts with the --compatible flag. The comparison operator is as is
655 for kernel_v and the right operand is a version string. See also the
656 DEPRECATION section below.
657
658 If the first part is the identifier systemtap_privilege, the test
659 refers to the privilege level that the systemtap script is compiled
660 with. Here the second part is == or !=, and the third part is a string
661 literal, either "stapusr" or "stapsys" or "stapdev".
662
663 If the first part is the identifier guru_mode, the test refers to if
664 the systemtap script is compiled with guru_mode. Here the second part
665 is == or !=, and the third part is a number, either 1 or 0.
666
667 If the first part is the identifier runtime, the test refers to the
668 systemtap runtime mode. See ALTERNATE RUNTIMES below for more informa‐
669 tion on runtimes. The second part is one of the two string comparison
670 operators == or !=, and the third part is a string literal for matching
671 it. This comparison is a wildcard (mis)match.
672
673 Otherwise, the CONDITION is expected to be a comparison between two
674 string literals or two numeric literals. In this case, the arguments
675 are the only variables usable.
676
677 The TRUE-TOKENS and FALSE-TOKENS are zero or more general parser tokens
678 (possibly including nested preprocessor conditionals), and are passed
679 into the input stream if the condition is true or false. For example,
680 the following code induces a parse error unless the target kernel ver‐
681 sion is newer than 2.6.5:
682
683 %( kernel_v <= "2.6.5" %? **ERROR** %) # invalid token sequence
684
685 The following code might adapt to hypothetical kernel version drift:
686
687 probe kernel.function (
688 %( kernel_v <= "2.6.12" %? "__mm_do_fault" %:
689 %( kernel_vr == "2.6.13*smp" %? "do_page_fault" %:
690 UNSUPPORTED %) %)
691 ) { /* ... */ }
692
693 %( arch == "ia64" %?
694 probe syscall.vliw = kernel.function("vliw_widget") {}
695 %)
696
697
698
699 PREPROCESSOR MACROS
700 The preprocessor also supports a simple macro facility, run as a sepa‐
701 rate pass before conditional preprocessing.
702
703 Macros are defined using the following construct:
704
705 @define NAME %( BODY %)
706 @define NAME(PARAM_1, PARAM_2, ...) %( BODY %)
707
708 Macros, and parameters inside a macro body, are both invoked by prefix‐
709 ing the macro name with an @ symbol:
710
711 @define foo %( x %)
712 @define add(a,b) %( ((@a)+(@b)) %)
713
714 @foo = @add(2,2)
715
716
717 Macro expansion is currently performed in a separate pass before condi‐
718 tional compilation. Therefore, both TRUE- and FALSE-tokens in condi‐
719 tional expressions will be macroexpanded regardless of how the condi‐
720 tion is evaluated. This can sometimes lead to errors:
721
722 // The following results in a conflict:
723 %( CONFIG_UTRACE == "y" %?
724 @define foo %( process.syscall %)
725 %:
726 @define foo %( **ERROR** %)
727 %)
728
729 // The following works properly as expected:
730 @define foo %(
731 %( CONFIG_UTRACE == "y" %? process.syscall %: **ERROR** %)
732 %)
733
734 The first example is incorrect because both @defines are evaluated in a
735 pass prior to the conditional being evaluated.
736
737 Normally, a macro definition is local to the file it occurs in. Thus,
738 defining a macro in a tapset does not make it available to the user of
739 the tapset. Publically available library macros can be defined by in‐
740 cluding .stpm files on the tapset search path. These files may only
741 contain @define constructs, which become visible across all tapsets and
742 user scripts.
743
744
745 VARIABLES
746 Identifiers for variables and functions are an alphanumeric sequence,
747 and may include _ and $ characters. They may not start with a plain
748 digit, as in C. Each variable is by default local to the probe or
749 function statement block within which it is mentioned, and therefore
750 its scope and lifetime is limited to a particular probe or function in‐
751 vocation.
752
753 Scalar variables are implicitly typed as either string or integer. As‐
754 sociative arrays also have a string or integer value, and a tuple of
755 strings and/or integers serving as a key. Here are a few basic expres‐
756 sions.
757
758 var1 = 5
759 var2 = "bar"
760 array1 [pid()] = "name" # single numeric key
761 array2 ["foo",4,i++] += 5 # vector of string/num/num keys
762 if (["hello",5,4] in array2) println ("yes") # membership test
763
764
765 The translator performs type inference on all identifiers, including
766 array indexes and function parameters. Inconsistent type-related use
767 of identifiers signals an error.
768
769 Variables may be declared global, so that they are shared amongst all
770 probes and live as long as the entire systemtap session. There is one
771 namespace for all global variables, regardless of which script file
772 they are found within. Concurrent access to global variables is auto‐
773 matically protected with locks, see the SAFETY AND SECURITY section for
774 more details. A global declaration may be written at the outermost
775 level anywhere, not within a block of code. Global variables which are
776 written but never read will be displayed automatically at session shut‐
777 down. The translator will infer for each its value type, and if it is
778 used as an array, its key types. Optionally, scalar globals may be
779 initialized with a string or number literal. The following declaration
780 marks variables as global.
781
782 global var1, var2, var3=4
783
784
785 Global variables can also be set as module options. One can do this by
786 either using the -G option, or the module must first be compiled using
787 stap -p4. Global variables can then be set on the command line when
788 calling staprun on the module generated by stap -p4. See staprun(8) for
789 more information.
790
791 Arrays are limited in size by the MAXMAPENTRIES variable -- see the
792 SAFETY AND SECURITY section for details. Optionally, global arrays may
793 be declared with a maximum size in brackets, overriding MAXMAPENTRIES
794 for that array only. Note that this doesn't indicate the type of keys
795 for the array, just the size.
796
797 global tiny_array[10], normal_array, big_array[50000]
798
799
800 Arrays may be configured for wrapping using the '%' suffix. This caus‐
801 es older elements to be overwritten if more elements are inserted than
802 the array can hold. This works for both associative and statistics
803 typed arrays.
804
805 global wrapped_array1%[10], wrapped_array2%
806
807
808
809 Many types of probe points provide context variables, which are run-
810 time values, safely extracted from the kernel or userspace program be‐
811 ing probed. These are prefixed with the $ character. The CONTEXT
812 VARIABLES section in stapprobes(3stap) lists what is available for each
813 type of probe point. These context variables become normal string or
814 numeric scalars once they are stored in normal script variables. See
815 the TYPECASTING section below on how to to turn them back into typed
816 pointers for further processing as context variables.
817
818
819 STATEMENTS
820 Statements enable procedural control flow. They may occur within func‐
821 tions and probe handlers. The total number of statements executed in
822 response to any single probe event is limited to some number defined by
823 a macro in the translated C code, and is in the neighbourhood of 1000.
824
825 EXP Execute the string- or integer-valued expression and throw away
826 the value.
827
828 { STMT1 STMT2 ... }
829 Execute each statement in sequence in this block. Note that
830 separators or terminators are generally not necessary between
831 statements.
832
833 ; Null statement, do nothing. It is useful as an optional separa‐
834 tor between statements to improve syntax-error detection and to
835 handle certain grammar ambiguities.
836
837 if (EXP) STMT1 [ else STMT2 ]
838 Compare integer-valued EXP to zero. Execute the first (non-ze‐
839 ro) or second STMT (zero).
840
841 while (EXP) STMT
842 While integer-valued EXP evaluates to non-zero, execute STMT.
843
844 for (EXP1; EXP2; EXP3) STMT
845 Execute EXP1 as initialization. While EXP2 is non-zero, execute
846 STMT, then the iteration expression EXP3.
847
848 foreach (VAR in ARRAY [ limit EXP ]) STMT
849 Loop over each element of the named global array, assigning cur‐
850 rent key to VAR. The array may not be modified within the
851 statement. By adding a single + or - operator after the VAR or
852 the ARRAY identifier, the iteration will proceed in a sorted or‐
853 der, by ascending or descending index or value. If the array
854 contains statistics aggregates, adding the desired @operator be‐
855 tween the ARRAY identifier and the + or - will specify the sort‐
856 ing aggregate function. See the STATISTICS section below for
857 the ones available. Default is @count. Using the optional lim‐
858 it keyword limits the number of loop iterations to EXP times.
859 EXP is evaluated once at the beginning of the loop.
860
861 foreach ([VAR1, VAR2, ...] in ARRAY [ limit EXP ]) STMT
862 Same as above, used when the array is indexed with a tuple of
863 keys. A sorting suffix may be used on at most one VAR or ARRAY
864 identifier.
865
866 foreach ([VAR1, VAR2, ...] in ARRAY [INDEX1, INDEX2, ...] [ limit EXP
867 ]) STMT
868 Same as above, where iterations are limited to elements in the
869 array where the keys match the index values specified. The sym‐
870 bol * can be used to specify an index and will be treated as a
871 wildcard.
872
873 foreach (VALUE = VAR in ARRAY [ limit EXP ]) STMT
874 This variant of foreach saves current value into VALUE on each
875 iteration, so it is the same as ARRAY[VAR]. This also works
876 with a tuple of keys. Sorting suffixes on VALUE have the same
877 effect as on ARRAY.
878
879 foreach (VALUE = VAR in ARRAY [INDEX1, INDEX2, ...] [ limit EXP ]) STMT
880 Same as above, where iterations are limited to elements in the
881 array where the keys match the index values specified. The sym‐
882 bol * can be used to specify an index and will be treated as a
883 wildcard.
884
885 break, continue
886 Exit or iterate the innermost nesting loop (while or for or
887 foreach) statement.
888
889 return EXP
890 Return EXP value from enclosing function. If the function's
891 value is not taken anywhere, then a return statement is not
892 needed, and the function will have a special "unknown" type with
893 no return value.
894
895 next Return now from enclosing probe handler. This is especially
896 useful in probe aliases that apply event filtering predicates.
897
898 try { STMT1 } catch { STMT2 }
899 Run the statements in the first block. Upon any run-time er‐
900 rors, abort STMT1 and start executing STMT2. Any errors in
901 STMT2 will propagate to outer try/catch blocks, if any.
902
903 try { STMT1 } catch(VAR) { STMT2 }
904 Same as above, plus assign the error message to the string
905 scalar variable VAR.
906
907 delete ARRAY[INDEX1, INDEX2, ...]
908 Remove from ARRAY the element specified by the index tuple. If
909 the index tuple contains a * in place of an index, the * is
910 treated as a wildcard and all elements with keys that match the
911 index tuple will be removed from ARRAY. The value will no
912 longer be available, and subsequent iterations will not report
913 the element. It is not an error to delete an element that does
914 not exist.
915
916 delete ARRAY
917 Remove all elements from ARRAY.
918
919 delete SCALAR
920 Removes the value of SCALAR. Integers and strings are cleared
921 to 0 and "" respectively, while statistics are reset to the ini‐
922 tial empty state.
923
924
925 EXPRESSIONS
926 Systemtap supports a number of operators that have the same general
927 syntax, semantics, and precedence as in C and awk. Arithmetic is per‐
928 formed as per typical C rules for signed integers. Division by zero or
929 overflow is detected and results in an error.
930
931 binary numeric operators
932 * / % + - >> << & ^ | && ||
933
934 binary string operators
935 . (string concatenation)
936
937 numeric assignment operators
938 = *= /= %= += -= >>= <<= &= ^= |=
939
940 string assignment operators
941 = .=
942
943 unary numeric operators
944 + - ! ~ ++ --
945
946 binary numeric, string comparison or regex matching operators
947 < > <= >= == != =~ !~
948
949 ternary operator
950 cond ? exp1 : exp2
951
952 grouping operator
953 ( exp )
954
955 function call
956 fn ([ arg1, arg2, ... ])
957
958 array membership check
959 exp in array
960 [exp1, exp2, ...] in array
961 [*, *, ... ]in array
962
963
964 REGULAR EXPRESSION MATCHING
965 The scripting language supports regular expression matching. The basic
966 syntax is as follows:
967
968 exp =~ regex
969 exp !~ regex
970
971 (The first operand must be an expression evaluating to a string; the
972 second operand must be a string literal containing a syntactically
973 valid regular expression.)
974
975 The regular expression syntax supports most of the features of POSIX
976 Extended Regular Expressions, except for subexpression reuse ("\1")
977 functionality. The ability to capture and extract the contents of the
978 matched string and subexpressions has not yet been implemented.
979
980
981 PROBES
982 The main construct in the scripting language identifies probes. Probes
983 associate abstract events with a statement block ("probe handler") that
984 is to be executed when any of those events occur. The general syntax
985 is as follows:
986
987 probe PROBEPOINT [, PROBEPOINT] { [STMT ...] }
988 probe PROBEPOINT [, PROBEPOINT] if (CONDITION) { [STMT ...] }
989
990
991 Events are specified in a special syntax called "probe points". There
992 are several varieties of probe points defined by the translator, and
993 tapset scripts may define further ones using aliases. Probe points may
994 be wildcarded, grouped, or listed in preference sequences, or declared
995 optional. More details on probe point syntax and semantics are listed
996 on the stapprobes(3stap) manual page.
997
998 The probe handler is interpreted relative to the context of each event.
999 For events associated with kernel code, this context may include vari‐
1000 ables defined in the source code at that spot. These "context vari‐
1001 ables" are presented to the script as variables whose names are pre‐
1002 fixed with "$". They may be accessed only if the kernel's compiler
1003 preserved them despite optimization. This is the same constraint that
1004 a debugger user faces when working with optimized code. In addition,
1005 the objects must exist in paged-in memory at the moment of the system‐
1006 tap probe handler's execution, because systemtap must not cause (sup‐
1007 presses) any additional paging. Some probe types have very little con‐
1008 text. See the stapprobes(3stap) man pages to see the kinds of context
1009 variables available at each kind of probe point.
1010
1011 Probes may be decorated with an arming condition, consisting of a sim‐
1012 ple boolean expression on read-only global script variables. While
1013 disarmed (condition evaluates to false), some probe types reduce or
1014 eliminate their run-time overheads. When an arming condition evaluates
1015 to true, probes will be soon re-armed, and their probe handlers will
1016 start getting called as the events fire. (Some events may be lost dur‐
1017 ing the arming interval. If this is unacceptable, do not use arming
1018 conditions for those probes.)
1019
1020 New probe points may be defined using "aliases". Probe point aliases
1021 look similar to probe definitions, but instead of activating a probe at
1022 the given point, it just defines a new probe point name as an alias to
1023 an existing one. There are two types of alias, i.e. the prologue style
1024 and the epilogue style which are identified by "=" and "+=" respective‐
1025 ly.
1026
1027 For prologue style alias, the statement block that follows an alias
1028 definition is implicitly added as a prologue to any probe that refers
1029 to the alias. While for the epilogue style alias, the statement block
1030 that follows an alias definition is implicitly added as an epilogue to
1031 any probe that refers to the alias. For example:
1032
1033 probe syscall.read = kernel.function("sys_read") {
1034 fildes = $fd
1035 if (execname() == "init") next # skip rest of probe
1036 }
1037
1038 defines a new probe point syscall.read, which expands to
1039 kernel.function("sys_read"), with the given statement as a prologue,
1040 which is useful to predefine some variables for the alias user and/or
1041 to skip probe processing entirely based on some conditions. And
1042
1043 probe syscall.read += kernel.function("sys_read") {
1044 if (tracethis) println ($fd)
1045 }
1046
1047 defines a new probe point with the given statement as an epilogue,
1048 which is useful to take actions based upon variables set or left over
1049 by the the alias user. Please note that in each case, the statements
1050 in the alias handler block are treated ordinarily, so that variables
1051 assigned there constitute mere initialization, not a macro substitu‐
1052 tion.
1053
1054 An alias is used just like a built-in probe type.
1055
1056 probe syscall.read {
1057 printf("reading fd=%d\n", fildes)
1058 if (fildes > 10) tracethis = 1
1059 }
1060
1061
1062
1063 FUNCTIONS
1064 Systemtap scripts may define subroutines to factor out common work.
1065 Functions take any number of scalar (integer or string) arguments, and
1066 must return a single scalar (integer or string). An example function
1067 declaration looks like this:
1068
1069 function thisfn (arg1, arg2) {
1070 return arg1 + arg2
1071 }
1072
1073 Note the general absence of type declarations, which are instead in‐
1074 ferred by the translator. However, if desired, a function definition
1075 may include explicit type declarations for its return value and/or its
1076 arguments. This is especially helpful for embedded-C functions. In
1077 the following example, the type inference engine need only infer type
1078 type of arg2 (a string).
1079
1080 function thatfn:string (arg1:long, arg2) {
1081 return sprint(arg1) . arg2
1082 }
1083
1084 Functions may call others or themselves recursively, up to a fixed
1085 nesting limit. This limit is defined by a macro in the translated C
1086 code and is in the neighbourhood of 10.
1087
1088
1089 PRINTING
1090 There are a set of function names that are specially treated by the
1091 translator. They format values for printing to the standard systemtap
1092 output stream in a more convenient way. The sprint* variants return
1093 the formatted string instead of printing it.
1094
1095 print, sprint
1096 Print one or more values of any type, concatenated directly to‐
1097 gether.
1098
1099 println, sprintln
1100 Print values like print and sprint, but also append a newline.
1101
1102 printd, sprintd
1103 Take a string delimiter and two or more values of any type, and
1104 print the values with the delimiter interposed. The delimiter
1105 must be a literal string constant.
1106
1107 printdln, sprintdln
1108 Print values with a delimiter like printd and sprintd, but also
1109 append a newline.
1110
1111 printf, sprintf
1112 Take a formatting string and a number of values of corresponding
1113 types, and print them all. The format must be a literal string
1114 constant.
1115
1116 The printf formatting directives similar to those of C, except that
1117 they are fully type-checked by the translator:
1118
1119 %b Writes a binary blob of the value given, instead of ASCII
1120 text. The width specifier determines the number of bytes
1121 to write; valid specifiers are %b %1b %2b %4b %8b. De‐
1122 fault (%b) is 8 bytes.
1123
1124 %c Character.
1125
1126 %d,%i Signed decimal.
1127
1128 %m Safely reads kernel memory at the given address, outputs
1129 its content. The optional precision specifier (not field
1130 width) determines the number of bytes to read - default
1131 is 1 byte. %10.4m prints 4 bytes of the memory in a
1132 10-character-wide field.
1133
1134 %M Same as %m, but outputs in hexadecimal. The minimal size
1135 of output is double the optional precision specifier -
1136 default is 1 byte (2 hex chars). %10.4M prints 4 bytes
1137 of the memory as 8 hexadecimal characters in a 10-charac‐
1138 ter-wide field.
1139
1140 %o Unsigned octal.
1141
1142 %p Unsigned pointer address.
1143
1144 %s String.
1145
1146 %u Unsigned decimal.
1147
1148 %x Unsigned hex value, in all lower-case.
1149
1150 %X Unsigned hex value, in all upper-case.
1151
1152 %% Writes a %.
1153
1154 The # flag selects the alternate forms. For octal, this prefixes a 0.
1155 For hex, this prefixes 0x or 0X, depending on case. For characters,
1156 this escapes non-printing values with either C-like escapes or raw oc‐
1157 tal.
1158
1159 Examples:
1160
1161 a = "alice", b = "bob", p = 0x1234abcd, i = 123, j = -1, id[a] = 1234, id[b] = 4567
1162 print("hello")
1163 Prints: hello
1164 println(b)
1165 Prints: bob\n
1166 println(a . " is " . sprint(16))
1167 Prints: alice is 16
1168 foreach (name in id) printdln("|", strlen(name), name, id[name])
1169 Prints: 5|alice|1234\n3|bob|4567
1170 printf("%c is %s; %x or %X or %p; %d or %u\n",97,a,p,p,p,j,j)
1171 Prints: a is alice; 1234abcd or 1234ABCD or 0x1234abcd; -1 or 18446744073709551615\n
1172 printf("2 bytes of kernel buffer at address %p: %2m", p, p)
1173 Prints: 2 byte of kernel buffer at address 0x1234abcd: <binary data>
1174 printf("%4b", p)
1175 Prints (these values as binary data): 0x1234abcd
1176 printf("%#o %#x %#X\n", 1, 2, 3)
1177 Prints: 01 0x2 0X3
1178 printf("%#c %#c %#c\n", 0, 9, 42)
1179 Prints: \000 \t *
1180
1181
1182
1183 STATISTICS
1184 It is often desirable to collect statistics in a way that avoids the
1185 penalties of repeatedly exclusive locking the global variables those
1186 numbers are being put into. Systemtap provides a solution using a spe‐
1187 cial operator to accumulate values, and several pseudo-functions to ex‐
1188 tract the statistical aggregates.
1189
1190 The aggregation operator is <<<, and resembles an assignment, or a C++
1191 output-streaming operation. The left operand specifies a scalar or ar‐
1192 ray-index lvalue, which must be declared global. The right operand is
1193 a numeric expression. The meaning is intuitive: add the given number
1194 to the pile of numbers to compute statistics of. (The specific list of
1195 statistics to gather is given separately, by the extraction functions.)
1196
1197 foo <<< 1
1198 stats[pid()] <<< memsize
1199
1200
1201 The extraction functions are also special. For each appearance of a
1202 distinct extraction function operating on a given identifier, the
1203 translator arranges to compute a set of statistics that satisfy it.
1204 The statistics system is thereby "on-demand". Each execution of an ex‐
1205 traction function causes the aggregation to be computed for that moment
1206 across all processors.
1207
1208 Here is the set of extractor functions. The first argument of each is
1209 the same style of lvalue used on the left hand side of the accumulate
1210 operation. The @count(v), @sum(v), @min(v), @max(v), @avg(v) extractor
1211 functions compute the number/total/minimum/maximum/average of all accu‐
1212 mulated values. The resulting values are all simple integers. Arrays
1213 containing aggregates may be sorted and iterated. See the foreach con‐
1214 struct above.
1215
1216 Histograms are also available, but are more complicated because they
1217 have a vector rather than scalar value. @hist_linear(v,start,stop,in‐
1218 terval) represents a linear histogram from "start" to "stop" by incre‐
1219 ments of "interval". The interval must be positive. Similarly,
1220 @hist_log(v) represents a base-2 logarithmic histogram. Printing a his‐
1221 togram with the print family of functions renders a histogram object as
1222 a tabular "ASCII art" bar chart.
1223
1224 probe timer.profile {
1225 x[1] <<< pid()
1226 x[2] <<< uid()
1227 y <<< tid()
1228 }
1229 global x // an array containing aggregates
1230 global y // a scalar
1231 probe end {
1232 foreach ([i] in x @count+) {
1233 printf ("x[%d]: avg %d = sum %d / count %d\n",
1234 i, @avg(x[i]), @sum(x[i]), @count(x[i]))
1235 println (@hist_log(x[i]))
1236 }
1237 println ("y:")
1238 println (@hist_log(y))
1239 }
1240
1241
1242
1243 TYPECASTING
1244 Once a pointer (see the CONTEXT VARIABLES section of stapprobes(3stap))
1245 has been saved into a script integer variable, the translator loses the
1246 type information necessary to access members from that pointer. Using
1247 the @cast() operator tells the translator how to interpret the number
1248 as a typed pointer.
1249
1250 @cast(p, "type_name"[, "module"])->member
1251
1252
1253 This will interpret p as a pointer to a struct/union named type_name
1254 and dereference the member value. Further ->subfield expressions may
1255 be appended to dereference more levels. NOTE: the same dereferencing
1256 operator -> is used to refer to both direct containment or pointer in‐
1257 direction. Systemtap automatically determines which. The optional
1258 module tells the translator where to look for information about that
1259 type. Multiple modules may be specified as a list with : separators.
1260 If the module is not specified, it will default either to the probe
1261 module for dwarf probes, or to "kernel" for functions and all other
1262 probes types.
1263
1264 The translator can create its own module with type information from a
1265 header surrounded by angle brackets, in case normal debuginfo is not
1266 available. For kernel headers, prefix it with "kernel" to use the ap‐
1267 propriate build system. All other headers are build with default GCC
1268 parameters into a user module. Multiple headers may be specified in
1269 sequence to resolve a codependency.
1270
1271 @cast(tv, "timeval", "<sys/time.h>")->tv_sec
1272 @cast(task, "task_struct", "kernel<linux/sched.h>")->tgid
1273 @cast(task, "task_struct",
1274 "kernel<linux/sched.h><linux/fs_struct.h>")->fs->umask
1275
1276 Values acquired by @cast may be pretty-printed by the $ and $$ suffix
1277 operators, the same way as described in the CONTEXT VARIABLES section
1278 of the stapprobes(3stap) manual page.
1279
1280
1281 When in guru mode, the translator will also allow scripts to assign new
1282 values to members of typecasted pointers.
1283
1284 Typecasting is also useful in the case of void* members whose type may
1285 be determinable at runtime.
1286
1287 probe foo {
1288 if ($var->type == 1) {
1289 value = @cast($var->data, "type1")->bar
1290 } else {
1291 value = @cast($var->data, "type2")->baz
1292 }
1293 print(value)
1294 }
1295
1296
1297
1298 EMBEDDED C
1299 When in guru mode, the translator accepts embedded code in the top lev‐
1300 el of the script. Such code is enclosed between %{ and %} markers, and
1301 is transcribed verbatim, without analysis, in some sequence, into the
1302 top level of the generated C code. At the outermost level, this may be
1303 useful to add #include instructions, and any auxiliary definitions for
1304 use by other embedded code.
1305
1306 Another place where embedded code is permitted is as a function body.
1307 In this case, the script language body is replaced entirely by a piece
1308 of C code enclosed again between %{ and %} markers. This C code may do
1309 anything reasonable and safe. There are a number of undocumented but
1310 complex safety constraints on atomicity, concurrency, resource consump‐
1311 tion, and run time limits, so this is an advanced technique.
1312
1313 The memory locations set aside for input and output values are made
1314 available to it using macros STAP_ARG_* and STAP_RETVALUE. Errors may
1315 be signalled with STAP_ERROR. Output may be written with STAP_PRINTF.
1316 The function may return early with STAP_RETURN. Here are some exam‐
1317 ples:
1318
1319 function integer_ops (val) %{
1320 STAP_PRINTF("%d\n", STAP_ARG_val);
1321 STAP_RETVALUE = STAP_ARG_val + 1;
1322 if (STAP_RETVALUE == 4)
1323 STAP_ERROR("wrong guess: %d", (int) STAP_RETVALUE);
1324 if (STAP_RETVALUE == 3)
1325 STAP_RETURN(0);
1326 STAP_RETVALUE ++;
1327 %}
1328 function string_ops (val) %{
1329 strlcpy (STAP_RETVALUE, STAP_ARG_val, MAXSTRINGLEN);
1330 strlcat (STAP_RETVALUE, "one", MAXSTRINGLEN);
1331 if (strcmp (STAP_RETVALUE, "three-two-one"))
1332 STAP_RETURN("parameter should be three-two-");
1333 %}
1334 function no_ops () %{
1335 STAP_RETURN(); /* function inferred with no return value */
1336 %}
1337
1338 The function argument and return value types have to be inferred by the
1339 translator from the call sites in order for this to work. The user
1340 should examine C code generated for ordinary script-language functions
1341 in order to write compatible embedded-C ones.
1342
1343 The last place where embedded code is permitted is as an expression
1344 rvalue. In this case, the C code enclosed between %{ and %} markers is
1345 interpreted as an ordinary expression value. It is assumed to be a
1346 normal 64-bit signed number, unless the marker /* string */ is includ‐
1347 ed, in which case it's treated as a string.
1348
1349 function add_one (val) {
1350 return val + %{ 1 %}
1351 }
1352 function add_string_two (val) {
1353 return val . %{ /* string */ "two" %}
1354 }
1355
1356
1357 The embedded-C code may contain markers to assert optimization and
1358 safety properties.
1359
1360 /* pure */
1361 means that the C code has no side effects and may be elided en‐
1362 tirely if its value is not used by script code.
1363
1364 /* stable */
1365 means that the C code always has the same value (in any given
1366 probe handler invocation), so repeated calls may be automatical‐
1367 ly replaced by memoized values. Such functions must take no pa‐
1368 rameters, and also be pure.
1369
1370 /* unprivileged */
1371 means that the C code is so safe that even unprivileged users
1372 are permitted to use it.
1373
1374 /* myproc-unprivileged */
1375 means that the C code is so safe that even unprivileged users
1376 are permitted to use it, provided that the target of the current
1377 probe is within the user's own process.
1378
1379 /* guru */
1380 means that the C code is so unsafe that a systemtap user must
1381 specify -g (guru mode) to use this.
1382
1383 /* unmangled */
1384 in an embedded-C function, means that the legacy (pre-1.8) argu‐
1385 ment access syntax should be made available inside the function.
1386 Hence, in addition to STAP_ARG_foo and STAP_RETVALUE one can use
1387 THIS->foo and THIS->__retvalue respectively inside the function.
1388 This is useful for quickly migrating code written for SystemTap
1389 version 1.7 and earlier.
1390
1391 /* unmodified-fnargs */
1392 in an embedded-C function, means that the function arguments are
1393 not modified inside the function body.
1394
1395 /* string */
1396 in embedded-C expressions only, means that the expression has
1397 const char * type and should be treated as a string value, in‐
1398 stead of the default long numeric.
1399
1400
1401 BUILT-INS
1402 A set of builtin probe point aliases are provided by the scripts in‐
1403 stalled in the directory specified in the stappaths(7) manual page.
1404 The functions are described in the stapprobes(3stap) manual page.
1405
1406
1408 The translator begins pass 1 by parsing the given input script, and all
1409 scripts (files named *.stp) found in a tapset directory. The directo‐
1410 ries listed with -I are processed in sequence, each processed in "guru
1411 mode". For each directory, a number of subdirectories are also
1412 searched. These subdirectories are derived from the selected kernel
1413 version (the -R option), in order to allow more kernel-version-specific
1414 scripts to override less specific ones. For example, for a kernel ver‐
1415 sion 2.6.12-23.FC3 the following patterns would be searched, in se‐
1416 quence: 2.6.12-23.FC3/*.stp, 2.6.12/*.stp, 2.6/*.stp, and finally
1417 *.stp. Stopping the translator after pass 1 causes it to print the
1418 parse trees.
1419
1420
1421 In pass 2, the translator analyzes the input script to resolve symbols
1422 and types. References to variables, functions, and probe aliases that
1423 are unresolved internally are satisfied by searching through the parsed
1424 tapset script files. If any tapset script file is selected because it
1425 defines an unresolved symbol, then the entirety of that file is added
1426 to the translator's resolution queue. This process iterates until all
1427 symbols are resolved and a subset of tapset script files is selected.
1428
1429 Next, all probe point descriptions are validated against the wide vari‐
1430 ety supported by the translator. Probe points that refer to code loca‐
1431 tions ("synchronous probe points") require the appropriate kernel de‐
1432 bugging information to be installed. In the associated probe handlers,
1433 target-side variables (whose names begin with "$") are found and have
1434 their run-time locations decoded.
1435
1436 Next, all probes and functions are analyzed for optimization opportuni‐
1437 ties, in order to remove variables, expressions, and functions that
1438 have no useful value and no side-effect. Embedded-C functions are as‐
1439 sumed to have side-effects unless they include the magic string
1440 /* pure */. Since this optimization can hide latent code errors such
1441 as type mismatches or invalid $context variables, it sometimes may be
1442 useful to disable the optimizations with the -u option.
1443
1444 Finally, all variable, function, parameter, array, and index types are
1445 inferred from context (literals and operators). Stopping the transla‐
1446 tor after pass 2 causes it to list all the probes, functions, and vari‐
1447 ables, along with all inferred types. Any inconsistent or unresolved
1448 types cause an error.
1449
1450
1451 In pass 3, the translator writes C code that represents the actions of
1452 all selected script files, and creates a Makefile to build that into a
1453 kernel object. These files are placed into a temporary directory.
1454 Stopping the translator at this point causes it to print the contents
1455 of the C file.
1456
1457
1458 In pass 4, the translator invokes the Linux kernel build system to cre‐
1459 ate the actual kernel object file. This involves running make in the
1460 temporary directory, and requires a kernel module build system (head‐
1461 ers, config and Makefiles) to be installed in the usual spot /lib/mod‐
1462 ules/VERSION/build. Stopping the translator after pass 4 is the last
1463 chance before running the kernel object. This may be useful if you
1464 want to archive the file.
1465
1466
1467 In pass 5, the translator invokes the systemtap auxiliary program
1468 staprun program for the given kernel object. This program arranges to
1469 load the module then communicates with it, copying trace data from the
1470 kernel into temporary files, until the user sends an interrupt signal.
1471 Any run-time error encountered by the probe handlers, such as running
1472 out of memory, division by zero, exceeding nesting or runtime limits,
1473 results in a soft error indication. Soft errors in excess of MAXERRORS
1474 block of all subsequent probes (except error-handling probes), and ter‐
1475 minate the session. Finally, staprun unloads the module, and cleans
1476 up.
1477
1478
1479 ABNORMAL TERMINATION
1480 One should avoid killing the stap process forcibly, for example with
1481 SIGKILL, because the stapio process (a child process of the stap
1482 process) and the loaded module may be left running on the system. If
1483 this happens, send SIGTERM or SIGINT to any remaining stapio processes,
1484 then use rmmod to unload the systemtap module.
1485
1486
1487
1489 See the stapex(3stap) manual page for a brief collection of samples, or
1490 a large set of installed samples under the systemtap documenta‐
1491 tion/testsuite directories. See stappaths(7stap) for the likely loca‐
1492 tion of these on the system.
1493
1494
1496 The systemtap translator caches the pass 3 output (the generated C
1497 code) and the pass 4 output (the compiled kernel module) if pass 4 com‐
1498 pletes successfully. This cached output is reused if the same script
1499 is translated again assuming the same conditions exist (same kernel
1500 version, same systemtap version, etc.). Cached files are stored in the
1501 $SYSTEMTAP_DIR/cache directory. The cache can be limited by having the
1502 file cache_mb_limit placed in the cache directory (shown above) con‐
1503 taining only an ASCII integer representing how many MiB the cache
1504 should not exceed. In the absence of this file, a default will be cre‐
1505 ated with the limit set to 256MiB. This is a 'soft' limit in that the
1506 cache will be cleaned after a new entry is added if the cache clean in‐
1507 terval is exceeded, so the total cache size may temporarily exceed this
1508 limit. This interval can be specified by having the file
1509 cache_clean_interval_s placed in the cache directory (shown above) con‐
1510 taining only an ASCII integer representing the interval in seconds. In
1511 the absence of this file, a default will be created with the interval
1512 set to 300 s.
1513
1514
1516 Systemtap is may be used as a powerful administrative tool. It can ex‐
1517 pose kernel internal data structures and potentially private user in‐
1518 formation. (In dyninst runtime mode, this is not the case, see the AL‐
1519 TERNATE RUNTIMES section below.)
1520
1521 The translator asserts many safety constraints during compilation and
1522 more during run-time. It aims to ensure that no handler routine can
1523 run for very long, allocate boundless memory, perform unsafe opera‐
1524 tions, or in unintentionally interfere with the system. Uses of script
1525 global variables are automatically read/write locked as appropriate, to
1526 protect against manipulation by concurrent probe handlers. (Deadlocks
1527 are detected with timeouts. Use the -t flag to receive reports of ex‐
1528 cessive lock contention.) Experimenting with scripts is therefore gen‐
1529 erally safe. The guru-mode -g option allows administrators to bypass
1530 most safety measures, which permits invasive or state-changing opera‐
1531 tions, embedded-C code, and increases the risk of upset. By default,
1532 overload prevention is turned on for all modules. If you would like to
1533 disable overload processing, use the --suppress-time-limits option.
1534
1535 Errors that are caught at run time normally result in a clean script
1536 shutdown and a pass-5 error message. The --suppress-handler-errors op‐
1537 tion lets scripts tolerate soft errors without shutting down.
1538
1539
1540
1541 PERMISSIONS
1542 For the normal linux-kernel-module runtime, to run the kernel objects
1543 systemtap builds, a user must be one of the following:
1544
1545 · the root user;
1546
1547 · a member of the stapdev and stapusr groups;
1548
1549 · a member of the stapsys and stapusr groups; or
1550
1551 · a member of the stapusr group.
1552
1553 The root user or a user who is a member of both the stapdev and stapusr
1554 groups can build and run any systemtap script.
1555
1556 A user who is a member of both the stapsys and stapusr groups can only
1557 use pre-built modules under the following conditions:
1558
1559 · The module has been signed by a trusted signer. Trusted signers are
1560 normally systemtap compile-servers which sign modules when the
1561 --privilege option is specified by the client. See the stap-serv‐
1562 er(8) manual page for more information.
1563
1564 · The module was built using the --privilege=stapsys or the --privi‐
1565 lege=stapusr options.
1566
1567 Members of only the stapusr group can only use pre-built modules under
1568 the following conditions:
1569
1570 · The module is located in the /lib/modules/VERSION/systemtap direc‐
1571 tory. This directory must be owned by root and not be world
1572 writable.
1573
1574 or
1575
1576 · The module has been signed by a trusted signer. Trusted signers are
1577 normally systemtap compile-servers which sign modules when the
1578 --privilege option is specified by the client. See the stap-serv‐
1579 er(8) manual page for more information.
1580
1581 · The module was built using the --privilege=stapusr option.
1582
1583 The kernel modules generated by stap program are run by the staprun
1584 program. The latter is a part of the Systemtap package, dedicated to
1585 module loading and unloading (but only in the white zone), and kernel-
1586 to-user data transfer. Since staprun does not perform any additional
1587 security checks on the kernel objects it is given, it would be unwise
1588 for a system administrator to add untrusted users to the stapdev or
1589 stapusr groups.
1590
1591
1592 SECUREBOOT
1593 If the current system has SecureBoot turned on in the UEFI firmware,
1594 all kernel modules must be signed. (Some kernels may allow disabling
1595 SecureBoot long after booting with a key sequence such as SysRq-X, mak‐
1596 ing it unnecessary to sign modules.) The systemtap compile server can
1597 sign modules with a MOK (Machine Owner Key) that it has in common with
1598 a client system. See the following wiki page for more details:
1599
1600 https://sourceware.org/systemtap/wiki/SecureBoot
1601
1602
1603 RESOURCE LIMITS
1604 Many resource use limits are set by macros in the generated C code.
1605 These may be overridden with -D flags. A selection of these is as fol‐
1606 lows:
1607
1608 MAXNESTING
1609 Maximum number of nested function calls. Default determined by
1610 script analysis, with a bonus 10 slots added for recursive
1611 scripts.
1612
1613 MAXSTRINGLEN
1614 Maximum length of strings, default 128.
1615
1616 MAXTRYLOCK
1617 Maximum number of iterations to wait for locks on global vari‐
1618 ables before declaring possible deadlock and skipping the probe,
1619 default 1000.
1620
1621 MAXACTION
1622 Maximum number of statements to execute during any single probe
1623 hit (with interrupts disabled), default 1000. Note that for
1624 straight-through probe handlers lacking loops or recursion, due
1625 to optimization, this parameter may be interpreted too conserva‐
1626 tively.
1627
1628 MAXACTION_INTERRUPTIBLE
1629 Maximum number of statements to execute during any single probe
1630 hit which is executed with interrupts enabled (such as begin/end
1631 probes), default (MAXACTION * 10).
1632
1633 MAXBACKTRACE
1634 Maximum number of stack frames that will be be processed by the
1635 stap runtime unwinder as produced by the backtrace functions in
1636 the [u]context-unwind.stp tapsets, default 20.
1637
1638 MAXMAPENTRIES
1639 Default maximum number of rows in any single global array, de‐
1640 fault 2048. Individual arrays may be declared with a larger or
1641 smaller limit instead:
1642
1643 global big[10000],little[5]
1644
1645 or denoted with % to make them wrap-around automatically.
1646
1647 MAXERRORS
1648 Maximum number of soft errors before an exit is triggered, de‐
1649 fault 0, which means that the first error will exit the script.
1650 Note that with the --suppress-handler-errors option, this limit
1651 is not enforced.
1652
1653 MAXSKIPPED
1654 Maximum number of skipped probes before an exit is triggered,
1655 default 100. Running systemtap with -t (timing) mode gives more
1656 details about skipped probes. With the default -DINTERRUPT‐
1657 IBLE=1 setting, probes skipped due to reentrancy are not accumu‐
1658 lated against this limit. Note that with the --suppress-han‐
1659 dler-errors option, this limit is not enforced.
1660
1661 MINSTACKSPACE
1662 Minimum number of free kernel stack bytes required in order to
1663 run a probe handler, default 1024. This number should be large
1664 enough for the probe handler's own needs, plus a safety margin.
1665
1666 MAXUPROBES
1667 Maximum number of concurrently armed user-space probes (up‐
1668 robes), default somewhat larger than the number of user-space
1669 probe points named in the script. This pool needs to be poten‐
1670 tially large because individual uprobe objects (about 64 bytes
1671 each) are allocated for each process for each matching script-
1672 level probe.
1673
1674 STP_MAXMEMORY
1675 Maximum amount of memory (in kilobytes) that the systemtap mod‐
1676 ule should use, default unlimited. The memory size includes the
1677 size of the module itself, plus any additional allocations.
1678 This only tracks direct allocations by the systemtap runtime.
1679 This does not track indirect allocations (as done by kprobes/up‐
1680 robes/etc. internals).
1681
1682 STP_OVEROAD_THRESHOLD, STP_OVERLOAD_INTERVAL
1683 Maximum number of machine cycles spent in probes on any cpu per
1684 given interval, before an overload condition is declared and the
1685 script shut down. The defaults are 500 million and 1 billion,
1686 so as to limit stap script cpu consumption at around 50%.
1687
1688 STP_PROCFS_BUFSIZE
1689 Size of procfs probe read buffers (in bytes). Defaults to
1690 MAXSTRINGLEN. This value can be overridden on a per-procfs file
1691 basis using the procfs read probe .maxsize(MAXSIZE) parameter.
1692
1693 With scripts that contain probes on any interrupt path, it is possible
1694 that those interrupts may occur in the middle of another probe handler.
1695 The probe in the interrupt handler would be skipped in this case to
1696 avoid reentrance. To work around this issue, execute stap with the op‐
1697 tion -DINTERRUPTIBLE=0 to mask interrupts throughout the probe handler.
1698 This does add some extra overhead to the probes, but it may prevent
1699 reentrance for common problem cases. However, probes in NMI handlers
1700 and in the callpath of the stap runtime may still be skipped due to
1701 reentrance.
1702
1703
1704 Multiple scripts can write data into a relay buffer concurrently. A
1705 host script provides an interface for accessing its relay buffer to
1706 guest scripts. Then, the output of the guests are merged into the out‐
1707 put of the host. To run a script as a host, execute stap with -DRELAY‐
1708 HOST[=name] option. The name identifies your host script among several
1709 hosts. While running the host, execute stap with -DRELAYGUEST[=name]
1710 to add a guest script to the host. Note that you must unload guests
1711 before unloading a host. If there are some guests connected to the
1712 host, unloading the host will be failed.
1713
1714
1715 In case something goes wrong with stap or staprun after a probe has al‐
1716 ready started running, one may safely kill both user processes, and re‐
1717 move the active probe kernel module with rmmod. Any pending trace mes‐
1718 sages may be lost.
1719
1720
1722 Systemtap exposes kernel internal data structures and potentially pri‐
1723 vate user information. Because of this, use of systemtap's full capa‐
1724 bilities are restricted to root and to users who are members of the
1725 groups stapdev and stapusr.
1726
1727 However, a restricted set of systemtap's features can be made available
1728 to trusted, unprivileged users. These users are members of the group
1729 stapusr only, or members of the groups stapusr and stapsys. These
1730 users can load systemtap modules which have been compiled and certified
1731 by a trusted systemtap compile-server. See the descriptions of the op‐
1732 tions --privilege and --use-server. See README.unprivileged in the sys‐
1733 temtap source code for information about setting up a trusted compile
1734 server.
1735
1736 The restrictions enforced when --privilege=stapsys is specified are de‐
1737 signed to prevent unprivileged users from:
1738
1739 · harming the system maliciously.
1740
1741 The restrictions enforced when --privilege=stapusr is specified are de‐
1742 signed to prevent unprivileged users from:
1743
1744 · harming the system maliciously.
1745
1746 · gaining access to information which would not normally be
1747 available to an unprivileged user.
1748
1749 · disrupting the performance of processes owned by other users
1750 of the system. Some overhead to the system in general is
1751 unavoidable since the unprivileged user's probes will be
1752 triggered at the appropriate times. What we would like to
1753 avoid is targeted interruption of another user's processes
1754 which would not normally be possible by an unprivileged us‐
1755 er.
1756
1757
1758 PROBE RESTRICTIONS
1759 A member of the groups stapusr and stapsys may use all probe points.
1760
1761 A member of only the group stapusr may use only the following probes:
1762
1763 · begin, begin(n)
1764
1765 · end, end(n)
1766
1767 · error(n)
1768
1769 · never
1770
1771 · process.*, where the target process is owned by the user.
1772
1773 · timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*
1774
1775 · timer.hz(n)
1776
1777
1778 SCRIPT LANGUAGE RESTRICTIONS
1779 The following scripting language features are unavailable to all un‐
1780 privileged users:
1781
1782
1783 · any feature enabled by the Guru Mode (-g) option.
1784
1785 · embedded C code.
1786
1787
1788 RUNTIME RESTRICTIONS
1789 The following runtime restrictions are placed upon all unprivileged
1790 users:
1791
1792 · Only the default runtime code (see -R) may be used.
1793
1794 Additional restrictions are placed on members of only the group sta‐
1795 pusr:
1796
1797 · Probing of processes owned by other users is not permitted.
1798
1799 · Access of kernel memory (read and write) is not permitted.
1800
1801
1802 COMMAND LINE OPTION RESTRICTIONS
1803 Some command line options provide access to features which must not be
1804 available to all unprivileged users:
1805
1806
1807 · -g may not be specified.
1808
1809 · The following options may not be used by the compile-server
1810 client:
1811
1812 -a, -B, -D, -I, -r, -R
1813
1814
1815
1816 ENVIRONMENT RESTRICTIONS
1817 The following environment variables must not be set for all unprivi‐
1818 leged users:
1819
1820 SYSTEMTAP_RUNTIME
1821 SYSTEMTAP_TAPSET
1822 SYSTEMTAP_DEBUGINFO_PATH
1823
1824
1825
1826 TAPSET RESTRICTIONS
1827 In general, tapset functions are only available for members of the
1828 group stapusr when they do not gather information that an ordinary pro‐
1829 gram running with that user's privileges would be denied access to.
1830
1831 There are two categories of unprivileged tapset functions. The first
1832 category consists of utility functions that are unconditionally avail‐
1833 able to all users; these include such things as:
1834
1835 cpu:long ()
1836 exit ()
1837 str_replace:string (prnt_str:string, srch_str:string, rplc_str:string)
1838
1839
1840 The second category consists of so-called myproc-unprivileged functions
1841 that can only gather information within their own processes. Scripts
1842 that wish to use these functions must test the result of the tapset
1843 function is_myproc and only call these functions if the result is 1.
1844 The script will exit immediately if any of these functions are called
1845 by an unprivileged user within a probe within a process which is not
1846 owned by that user. Examples of myproc-unprivileged functions include:
1847
1848 print_usyms (stk:string)
1849 user_int:long (addr:long)
1850 usymname:string (addr:long)
1851
1852
1853 A compile error is triggered when any function not in either of the
1854 above categories is used by members of only the group stapusr.
1855
1856 No other built-in tapset functions may be used by members of only the
1857 group stapusr.
1858
1859
1861 As described above, systemtap's default runtime mode involves building
1862 and loading kernel modules, with various security tradeoffs presented.
1863 Systemtap now includes a new prototype backend, selected with --run‐
1864 time=dyninst, which uses Dyninst to instrument a user's own processes
1865 at runtime. This backend does not use kernel modules, and does not re‐
1866 quire root privileges, but is restricted with respect to the kinds of
1867 probes and other constructs that a script may use.
1868
1869 The dyninst runtime operates in target-attach mode, so it does require
1870 a -c COMMAND or -x PID process. For example:
1871
1872 stap --runtime=dyninst -c 'stap -V' \
1873 -e 'probe process.function("main")
1874 { println("hi from dyninst!") }'
1875
1876
1877 It may be necessary to disable a conflicting selinux check with
1878
1879 # setsebool allow_execstack 1
1880
1881
1882
1884 The systemtap translator generally returns with a success code of 0 if
1885 the requested script was processed and executed successfully through
1886 the requested pass. Otherwise, errors may be printed to stderr and a
1887 failure code is returned. Use -v or -vp N to increase (global or per-
1888 pass) verbosity to identify the source of the trouble.
1889
1890 In listings mode (-l and -L), error messages are normally suppressed.
1891 A success code of 0 is returned if at least one matching probe was
1892 found.
1893
1894 A script executing in pass 5 that is interrupted with ^C / SIGINT is
1895 considered to be successful.
1896
1897
1899 Over time, some features of the script language and the tapset library
1900 may undergo incompatible changes, so that a script written against an
1901 old version of systemtap may no longer run. In these cases, it may
1902 help to run systemtap with the --compatible VERSION flag, specifying
1903 the last known working version. Running systemtap with the
1904 --check-version flag will output a warning if any possible incompatible
1905 elements have been parsed. Deprecation historical details may be found
1906 in the NEWS file.
1907
1908
1910 Important files and their corresponding paths can be located in the
1911 stappaths (7) manual page.
1912
1913
1915 stapprobes(3stap),
1916 function::*[24m(3stap),
1917 probe::*[24m(3stap),
1918 tapset::*[24m(3stap),
1919 stappaths(7),
1920 staprun(8),
1921 stapdyn(8),
1922 systemtap(8),
1923 stapvars(3stap),
1924 stapex(3stap),
1925 stap-server(8),
1926 stap-prep(1),
1927 stapref(1),
1928 awk(1),
1929 gdb(1)
1930
1931
1933 Use the Bugzilla link of the project web page or our mailing list.
1934 http://sourceware.org/systemtap/, <systemtap@sourceware.org>.
1935
1936 error::reporting(7stap),
1937 https://sourceware.org/systemtap/wiki/HowToReportBugs
1938
1939
1940
1941 STAP(1)