tags:

views:

46

answers:

2

DTrace is impressive, powerful tracing system originally from Solaris, but it is ported to FreeBSD and Mac OSX.

DTrace uses a high-level language called D not unlike AWK or C. Here is an example:

io:::start
/pid == $1/
{
    printf("file %s offset %d size %d block %llu\n", args[2]->fi_pathname, 
        args[2]->fi_offset, args[0]->b_bcount, args[0]->b_blkno);
}

Using the command line sudo dtrace -q -s <name>.d <pid> all IOs originated from that process are logged.

My question is if and how it is possible to call custom C functions from a DTrace script to do advanced operations with that tracing data during the tracing itself.

+2  A: 

DTrace explicity prevents you from doing anything like this for the same reason that you cannot write a loop in D: if you screw it up in any way, shape, or form, you crash the entire system. When a D probe fires, you are in KERNEL mode, not userland. Let me quote from the "Linux Kernel Module Programming Guide:"

So, you want to write a kernel module. You know C, you've written a number of normal programs to run as processes, and now you want to get to where the real action is, to where a single wild pointer can wipe out your file system and a core dump means a reboot.

That's why you don't want to be playing cowboy in a D probe and why D's restrictions are good for you. =]

A: 

you should be able to atleast filter the output of dtrace after each probe fires with pipes.

sudo dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' | perl myscript.pl

myscript.pl:

#!/usr/bin/perl
while (<>){
print $_;
print "another application launched, do something!";
}

Naveen