Debugging Linux Kernel using SystemTap Part1 - What, Purpose, Installation, Working, Hello World

What is SystemTap?

SystemTap is command line utility which allows kernel developers to investigate the behavior of the kernel and user-space applications.

In order to debug or analyze kernel space, developers need to modify, compile, install and reboot. With SystemTap, you can debug the kernel without the need to rebuild and install.

What is the purpose of SystemTap?

SystemTap provides a powerful way for understanding what logic is happening and what variables and memory locations are changing. Used when there is no interactive debugger.

Main purpose of SystemTap is to trace events. Examples of events:

  • Function Entering and Exiting
  • Timer Expiring
  • Network Packet Reception
Whenever any registered events occur, SystemTap calls the user handler, which can collect and display
  • Function Parameters
  • Values of Variables
  • Contents of Memory Locations
  • etc
Installation of SystemTap:

It's better we install SystemTap from source code, as I faced a lot of issues when I issued apt-get to install systemtap.

Steps for installing SystemTap from Source Code:

1.  wget https://sourceware.org/systemtap/ftp/releases/systemtap-4.0.tar.gz
2.  tar xzvf systemtap-4.0.tar.gz
3.  cd systemtap-4.0/ &&          ./configure &&          make all;
4. sudo make install

When you install, you will get stap and staprun utility

How Stap Works?

Stap internally uses KProbes and loadable modules to dynamically add probe points and newly generated code to the running kernel.

When you run stap <script.stp>

1. Translates the .stp file into Kernel Module (C code)
2. Compiles C Code to module (.ko file)
3. Loads the module into the kernel
4. Module runs, reporting events of interest as specified by the script.
5. Information is collected and stap reports it to stdout
6. Session ends and the module is unloaded when you send CTRL-C or the module decides it is done


Hello World Stap Script


probe begin
{
    print("hello world\n")
    exit()
}

Save this file as helloworld.stp. To run : stap helloworld.stp


probe begin -> Start of the system tap session
print("hello world\n") -> prints hello world
exit() -> Exits 




Comments

Popular posts from this blog

bb.utils.contains yocto

Difference between RDEPENDS and DEPENDS in Yocto

make config vs oldconfig vs defconfig vs menuconfig vs savedefconfig