summaryrefslogtreecommitdiff
path: root/tools/perf/Documentation/perf-probe.txt
blob: 5c43a6edc0e5b7c41bfbeeec400f629a007bfcc2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
perf-probe(1)
=============

NAME
----
perf-probe - Define new dynamic tracepoints

SYNOPSIS
--------
[verse]
'perf probe' [options] --add='PROBE' [...]
or
'perf probe' [options] PROBE
or
'perf probe' [options] --del='[GROUP:]EVENT' [...]
or
'perf probe' --list[=[GROUP:]EVENT]
or
'perf probe' [options] --line='LINE'
or
'perf probe' [options] --vars='PROBEPOINT'
or
'perf probe' [options] --funcs
or
'perf probe' [options] --definition='PROBE' [...]

DESCRIPTION
-----------
This command defines dynamic tracepoint events, by symbol and registers
without debuginfo, or by C expressions (C line numbers, C function names,
and C local variables) with debuginfo.


OPTIONS
-------
-k::
--vmlinux=PATH::
	Specify vmlinux path which has debuginfo (Dwarf binary).
	Only when using this with --definition, you can give an offline
	vmlinux file.

-m::
--module=MODNAME|PATH::
	Specify module name in which perf-probe searches probe points
	or lines. If a path of module file is passed, perf-probe
	treat it as an offline module (this means you can add a probe on
        a module which has not been loaded yet).

-s::
--source=PATH::
	Specify path to kernel source.

-v::
--verbose::
        Be more verbose (show parsed arguments, etc).
	Can not use with -q.

-q::
--quiet::
	Do not show any warnings or messages.
	Can not use with -v.

-a::
--add=::
	Define a probe event (see PROBE SYNTAX for detail).

-d::
--del=::
	Delete probe events. This accepts glob wildcards('*', '?') and character
	classes(e.g. [a-z], [!A-Z]).

-l::
--list[=[GROUP:]EVENT]::
	List up current probe events. This can also accept filtering patterns of
	event names.
	When this is used with --cache, perf shows all cached probes instead of
	the live probes.

-L::
--line=::
	Show source code lines which can be probed. This needs an argument
	which specifies a range of the source code. (see LINE SYNTAX for detail)

-V::
--vars=::
	Show available local variables at given probe point. The argument
	syntax is same as PROBE SYNTAX, but NO ARGs.

--externs::
	(Only for --vars) Show external defined variables in addition to local
	variables.

--no-inlines::
	(Only for --add) Search only for non-inlined functions. The functions
	which do not have instances are ignored.

-F::
--funcs[=FILTER]::
	Show available functions in given module or kernel. With -x/--exec,
	can also list functions in a user space executable / shared library.
	This also can accept a FILTER rule argument.

-D::
--definition=::
	Show trace-event definition converted from given probe-event instead
	of write it into tracing/[k,u]probe_events.

--filter=FILTER::
	(Only for --vars and --funcs) Set filter. FILTER is a combination of glob
	pattern, see FILTER PATTERN for detail.
	Default FILTER is "!__k???tab_* & !__crc_*" for --vars, and "!_*"
	for --funcs.
	If several filters are specified, only the last filter is used.

-f::
--force::
	Forcibly add events with existing name.

-n::
--dry-run::
	Dry run. With this option, --add and --del doesn't execute actual
	adding and removal operations.

--cache::
	(With --add) Cache the probes. Any events which successfully added
	are also stored in the cache file.
	(With --list) Show cached probes.
	(With --del) Remove cached probes.

--max-probes=NUM::
	Set the maximum number of probe points for an event. Default is 128.

--target-ns=PID:
	Obtain mount namespace information from the target pid.  This is
	used when creating a uprobe for a process that resides in a
	different mount namespace from the perf(1) utility.

-x::
--exec=PATH::
	Specify path to the executable or shared library file for user
	space tracing. Can also be used with --funcs option.

--demangle::
	Demangle application symbols. --no-demangle is also available
	for disabling demangling.

--demangle-kernel::
	Demangle kernel symbols. --no-demangle-kernel is also available
	for disabling kernel demangling.

In absence of -m/-x options, perf probe checks if the first argument after
the options is an absolute path name. If its an absolute path, perf probe
uses it as a target module/target user space binary to probe.

PROBE SYNTAX
------------
Probe points are defined by following syntax.

    1) Define event based on function name
     [[GROUP:]EVENT=]FUNC[@SRC][:RLN|+OFFS|%return|;PTN] [ARG ...]

    2) Define event based on source file with line number
     [[GROUP:]EVENT=]SRC:ALN [ARG ...]

    3) Define event based on source file with lazy pattern
     [[GROUP:]EVENT=]SRC;PTN [ARG ...]

    4) Pre-defined SDT events or cached event with name
     %[sdt_PROVIDER:]SDTEVENT
     or,
     sdt_PROVIDER:SDTEVENT

'EVENT' specifies the name of new event, if omitted, it will be set the name of the probed function, and for return probes, a "\_\_return" suffix is automatically added to the function name. You can also specify a group name by 'GROUP', if omitted, set 'probe' is used for kprobe and 'probe_<bin>' is used for uprobe.
Note that using existing group name can conflict with other events. Especially, using the group name reserved for kernel modules can hide embedded events in the
modules.
'FUNC' specifies a probed function name, and it may have one of the following options; '+OFFS' is the offset from function entry address in bytes, ':RLN' is the relative-line number from function entry line, and '%return' means that it probes function return. And ';PTN' means lazy matching pattern (see LAZY MATCHING). Note that ';PTN' must be the end of the probe point definition.  In addition, '@SRC' specifies a source file which has that function.
It is also possible to specify a probe point by the source line number or lazy matching by using 'SRC:ALN' or 'SRC;PTN' syntax, where 'SRC' is the source file path, ':ALN' is the line number and ';PTN' is the lazy matching pattern.
'ARG' specifies the arguments of this probe point, (see PROBE ARGUMENT).
'SDTEVENT' and 'PROVIDER' is the pre-defined event name which is defined by user SDT (Statically Defined Tracing) or the pre-cached probes with event name.
Note that before using the SDT event, the target binary (on which SDT events are defined) must be scanned by linkperf:perf-buildid-cache[1] to make SDT events as cached events.

For details of the SDT, see below.
https://sourceware.org/gdb/onlinedocs/gdb/Static-Probe-Points.html

ESCAPED CHARACTER
-----------------

In the probe syntax, '=', '@', '+', ':' and ';' are treated as a special character. You can use a backslash ('\') to escape the special characters.
This is useful if you need to probe on a specific versioned symbols, like @GLIBC_... suffixes, or also you need to specify a source file which includes the special characters.
Note that usually single backslash is consumed by shell, so you might need to pass double backslash (\\) or wrapping with single quotes (\'AAA\@BBB').
See EXAMPLES how it is used.

PROBE ARGUMENT
--------------
Each probe argument follows below syntax.

 [NAME=]LOCALVAR|$retval|%REG|@SYMBOL[:TYPE][@user]

'NAME' specifies the name of this argument (optional). You can use the name of local variable, local data structure member (e.g. var->field, var.field2), local array with fixed index (e.g. array[1], var->array[0], var->pointer[2]), or kprobe-tracer argument format (e.g. $retval, %ax, etc). Note that the name of this argument will be set as the last member name if you specify a local data structure member (e.g. field2 for 'var->field1.field2'.)
'$vars' and '$params' special arguments are also available for NAME, '$vars' is expanded to the local variables (including function parameters) which can access at given probe point. '$params' is expanded to only the function parameters.
'TYPE' casts the type of this argument (optional). If omitted, perf probe automatically set the type based on debuginfo (*). Currently, basic types (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal integers (x/x8/x16/x32/x64), signedness casting (u/s), "string" and bitfield are supported. (see TYPES for detail)
On x86 systems %REG is always the short form of the register: for example %AX. %RAX or %EAX is not valid.
"@user" is a special attribute which means the LOCALVAR will be treated as a user-space memory. This is only valid for kprobe event.

TYPES
-----
Basic types (u8/u16/u32/u64/s8/s16/s32/s64) and hexadecimal integers (x8/x16/x32/x64) are integer types. Prefix 's' and 'u' means those types are signed and unsigned respectively, and 'x' means that is shown in hexadecimal format. Traced arguments are shown in decimal (sNN/uNN) or hex (xNN). You can also use 's' or 'u' to specify only signedness and leave its size auto-detected by perf probe. Moreover, you can use 'x' to explicitly specify to be shown in hexadecimal (the size is also auto-detected).
String type is a special type, which fetches a "null-terminated" string from kernel space. This means it will fail and store NULL if the string container has been paged out. You can specify 'string' type only for the local variable or structure member which is an array of or a pointer to 'char' or 'unsigned char' type.
Bitfield is another special type, which takes 3 parameters, bit-width, bit-offset, and container-size (usually 32). The syntax is;

 b<bit-width>@<bit-offset>/<container-size>

LINE SYNTAX
-----------
Line range is described by following syntax.

 "FUNC[@SRC][:RLN[+NUM|-RLN2]]|SRC[:ALN[+NUM|-ALN2]]"

FUNC specifies the function name of showing lines. 'RLN' is the start line
number from function entry line, and 'RLN2' is the end line number. As same as
probe syntax, 'SRC' means the source file path, 'ALN' is start line number,
and 'ALN2' is end line number in the file. It is also possible to specify how
many lines to show by using 'NUM'. Moreover, 'FUNC@SRC' combination is good
for searching a specific function when several functions share same name.
So, "source.c:100-120" shows lines between 100th to 120th in source.c file. And "func:10+20" shows 20 lines from 10th line of func function.

LAZY MATCHING
-------------
The lazy line matching is similar to glob matching but ignoring spaces in both of pattern and target. So this accepts wildcards('*', '?') and character classes(e.g. [a-z], [!A-Z]).

e.g.
 'a=*' can matches 'a=b', 'a = b', 'a == b' and so on.

This provides some sort of flexibility and robustness to probe point definitions against minor code changes. For example, actual 10th line of schedule() can be moved easily by modifying schedule(), but the same line matching 'rq=cpu_rq*' may still exist in the function.)

FILTER PATTERN
--------------
The filter pattern is a glob matching pattern(s) to filter variables.
In addition, you can use "!" for specifying filter-out rule. You also can give several rules combined with "&" or "|", and fold those rules as one rule by using "(" ")".

e.g.
 With --filter "foo* | bar*", perf probe -V shows variables which start with "foo" or "bar".
 With --filter "!foo* & *bar", perf probe -V shows variables which don't start with "foo" and end with "bar", like "fizzbar". But "foobar" is filtered out.

EXAMPLES
--------
Display which lines in schedule() can be probed:

 ./perf probe --line schedule

Add a probe on schedule() function 12th line with recording cpu local variable:

 ./perf probe schedule:12 cpu
 or
 ./perf probe --add='schedule:12 cpu'

Add one or more probes which has the name start with "schedule".

 ./perf probe schedule*
 or
 ./perf probe --add='schedule*'

Add probes on lines in schedule() function which calls update_rq_clock().

 ./perf probe 'schedule;update_rq_clock*'
 or
 ./perf probe --add='schedule;update_rq_clock*'

Delete all probes on schedule().

 ./perf probe --del='schedule*'

Add probes at zfree() function on /bin/zsh

 ./perf probe -x /bin/zsh zfree or ./perf probe /bin/zsh zfree

Add probes at malloc() function on libc

 ./perf probe -x /lib/libc.so.6 malloc or ./perf probe /lib/libc.so.6 malloc

Add a uprobe to a target process running in a different mount namespace

 ./perf probe --target-ns <target pid> -x /lib64/libc.so.6 malloc

Add a USDT probe to a target process running in a different mount namespace

 ./perf probe --target-ns <target pid> -x /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/jre/lib/amd64/server/libjvm.so %sdt_hotspot:thread__sleep__end

Add a probe on specific versioned symbol by backslash escape

 ./perf probe -x /lib64/libc-2.25.so 'malloc_get_state\@GLIBC_2.2.5'

Add a probe in a source file using special characters by backslash escape

 ./perf probe -x /opt/test/a.out 'foo\+bar.c:4'


PERMISSIONS AND SYSCTL
----------------------
Since perf probe depends on ftrace (tracefs) and kallsyms (/proc/kallsyms), you have to care about the permission and some sysctl knobs.

 - Since tracefs and kallsyms requires root or privileged user to access it, the following perf probe commands also require it; --add, --del, --list (except for --cache option)

 - The system admin can remount the tracefs with 755 (`sudo mount -o remount,mode=755 /sys/kernel/tracing/`) to allow unprivileged user to run the perf probe --list command.

 - /proc/sys/kernel/kptr_restrict = 2 (restrict all users) also prevents perf probe to retrieve the important information from kallsyms. You also need to set to 1 (restrict non CAP_SYSLOG users) for the above commands. Since the user-space probe doesn't need to access kallsyms, this is only for probing the kernel function (kprobes).

 - Since the perf probe commands read the vmlinux (for kernel) and/or the debuginfo file (including user-space application), you need to ensure that you can read those files.


SEE ALSO
--------
linkperf:perf-trace[1], linkperf:perf-record[1], linkperf:perf-buildid-cache[1]