The DTrace facility consists of the following components:
User level consumer programs such as dtrace
Providers, packaged as kernel modules, that provide probes to gather tracing data
A library interface that consumer programs use to access the DTrace facility through thekernel driver
A provider represents a methodology for instrumenting the system. Providers make probes available to the DTrace framework. DTrace sends information to a provider regarding when to enable a probe. When an enabled probe fires, the provider transfers control to DTrace.
Providers are packaged as a set of kernel modules. Each module performs a particular kind of instrumentation to create probes. When you use DTrace, each provider has the ability to publish the probes it can provide to the DTrace framework. You can enable and bind tracing actions to any of the published probes.
Some providers have the capability to create new probes based on the user's tracing requests.
A probe has the following attributes:
It is made available by a provider
It identifies the module and the function that it instruments
It has a name
These four attributes define a 4–tuple that serves as a unique identifier for each probe, in the format provider:module:function:name. Each probe also has a unique integer identifier.
Predicates are expressions that are enclosed in slashes
/. Predicates are evaluated at probe firing time to determine whether
the associated actions should be executed. Predicates are the primary conditional
construct used for building more complex control flow in a D program. You
can omit the predicate section of the probe clause entirely for any probe.
If the predicate section is omitted, the actions are always executed when
the probe fires.
Predicate expressions can use any of the previously described D operators. Predicate expressions refer to D data objects such as variables and constants. The predicate expression must evaluate to a value of integer or pointer type. As with all D expressions, a zero value is interpreted as false and any non-zero value is interpreted as true.
Actions are user-programmable statements that the DTrace virtual machine executes within the kernel. Actions have the following properties:
Actions are taken when a probe fires
Actions are completely programmable in the D scripting language
Most actions record a specified system state
An action can change the state of the system in a precisely described way. Such actions are called destructive actions. Destructive actions are not allowed by default.
Many actions use expressions in the D scripting language
You can invoke the DTrace framework directly from the command line with
the dtrace command for simple functions. To use DTrace
to perform more complex functions, write a script in the D scripting language.
-s option to load a specified script for DTrace
to use. See for information about using the D scripting language.