Architecture overview

The DTrace facility consists of the following components:

DTrace Providers

A provider represents a methodology for instrumenting the system. Providers make probes available to the DTrace framework. DTrace sends information to a provider regarding when to enable a probe. When an enabled probe fires, the provider transfers control to DTrace.

Providers are packaged as a set of kernel modules. Each module performs a particular kind of instrumentation to create probes. When you use DTrace, each provider has the ability to publish the probes it can provide to the DTrace framework. You can enable and bind tracing actions to any of the published probes.

Some providers have the capability to create new probes based on the user's tracing requests.

DTrace Probes

A probe has the following attributes:

  • It is made available by a provider

  • It identifies the module and the function that it instruments

  • It has a name

These four attributes define a 4–tuple that serves as a unique identifier for each probe, in the format provider:module:function:name. Each probe also has a unique integer identifier.

DTrace Predicates

Predicates are expressions that are enclosed in slashes / /. Predicates are evaluated at probe firing time to determine whether the associated actions should be executed. Predicates are the primary conditional construct used for building more complex control flow in a D program. You can omit the predicate section of the probe clause entirely for any probe. If the predicate section is omitted, the actions are always executed when the probe fires.

Predicate expressions can use any of the previously described D operators. Predicate expressions refer to D data objects such as variables and constants. The predicate expression must evaluate to a value of integer or pointer type. As with all D expressions, a zero value is interpreted as false and any non-zero value is interpreted as true.

DTrace Actions

Actions are user-programmable statements that the DTrace virtual machine executes within the kernel. Actions have the following properties:

  • Actions are taken when a probe fires

  • Actions are completely programmable in the D scripting language

  • Most actions record a specified system state

  • An action can change the state of the system in a precisely described way. Such actions are called destructive actions. Destructive actions are not allowed by default.

  • Many actions use expressions in the D scripting language

D Scripting Language

You can invoke the DTrace framework directly from the command line with the dtrace command for simple functions. To use DTrace to perform more complex functions, write a script in the D scripting language. Use the -s option to load a specified script for DTrace to use. See Chapter 3, Scripting With the D Language for information about using the D scripting language.