..bits & bytes teleported

For a detailed introduction to DTrace, refer: http://www.sun.com/software/solaris/howtoguides/dtracehowto.jsp

Here is a paragraph from the guide above which serves as a good very-short way to introduce some one to DTrace-

DTrace dynamically modifies the operating system kernel and user processes to record data at locations of interest, called probes. A probe is a location or activity to which DTrace can bind a request to perform a set of actions, like recording a stack trace, a timestamp, or the argument to a function. Probes are like programmable sensors scattered all over your Solaris system in interesting places. DTrace probes come from a set of kernel modules called providers, each of which performs a particular kind of instrumentation to create probes.

DTrace Script: A DTrace script is a set of instructions written in the D scripting language which is fed to the DTrace framework for carrying out relevant DTrace tasks

Components of a D script:

1. Probes
2. Predicates
3. Actions
   

DTrace is somewhat similar to event-handling framework in GUI programming. You declare some probing points. When the probing points or situation is encountered, the predicate is matched and if the predicate macthes, the actions are executed.

For example consider the following simple D-script

syscall::write:entry 
/execname == "bash"
{
printf("bash with pid %d called write system call\n",pid)
}

For the above script:

Save the script to a file, say 'demo-1.d', and execute the D script using: (the '-s' switch indicates that the next value is the script file)

amit@opensolaris:~/scripts/D# dtrace -s demo-1.d

dtrace: script 'demo-1.d' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0  60983                      write:entry bash with pid 5263 called write system call

  0  60983                      write:entry bash with pid 5263 called write system call

  0  60983                      write:entry bash with pid 5263 called write system call

  0  60983                      write:entry bash with pid 6692 called write system call

  0  60983                      write:entry bash with pid 5263 called write system call

What is this '60983'?

It is called the probe id.

dtrace -l lists all the probes available on the system. So a simple grep shows up the result:

amit@opensolaris:~/scripts/D# dtrace -l | grep 60983
60983    syscall                                               write entry

Predicates and Actions  in a Dtrace script can be ommited.

For eg. when the action is ommitted, it just prints the probe name:

amit@opensolaris:~/scripts/D# dtrace -s demo-1.d
dtrace: script 'demo-1.d' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
  0  60983                      write:entry
^C

As said in the beginning, a very useful introduction to DTrace is at http://www.sun.com/software/solaris/howtoguides/dtracehowto.jsp which points to other several resources.