 The DTrace command | |
| Original author(s) | Bryan Cantrill,Adam Leventhal,Mike Shapiro (Sun Microsystems) |
|---|---|
| Developer(s) | Sun Microsystems,Oracle,Microsoft |
| Initial release | January 2005; 20 years ago (2005-01) |
| Repository | github |
| Written in | C |
| Operating system | Solaris,illumos,macOS,FreeBSD,NetBSD,Linux,[1]Windows[2] |
| Type | Tracing |
| License | CDDL,GPLv2,UPL |
| Website | dtrace |
DTrace is a comprehensive dynamictracing framework originally created bySun Microsystems fortroubleshootingkernel and application problems on production systems in real time. Originally developed forSolaris, it has since been released under the freeCommon Development and Distribution License (CDDL) inOpenSolaris and its descendantillumos, and has been ported to several otherUnix-like systems. Windows Server systems fromWindow Server 2025 will have DTrace as part of the system.
DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.
In 2010,Oracle Corporation acquired Sun Microsystems and announced the discontinuation of OpenSolaris. As a community effort of some core Solaris engineers to create a truly open source Solaris,illumosoperating system was announced viawebinar on Thursday, 3 August 2010,[3] as a fork on OpenSolaris OS/Net consolidation, including DTrace technology.
In October 2011, Oracle announced theporting of DTrace toLinux,[4] and in 2019 official DTrace for Fedora is available onGitHub. For several years an unofficial DTrace port to Linux was available, with no changes in licensing terms.[5]
In August 2017, Oracle released DTrace kernel code under theGPLv2+ license, anduser space code under GPLv2 andUPL licensing.[6] In September 2018Microsoft announced that they had ported DTrace fromFreeBSD to Windows.[2]
In September 2016 the OpenDTrace effort began ongithub with both code and comprehensivedocumentation of the system's internals. The OpenDTrace effort maintains the original CDDL licensing for the code from OpenSolaris with additional code contributions coming under aBSD 2 Clause license. The goal of OpenDTrace is to provide an OS agnostic, portable implementation of DTrace that is acceptable to all consumers, including macOS, FreeBSD, OpenBSD, NetBSD, and Linux as well as embedded systems.
Sun Microsystems designed DTrace to give operational insights that allow users to tune and troubleshoot applications and the OS itself.
Testers write tracing programs (also referred to as scripts) using the D programming language (not to be confused with otherprogramming languages named "D"). The language, inspired byC, includes added functions and variables specific to tracing. D programs resembleAWK programs in structure; they consist of a list of one or moreprobes (instrumentation points), and each probe is associated with an action. These probes are comparable to apointcut inaspect-oriented programming. Whenever the condition for the probe is met, the associated action is executed (the probe "fires"). A typical probe might fire when a certain file is opened, or a process is started, or a certain line of code is executed. A probe that fires may analyze the run-time situation by accessing thecall stack and context variables and evaluating expressions; it can then print out or log some information, record it in a database, or modify context variables. The reading and writing of context variables allows probes to pass information to each other, allowing them to cooperatively analyze the correlation of different events.
Special consideration has been taken to make DTrace safe to use in a production environment. For example, there is minimalprobe effect when tracing is underway, and no performance impact associated with any disabled probe; this is important since there are tens of thousands of DTrace probes that can be enabled. New probes can also be created dynamically.
DTrace scripts can be invoked directly from the command line, providing one or more probes and actions as arguments. Some examples:
# New processes with argumentsdtrace-n'proc:::exec-success { trace(curpsinfo->pr_psargs); }'# Files opened by processdtrace-n'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'# Syscall count by programdtrace-n'syscall:::entry { @num[execname] = count(); }'# Syscall count by syscalldtrace-n'syscall:::entry { @num[probefunc] = count(); }'# Syscall count by processdtrace-n'syscall:::entry { @num[pid,execname] = count(); }'# Disk size by processdtrace-n'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }'# Pages paged in by processdtrace-n'vminfo:::pgpgin { @pg[execname] = sum(arg0); }'
Scripts can also be written which can reach hundreds of lines in length, although typically only tens of lines are needed for advanced troubleshooting and analysis. Over 200 examples of open source DTrace scripts can be found in the DTraceToolkit,[7] created byBrendan Gregg (author of the DTrace book[8]), which also provides documentation and demonstrations of each.
DTrace first became available for use in November 2003, and was formally released as part of Sun'sSolaris 10 in January 2005. DTrace was the first component of theOpenSolaris project to have its source code released under theCommon Development and Distribution License (CDDL).
DTrace is an integral part ofillumos and related distributions.
DTrace is a standard part of FreeBSD[9] andNetBSD.[10]
Apple added DTrace support inMac OS X 10.5 "Leopard", including a GUI calledInstruments.[11] Over 40 DTrace scripts from the DTraceToolkit are included in /usr/bin,[12] including tools to examine disk I/O (iosnoop) and process execution (execsnoop). Unlike other platforms that DTrace is supported on, Mac OS X has a flag (P_LNOATTACH) that a program may set that disallows tracing of that process by debugging utilities such as DTrace andgdb. In the original Mac OS X DTrace implementation, this could affect tracing of other system information, as unrelated probes that should fire while a program with this flag set was running would fail to do so.[13] The OS X 10.5.3 update addressed this issue a few months later.[14] However, since El Capitan,System Integrity Protection prevents user from DTracing protected binary by default.
TheLinux port of DTrace has been available since 2008;[15] work continues actively to enhance and fix issues. There is also an activeimplementation on github. Standard core providers are available (fbt, syscall, profile), plus a special "instr" provider (some of the Solaris providers are not yet available as of 2013[update]). The Linux DTrace implementation is a loadablekernel module, which means that the kernel itself requires no modification, and thus allows DTrace to avoid CDDL vs. GPL licensing conflicts (in its source form, at least). However, once DTrace is loaded the kernel instance will be marked astainted.
In 2007, a developer at QNX Software Systems announced on his blog that he and a colleague were working on incorporating DTrace into theQNX operating system.[16]
Oracle Corporation added beta DTrace support forOracle Linux in 2011,[1] as a technology preview in theUnbreakable Enterprise Kernel release 2, which is under GPLv2 (the DTrace Linux kernel module was originally released under CDDL).[17] General availability was announced in December 2012.[18][19]
On March 11, 2019, Microsoft released a version of DTrace for Windows 10 insider builds.[20] Microsoft included DTrace as a built-in tool inWindows Server 2025.[21][22]
With a supportedlanguage provider, DTrace can retrieve context of the code, including function, source file, and line number location. Further, dynamic memory allocation and garbage collection can be made available if supported by the language.[23] Supported language providers includeassembly language[clarification needed],C,C++,Java,Erlang,JavaScript,Perl,PHP,Python,Ruby,shell script, andTcl.
Application providers allow DTrace to follow the operation of applications through system calls and into the kernel. Applications that offer DTrace application providers includeMySQL,PostgreSQL,Oracle Database,Oracle Grid Engine, andFirefox.[23][24][25]
DTrace was designed and implemented byBryan Cantrill,Mike Shapiro, andAdam Leventhal.
The authors received recognition in 2005 for the innovations in DTrace fromInfoWorld andTechnology Review.[26][27] DTrace won the top prize inThe Wall Street Journal's 2006 Technology Innovation Awards competition.[28] The authors were recognized byUSENIX with the Software Tools User Group (STUG) award in 2008.[29]
