 | |
| Initial release | 2005 (2005) |
|---|---|
| Stable release | 5.2 / November 8, 2024; 4 months ago (2024-11-08) |
| Repository | |
| Written in | C,C++ |
| Operating system | Linux |
| Type | Tracingprogramming language |
| License | GNU General Public License |
| Website | sourceware |
Incomputing,SystemTap (stap) is ascripting language andtool for dynamicallyinstrumenting running productionLinux-basedoperating systems. System administrators can use SystemTap to extract, filter and summarize data in order to enable diagnosis of complex performance or functional problems.
SystemTap consists offree and open-source software and includes contributions fromRed Hat,IBM,Intel,Hitachi,Oracle, the University of Wisconsin-Madison and other community members.[1]
SystemTap debuted in 2005 inRed Hat Enterprise Linux 4 Update 2 as a technology preview.[2]
After four years in development, SystemTap 1.0 was released in 2009.[3]
As of 2011[update], SystemTap runs fully supported in all Linux distributions includingRHEL / CentOS 5[4] since update 2, SLES 10,[5] Fedora, Debian and Ubuntu.
Tracepoints in theCPython VM andJVM were added in SystemTap 1.2 in 2009.[6]
In November 2019, SystemTap 4.2 includedprometheus exporter.
SystemTap files are written in the SystemTap language[7] (saved as.stp files) and run with thestap command-line.[8]
The system carries out a number of analysis passes on the script before allowing it to run. Scripts may be executed with one of three backends selected by the--runtime= option. The default is aloadable kernel module, which has the fullest capability to inspect and manipulate any part of the system, and therefore requires most privilege. Another backend is based on thedynamic program analysis library DynInst to instrument the user's own user-space programs only, and requires least privilege. The newest backend[9] is based oneBPF byte-code, is limited to theLinux kernel interpreter's capabilities, and requires an intermediate level of privilege. In each case, the module is unloaded when the script has finished running.
Scripts generally focus on events (such as starting or finishing a script), compiled-in probe points such as Linux "tracepoints", or the execution of functions or statements in the kernel or user-space.
Some "guru mode" scripts may also have embedded C, which may run with the-g command-line option. However, use of guru mode is discouraged, and each SystemTap release includes more probe points designed to remove the need for guru-mode scripts. Guru mode is required in order to permit scripts tomodify state in the instrumented software, such as to apply some types of emergency security fixes.
As of SystemTap version 1.7, the software implements the newstapsys group and privilege level.[10]
The following script shows all applications settingTCPsocket options on the system, what options are being set, and whether the option is set successfully or not.
# Show sockets setting options# Return enabled or disabled based on value of optvalfunctiongetstatus(optval){if(optval==1)return"enabling"elsereturn"disabling"}probebegin{print("\nChecking for apps setting socket options\n")}# Set a socket optionprobetcp.setsockopt{status=getstatus(user_int($optval))printf(" App '%s' (PID %d) is %s socket option %s... ",execname(),pid(),status,optstr)}# Check setting the socket option workedprobetcp.setsockopt.return{if(ret==0)printf("success")elseprintf("failed")printf("\n")}probeend{print("\nClosing down\n")}
Many other examples are shipped with SystemTap.[11] There are also real-world examples of SystemTap use at the War Stories page.[12]
SystemTap can attach toDTrace markers when they are compiled into an application using macros from thesys/sdt.h header file.
SystemTap [...] requires root privileges to actually run the kernel objects it builds using the sudo command, applied to the staprun program.[...] staprun is a part of the SystemTap package, dedicated to module loading and unloading and kernel-touser data transfer.
{{cite journal}}:Cite journal requires|journal= (help)The systemtap team announces release 3.2 [...] early experimental eBPF (extended Berkeley Packet Filter) backend [...][permanent dead link]
The systemtap team announces release 1.7 [...] The new group and privilege level "stapsys" has been added [...]
