fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged
pwithnall_ has quit [Ping timeout: 240 seconds]
hpt has joined #systemtap
hpt has quit [Client Quit]
hpt has joined #systemtap
hkshaw has joined #systemtap
hkshaw has quit [Ping timeout: 260 seconds]
ananth has joined #systemtap
ravi_ has joined #systemtap
Humble has quit [Ping timeout: 246 seconds]
hkshaw has joined #systemtap
jacksgt has joined #systemtap
hpt has quit [Quit: Lost terminal]
Humble has joined #systemtap
mjw has joined #systemtap
ananth has quit [Ping timeout: 268 seconds]
nkambo has joined #systemtap
ananth has joined #systemtap
ananth has quit [Ping timeout: 260 seconds]
ananth has joined #systemtap
scox has quit [Ping timeout: 246 seconds]
pwithnall__ has joined #systemtap
hkshaw has quit [Ping timeout: 256 seconds]
ananth has quit [Quit: Leaving]
nkambo has quit [Ping timeout: 256 seconds]
hkshaw has joined #systemtap
nkambo has joined #systemtap
ravi_ has quit [Remote host closed the connection]
wcohen has quit [Ping timeout: 268 seconds]
mbenitez has joined #systemtap
mbenitez has quit [Changing host]
mbenitez has joined #systemtap
scox has joined #systemtap
<jacksgt>
Hi everyone, are there any other resources on SystemTap
<jacksgt>
* on how SystemTap internals work except the source code itself?
nkambo has quit [Ping timeout: 256 seconds]
wcohen has joined #systemtap
nkambo has joined #systemtap
nkambo has quit [Ping timeout: 256 seconds]
nkambo has joined #systemtap
brolley has joined #systemtap
<fche>
jacksgt, there is the INTERNALS source file
<fche>
there is the old architecture paper
<fche>
there is the [man stap] page
<fche>
there is stap -k -vv .... which lets you look at the generated artifacts
<fche>
would be glad to answer a more specific question
<jacksgt>
fche: Thanks for your answer. I already read the INTERNALS file as well as the manpage, but I couldn't really get a gist on how SystemTap probes instrument the code without changing the source.
<jacksgt>
fche: To put it in simpler terms: how does SystemTap the application jumps to function xyz _now_?
<fche>
for the normal linux kernel module based backend, we make calls to kernel facilities such as tracepoints, uprobes, kprobes, to hook into the target software
<fche>
stap doesn't -cause- jumps within the program. It sort of listens for the app jumping within itself, tripping across a breakpoint.
<jacksgt>
Are we talking about hardware breakpoints?
<fche>
usually software breakpoints (int3 on x86)
<fche>
which (in this context) the kernel puts into itself or userspace apps
<jacksgt>
So basically this (from the GDB internals)?
<jacksgt>
Software breakpoints require GDB to do somewhat more work. The basic theory is that GDB will replace a program instruction with a trap, illegal divide, or some other instruction that will cause an exception, and then when it’s encountered, GDB will take the exception and stop the program. When the user says to continue, GDB will restore the original instruction, single-step, re-insert the trap, and continue on.
<fche>
kind of, except that in the case of systemtap, the kernel is doing this
<fche>
(for the traditional lkm runtime. for stap --runtime=dyninst, it's all different again; binary rewriting in userspace using the dyninst library)
<jacksgt>
Ok, but I thought the code/text segment is marked as read-only. I could see how SystemTap (or any debugger for that matter) could modify the segment before the application launches, but how is this possible while the program is already running?
<fche>
the kernel is All Powerful
<fche>
and even debuggers can modify other processes' read-only-mapped page segments via ptrace(2), which cause the kernel to create a private modified copy
<jacksgt>
Amazing.
<jacksgt>
fche: Do you also happen to know how the DynInst runtime works?
<fche>
not deeply
<fche>
dyninst is a ginormous (tm) project with its own research organization behind it
<fche>
it disassembles and snips and tucks and cuts & pastes binary pieces together
<fche>
it's true magic
<fche>
(but imperfect magic)
<jacksgt>
Indeed! :D
<jacksgt>
fche: Thanks for your answers :-)
<fche>
np
nkambo has quit [Remote host closed the connection]
mbenitez has quit [Ping timeout: 240 seconds]
mbenitez has joined #systemtap
mjw has quit [Quit: Leaving]
hkshaw has quit [Ping timeout: 260 seconds]
hkshaw has joined #systemtap
mbenitez has quit [Quit: To office]
mbenitez has joined #systemtap
mbenitez has joined #systemtap
mbenitez has quit [Changing host]
ton31337 has quit [Remote host closed the connection]