Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to use Linux kernel ftrace". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to use Linux kernel ftrace".

What is ftrace?

We can understand ftrace as the abbreviation of Function tracer, and we can see that its basic function is to trace function calls. In fact, ftrace is not only used for tracking function calls, but also a lot of other kernel information can be tracked through this tool.

In addition to the above function call tracking, ftrace can also help us analyze kernel-specific events, such as scheduling, interrupts, etc., and it can also help us track delays, such as interrupt blocking, preemption of prohibited time, and how long after a process is awakened.

So it's understandable that ftrace actually provides us with a tool to see through the kernel, just like a hospital CT machine or MRI, through which we can learn more about the inner details of the kernel. Below, we list the main functions of the tool, which can be used as a reference:

(1) Function tracer and Function graph tracer: trace function calls.

(2) Schedule switch tracer: track process scheduling.

(3) Preemptoff tracer: similar to the previous tracer, preemptoff tracer tracks and records functions that prohibit kernel preemption and clearly shows the kernel functions that prohibit preemption for the longest time.

(4) Preemptirqsoff tracer: as above, track and record kernel functions that prohibit interrupts or preemption, as well as functions that have been disabled for the longest time.

(5) Branch tracer: tracks the predicted hit rate of likely/unlikely branches in kernel programs. Branch tracer can record how many times these branch statements have been predicted successfully. So as to provide clues for the optimization program.

(6) Hardware branch tracer: the instruction jump record at the hardware level is realized by using the branch tracking ability of the processor. On x86, BTS is the main feature.

(7) Sysprof tracer: by default, sysprof tracer samples the kernel every 1 msec, recording function calls and stack information.

(8) Kernel memory tracer: memory tracer is mainly used to track the allocation of slab allocator. Including the invocation of API such as kfree,kmem_cache_alloc, the user program can analyze the internal fragmentation according to the information collected by tracer, find out the code fragments that allocate memory most frequently, and so on.

(9) Initcall tracer: record the init call called by the system during the boot phase.

(10) Mmiotrace tracer: record the relevant information of memory map IO.

(11) Power tracer: record information related to power management of the system.

(12) Workqueue statistical tracer: this is a statistic tracer that counts the operation of all workqueue in the system, such as how many work have been inserted into the workqueue, how many have been executed, and so on. Developers can use this to determine a specific workqueue implementation, such as whether to use single threaded workqueue or per cpu workqueue.

(13) Event tracer: tracks system events, such as timer, system calls, interrupts, etc.

(14) Wakeup tracer: tracking the scheduling delay of a process, that is, the delay time of a high-priority process from entering the ready state to obtaining CPU. The tracer is only for real-time processes.

(15) Irqsoff tracer: when interrupts are disabled, the system cannot respond to external events, such as keyboard and mouse, and the clock cannot generate tick interrupts. This means that the system response latency, irqsoff this tracer can track and record which functions in the kernel prohibit interrupts, for the longest interrupt prohibition, irqsoff will be marked in the first line of the log file, so that developers can quickly locate the culprit causing the response delay.

The basic usage of ftrace

The basic usage of ftrace is actually relatively simple. Take Ubuntu18.04 as an example, we just need to enter the function string in the current_tracer file. The specific steps are as follows:

Cd / sys/kernel/debug/tracing echo function > current_tracer

After executing the above command, we use the vim command to open a file called trace under that directory, and we can call the function at this point.

If you look at this file, you may find that there are tens of thousands of function calls. In fact, its function is much more powerful, for example, we use function_graph to achieve the hierarchical relationship of the call stack, which makes it more convenient to sort out the function call relationship. At the same time, we can also filter function names, such as only fetching some functions, or not fetching certain functions, and so on.

Some versions of the operating system may not be able to use this feature directly, which requires some configuration. With regard to these configurations, this article will not introduce them for the time being, but will specifically introduce them later.

Summary of the implementation principle of ftrace

Ftrace was originally used to track function calls, but as requirements grew, ftrace evolved into a framework. That is, the various detection functions of the kernel that we introduced earlier.

The architecture of the whole ftrace is shown in the figure, which is divided into two layers as a whole. The core part is the kernel framework and some plug-ins that capture information, in which the function call is one of the plug-ins; the other part is some auxiliary tools set in the user mode.

As you can see, the core in the kernel is the ftrace framework, and the specific functional components are various plug-ins, that is, tracers. If you need to track specific content, the tracer needs to be registered with the framework. The information captured by tracer is output to a ring buffer. Another kernel module, the debugfs module, is needed throughout the framework. This module realizes the interaction between the user mode and the kernel.

The code in the kernel state is under the kernel/trace directory, which is the code for the ftrace framework and each tracer. As shown in the following figure, you can see that there are still many tracer.

The code volume of the whole ftrace is not very large, probably more than 40, 000 lines. So, at present, ftrace is indeed a very powerful kernel state monitoring tool.

Thank you for reading, the above is the content of "how to use Linux kernel ftrace". After the study of this article, I believe you have a deeper understanding of how to use Linux kernel ftrace, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.