NAME
BT —
Bug Tracing language
SYNTAX
/
filter / {
action }DESCRIPTION
The BT language, also known as BPFtrace
syntax, describes how to format and display information gathered from
specified probe events.
Events are generated by the dynamic tracer dt(4) when an enabled probe is triggered. They are periodically collected by btrace(8), which formats them using the corresponding action. If a recorded event doesn't match the optional filter it will be silently ignored.
A valid BT source file contains at least
one probe clause associated with an
action statement.
PROBE
The list of available probes may vary from system to system and can be queried with btrace(8).
The special probes BEGIN and
END may be used to manipulate states before the
first event is recorded and after the last. They cannot be combined with any
filter.
FILTER
Define under which condition an event should be recorded when its related probe is executed. An empty filter means record all events.
Variable names available in filters:
- pid
- Process ID of the current thread.
- tid
- Thread ID of the current thread.
ACTION
An action is a sequence of statements that are evaluated for each event recorded by the associated probe.
Variable names with special meaning:
- argN
- Argument N of the corresponding probe.
- comm
- Command name of the current process.
- cpu
- ID of the processor that recorded the event.
- kstack
- Kernel stack of the current thread.
- nsecs
- Timestamp of the event in nanoseconds.
- pid
- Process ID of the current thread.
- retval
- Return value of the traced syscall.
- tid
- Thread ID of the current thread.
Functions:
clear(@map)- Delete all (key, value) pairs from @map.
delete(@map[key])- Delete the pair indexed by key from @map.
exit()- Terminate execution with exit code 0.
hist(value)- Increment the bucket corresponding to value in a power-of-two histogram.
lhist(value, min, max, step)- Increment the bucket corresponding to value in the linear histogram spawning between the positive value min and max with buckets of step size.
max()- Returns the maximum recorded value.
min()- Returns the minimum recorded value.
print(@map)- Print all pairs from @map.
print(@map, n)- Print only the first n entries in @map.
printf(fmt, ...)- Print formatted string fmt.
sum()- Returns the sum of all recorded values.
time(timefmt)- Print timestamps using strftime(3)
zero(@map)- Set all values from @map to 0.
SEE ALSO
BPFtrace reference guide, https://github.com/iovisor/bpftrace/blob/master/docs/reference_guide.md.
STANDARDS
The dialect of the BT language described
in this manual and supported by
btrace(8) is compatible with BPFtrace. The syntax is similar to
awk(1) and dtrace.