Code
Spelunking
Redux
On a typical operating system, these number in the low
hundreds, and although they can give clues to what
a complex piece of software is doing, they are not the
whole story. Ktrace cannot trace the operating system
itself, which can now be accomplished using DTrace.
When people discuss DTrace they often point out the
large number of probes available, which on Mac OS X
is more than 23,000. This is somewhat misleading. Not
all of the probes are immediately usable, and in reality,
having such an embarrassment of riches makes picking
the most useful probes for a particular job difficult. A
probe is some piece of code in an application, library, or
the operating system that can be instrumented to record
information on behalf of the user. The probes are broken
down into several categories based on what they record.
Each probe is delineated by its Provider, Module, Function, and Name. Providers are named after systems such
as io, lockstat, proc, profile, syscall, vminfo, and dtrace
itself. Several distinct providers are available in Mac OS X,
FIGURE
1
Caller Graph for ip_output()
in_broadcast
ip_dooptions
iptime
icmp_reflect
save_rte
icmp_error
in_rtalloc_ign
ip_rtaddr
ip_forward
in_canforward
ip_ipsec_filtertunnel
ip_ipsec_mtu
ip_srcroute
ip_ipsec_fwd
ip_ipsec_input
ip_next_mtu
icmp_isend
ip_output
ip_input
ip_reass
ip_freef
ip_mloopback
in_cksum
ip_fragment
ip_optcopy
ip_ipsec_output
in_delayed_cksum
ip_localip
ip_insertoptions
30 November/December 2008 ACM QUEUE
rants: feedback@acmqueue.com
