On DTrace envy

Posted Aug 7, 2007 18:50 UTC (Tue) by cajal (guest, #4167) [Link]

I'd like to correct several factual errors about DTrace in this article.

DTrace does not depend upon static probes in the kernel. In fact, the "D" in DTrace stands for dynamic; DTrace uses dynamic probing. It does allow developers to add statically defined probe points, and the Solaris kernel does have many statically defined probes.

But it is inaccurate to state that DTrace depends on static probes. In fact, the overwhelming majority of the in-kernel probes on Solaris are dynamic (they're provided by the function boundary tracing (fbt) DTrace provider). This is where most of the "tens of thousands" of in-kernel DTrace probes come from (they're tracing kernel function entry and return points). In userspace, the pid provider allows probes to be dynamically inserted at arbitrary offsets in a program.

The D language does have (limited) control flow: It has the ternary operator.

Concerning user-space probes, it is not required that application developers insert DTrace probe points before DTrace can use them. The pid provider, which I mentioned above, can trace user-space function entry and return (as well as at any arbitary offset within an application). However, it is possible for developers to insert static probes points into their applications. There are several examples of this:

* PostgreSQL 8.2 (http://www.postgresql.org/docs/8.2/interactive/dynamic-tr...)
* Sun's Java 6 (http://java.sun.com/javase/6/docs/technotes/guides/vm/dtr...)
* mod_dtrace for Apache (http://prefetch.net/projects/apache_modtrace/)
* Ruby (https://dtrace.joyent.com/projects/ruby-dtrace/wiki/Ruby+...)
* X.org 7.3 (http://wiki.x.org/wiki/Releases/7.3)
* PHP (http://pecl.php.net/package/DTrace)
* Sendmail (http://mail.opensolaris.org/pipermail/dtrace-discuss/2006...)
* Python
(http://blogs.sun.com/levon/entry/python_and_dtrace_in_build)

Granted, the last two are still experimental.

Posted Aug 7, 2007 18:55 UTC (Tue) by bcantrill (guest, #31087) [Link]

First, thanks for what is largely an accurate comparison -- it's especially gratifying to see understanding of (and appreciation for) the design decisions that we made in DTrace around safety. One very important correction, however: DTrace does not rely solely on programmer insertion of probes. In the kernel, DTrace can instrument every function entry and return without any programmer involvement whatsoever (which is the reason that tens of thousands of probes exist on any system -- there are two for most kernel functions). At user level, DTrace goes one better and can instrument every instruction in every process -- again without programmer involvement.

Now, all of that said, DTrace benefits from programmer involvement: programmers may add static points of instrumentation that export the semantics of the system instead of its implementation. As a concrete example, there are three functions in the Solaris kernel in which we enqeue a thread to run: setkpdq, setfrontdq and setbackdq. An expert in Solaris internals could therefore determine when a thread is scheduled to run with the following DTrace fragment:

setkpdq:entry,
setfrontdq:entry,
dispdeq:entry
{
        printf("%s scheduled to run...\n", args[0]->t_procp->p_user.u_comm);
}

This doesn't (or didn't) require any changes to the Solaris kernel itself, which is good. But this also requires knowing quite a bit about the implementation of Solaris: where threads are enqueued to run, what the thread structure looks like, etc. And it's brittle: if we change the kernel's implementation, the script is broken.

To address these shortcomings, we added a statically-defined tracing (SDT) provider, the sched provider, which makes available higher-level semantics. When rephrased in terms of sched, the above becomes:

sched:::enqueue
{
        printf("%s scheduled to run...\n", args[1]->pr_fname);
}

This is something that is simpler to understand, and represents stable, documented abstractions -- and we can change the kernel without breaking the script.

While originally a kernel-level notion, we brought this same technology to user-land, with what we call user-level statically-defined tracing (USDT). USDT allows one to instrument, say, one's Ruby, Python, Java, JavaScript, etc. in terms of the language instead of the implementation; the reader is directed to google + [language of choice] + "I'm feeling lucky" for details.

Anyway, thanks again for the careful look at DTrace. And if anyone finds themselves suffering from excessive DTrace envy, you might want to chime in on Adam's blog about how a Linux port could be made possible...

Posted Aug 7, 2007 19:44 UTC (Tue) by fuhchee (guest, #40059) [Link]

Here are some nits to correct in the body of the otherwise well-done article. I'm a systemtap developer.

It is true that systemtap relies on dynamic probes almost exclusively. Since these are expressed in terms of functions / source code lines, they indeed rely on an understanding of the kernel. We are well aware that this is too much for an ordinary user, which is why from day 1, systemtap has included a "tapset" facility. This method allows kernel experts to encode their knowledge about subsystems into higher level probe points, so that end-user scripts can refer to higher level abstractions. So, a knowledgeable person can probe kernel.function("sys_open") and look at local variables or parameters; a less knowledgeable one can rely on the automatic tapset searching and probe syscall.open. Such higher level tapset probes are intended to allay the "must be a kernel hacker" worry, and are generally documented accordingly.

The documentation not only mutters about a blacklist. There are kernel-side and systemtap-side blacklists. (There exists a similar blacklist in dtrace for analogous low-level kernel code.) While these are actively maintained, they are not complete, thus the caution in the docs.

Regarding the relative safety of a virtual-machine-based interpreter versus the compiled-in checks of systemtap, as far as we can see, it's a toss-up. One can consider the systemtap method to be equivalent to inlining all the same checks that the virtual machine would do. All the difficult areas of safety assurance come from other places - the runtime, the choice of probe points.

Regarding the difficulty of getting started with systemtap due to its installation requirements, we agree, and are working on improving this aspect. Similarly, we are aware of the need for more polish, fuller documentation, a bigger library of samples. Our small group is working on these things, and would appreciate community assistance. All of our work (code, bugs, documents, mailing lists) have been in the open since day 1.

Let me finish off with a plug at a systemtap-dtrace comparison page. We have invited Adam Leventhal from Sun to help edit it to keep us all honest.

Posted Aug 7, 2007 19:53 UTC (Tue) by ncm (guest, #165) [Link]

It's excellent work like this that makes me keep renewing my subscription.

Posted Aug 7, 2007 20:32 UTC (Tue) by prasadav (guest, #46636) [Link]

Jonathan, thanks for taking an objective look at the tracing tools and giving your informed opinion. I would like to give few clarifications mainly from SystemTap point of view.

On the documentation SystemTap does provide a manual pages that explains the probe points available in the tapsets so one doesn't have to read the source code. I agree we can improve the documentation and we are addressing this issue and you will see detailed language reference manual soon on the website.

SystemTap language does support static markers. The static marker infrastructure in the kernel is currently undergoing review in LKML and we are expecting that to make to mainline soon. Once it makes to mainline SystemTap will exploit that.

We designed SystemTap to be flexible yet safe to make it usable to wide variety of audience. SystemTap also provides predefined probe points that are safe to probe. An administrator can limit to only these probe points without worrying about safety. SystemTap also provides ability for a developer or support person to place probes anywhere using advanced guru mode hence the warnings of safety. I agree with you that bundled tapsets contain limited probe points and needs enhancement and work is in progress.

Safety is one of the most important considerations in all of our design decisions. The generated code also has safety checks very similar to what a virtual machine provides.

I agree with you that SystemTap provides feature rich language including ability to print stack trace using backtrace() construct.

SystemTap project is very young (2.5 years) and it is still work in progress. We have come a long way in this short amount of time due to our flexible architecture but I agree with you that we need to focus making it usable to administrators of all levels.

Posted Aug 7, 2007 20:40 UTC (Tue) by dw (guest, #12017) [Link]

I can't help but think this is a knee jerk reaction to the (from my limited perspective) excellent post on Adam Leventhal's blog. There are certain things about that entry not covered here, such as the seemingly blatant plagiarism present in the "Red Hat Summit 2007" slides.

Can anyone mention a single good reason DTrace can't be lifted as-is, name kept and everything, into the Linux kernel? The Sun people seem to be pushing for this while the Linux people seem intriguingly silent on the issue.

Personally after reading that post and the various things it links to, I'd say DTrace is the better and more rigorously designed system.

Posted Aug 7, 2007 22:51 UTC (Tue) by bgregg (guest, #46639) [Link]

Great article. I have some points to add from by background as a customer using DTrace, writing most of the scripts in the DTraceToolkit, and more recently joining Sun.

making this tool usable by a much wider set of system administrators

This is also important with DTrace, which I've helped encourage by creating a collection of scripts called the DTraceToolkit DTraceToolkit (inspired by the SE Toolkit), which also contains man pages, example files, notes, and a list of one-liners. It would be great if regular sysadmins wrote their own scripts, but if they don't have the time or skill to do that, then using the DTraceToolkit is better than not using DTrace. People can also use the scripts and one-liners in the toolkit as examples from which to learn DTrace.

Another way to reach a larger audience for DTrace is the DTrace Topics wiki, where I hope to write documentation specific to different roles (sysadmin, DBA, etc). This is in addition to the Dynamic Tracing Guide on docs.sun.com, which (DTrace aside) is an example of outstanding technical documentation.

SystemTap's language, instead, has conditionals, loops, and the ability to define functions.

Loops keep being mentioned as a feature of SystemTap's language, perhaps as it's a well known programming construct from other languages. If you write a few hundred DTrace scripts, you'll discover that loops aren't actually that important - perhaps 1 in 40 scripts that I write I think that loops would be nice, then use a workaround. If they did become more important, I imagine they could be added after carefully addressing safety concerns.

As for functions: again, sounds nice, but write a few hundred DTrace programs and note how many times you wanted them. Most DTrace scripts are short, a dozen lines or so; and the DTrace providers make concise abstractions available that shouldn't need too much digging to get to what you want (such as needing functions or loops). There are also workarounds for functions, such as using #defines.

So not having loops or functions would, for other languages, be a big deal. It isn't really the case here, at least in my experience.

DTrace has the ability to work with user-space probes.

This is a big deal; it is allowing providers to be created for languages such as Java, JavaScript, Ruby, Python, etc, and is what makes DTrace complete. DTrace is about observing your application as it runs and interacts with the system libraries, syscalls, kernel and device drivers - the entire software stack. This means if a customer has a performance issue, almost anywhere, DTrace can find it. This is the miracle solution to performance disputes - the application developers, database vendor and os vendor can all use the same tool and see the same numbers.

A while back I wrote a JavaScript DTrace provider, and now with much help from engineers at both Sun and Mozilla, we are looking at how best this could be made a permanent part of Mozilla. Great for JavaScript developers on either Solaris or MacOS, and Linux too - if it ports DTrace.

Posted Aug 8, 2007 0:30 UTC (Wed) by davem (guest, #4154) [Link]

Built-in predefined trace points are a great tradeoff for a system
whose pace of development is as glacial as Solaris's is.

This same tradeoff simply does not traslate to the pace at which the
linux kernel core innards are changing. Any predefined trace points
are going to have their placement and semantics change on a week to week
if not a day to day basis. It wouldn't help users at all.