DTrace is shipped with Solaris from version 10, no additional actions needed to install it. It also doesn't need any changes to kernel code: it relies on CTF sections, symbol tables and static tracing points that are included into Solaris Kernel binaries.

The heart of DTrace is libdtrace.so.1 library which contains compiler that translates script in D language to a DTrace Intermediate Format (DIF). That format is machine codes of simplified RISC which are interpreted by drv/dtrace driver:


DTrace primary front-end tool is dtrace(1M) which act both as compiler and consumer and uses libdtrace.so.1 facilities to do that. There are other front-ends: trapstat(1M) and lockstat(1M), but libdtrace.so.1 APIs are open, so you can create your own front end for that (i.e. for Java using JNI). We will refer to dtrace(1M) as DTrace further in a book.

DTrace tool

DTrace supports three launch modes:

Here are some useful command line options:

DTrace example

Let's create script test.d with following contents:

#!/usr/sbin/dtrace -qs
#pragma D option flowindent
#pragma D option dynvarsize=64m

/pid == $target/    
        printf("Written %d bytes\n", arg2);

Launch it with following options:

root@host# chmod +x /root/test.d
root@host# /root/test.d -c "dd if=/dev/zero of=/dev/null count=1"

Q: One by one, remove options flowindent and -q from script. What changed?

Q: Calculate number of probes that are provided by fbt provider: # dtrace -l -P fbg | wc -l