[DTrace-devel] [RELEASE] DTrace 2.0.4
Eugene Loh
eugene.loh at oracle.com
Sat Nov 8 00:50:32 UTC 2025
We are happy to announce the availability of DTrace for Linux 2.0.4!
DTrace for Linux is based on BPF and other Linux kernel tracing features and
is implemented entirely as a userspace application. It can be used for
tracing
on any Linux kernel that provides BPF based tracing and BTF type data,
although
(as mentioned below) improved functionality benefits from an (optional)
kernel
patch.
The functionality is close to being feature-complete in comparison with the
kernel-module-based version of DTrace for Linux (version 1.2.1-1).
Development
continues in an incremental fashion to make the full feature set of DTrace
available using existing kernel features.
WHERE TO FIND IT?
The new version of DTrace for Linux is available at:
https://github.com/oracle/dtrace-utils/tree/stable
The main development branch for DTrace for Linux is at:
https://github.com/oracle/dtrace-utils/tree/devel
The most recent release tag is 2.0.4.
NEW
+ stapsdt: New provider to support probes defined via stapsdt ELF
notes and probes created dynamically via libstapsdt
+ tcp: New provider making tcp probes available
+ udp: New provider making udp probes available
+ The User's Guide is included in Markdown form and part of an
install.
+ Example scripts are installed under /usr/share/doc/dtrace/examples.
+ A context file, explaining DTrace, can be used with LLMs (AI).
+ [u]stack() is now a "struct dt_stack" (dt_stack_t) subroutine
that can be used in expressions. Its singular use as an action
(putting the stack in the output buffer) is still supported for
backwards compatiblity.
+ The return() action allows error injection by forcing a given
return value for kernel functions that allow it.
+ Support for C-style // comments.
+ Aggregations are now snapshot "just in time" for better
performance and for more consistent reporting.
+ Precompiled BPF code is more granular to reduce BPF program size
in generated tracing programs.
FEATURES
- Providers:
+ cpc: CPU Performance Counter probes
+ dtrace: BEGIN, END, and ERROR probes
+ fbt: Function Boundary Tracing (FBT) probes
(Using fentry/fexit probes where available)
+ lockstat: Locking related probes
+ pid: Userspace function boundary tracing and offset-based
instruction
probes
+ proc: Process lifecycle related probes
+ profile: Timer-based profile-* and tick-* probes
+ rawfbt: Function Boundary Tracing style provider that always
uses kprobes - it can be used to trace <func>.<suffix>
symbols
that are generated by compiler optimizations
+ rawtp: SDT-style probes for kernel tracepoints with access to raw
(untranslated) tracepoint arguments
+ sched: CPU scheduling probes [partial implementation]
+ sdt: Statically Defined Tracing (SDT) probes for kernel tracepoints
+ sycall: System call entry and exit probes
+ usdt: Userspace Statically Defined Tracing (USDT) probes
- Aggregations:
+ Regular and indexed aggregations
+ Aggregation functions: avg, count, llquantize, lquantize, max, min,
quantize, stddev, and sum.
+ Aggregation actions: clear, normalize, normalize, printa
- Speculative tracing:
+ Functions: speculation, speculate, commit, and discard
- Variables:
+ Global variables
+ Thread-Local Storage (TLS) variables
+ Clause-local variables
+ Associative arrays for global and TLS variables
+ Full support for NULL-strings
+ Built-in: arg0 - arg9, args[], caller, curcpu, curthread, epid,
errno,
execname, gid, id, pid, ppid, probefunc, probemod, probename,
probeprov, stackdepth, tid, timestamp, ucaller, uid, uregs[],
ustackdepth, walltimestamp
+ Inline variables (e.g., cwd, root, ...)
- Actions:
+ exit, freopen, ftruncate, mod, print, printa, printf, raise,
setopt,
stack, sym, system, trace, tracemem, uaddr, umod, ustack, usym
- Subroutines:
+ alloca, basename, bcopy, cleanpath, copyin, copyinstr, copyinto,
copyout, copyoutstr, dirname, d_path [dummy], getmajor, getminor,
htonl, htonll, htons, index, inet_ntoa, link_ntop, lltostr,
mutex_owned, mutex_owner, mutex_type_adaptive, mutex_type_spin,
ntohl,
ntohll, ntohs, progenyof, rand, rindex, rw_iswriter, rw_read_held,
rw_write_held, strchr, strjoin, strlen, strrchr, strstr,
strtok, substr
- Runtime features:
+ Reporting of drop-counters for trace data that could not be
recorded
for the principal buffer, aggregation buffers, and speculation
buffers.
+ Pre-generated translator files to support kernels from 5.2 to
current.
- BPF support:
+ Direct compilation of D source code into BPF programs.
+ Efficient use of pre-compiled BPF functions for library functions.
+ A bpflog option to request the BPF verifier log for loaded
programs.
+ BPF program linking of dynamically generated code and pre-compiled
code to facilitate code sharing and code re-use.
+ Improved integrated disassembler for generated BPF code at the
clause
and program level (-S in combination with the new -xdisasm=#
option).
+ Improved trace data buffer handling based on memory mapped perf
event
ring-buffers.
+ BTF type data support.
- Development and debugging:
+ Support to run dtrace under valgrind.
+ Configure script based building is supported.
+ Improved support for building and using DTrace on upstream kernels.
+ Installation paths for all components are configurable.
+ Header files for USDT (sdt.h, etc) have been moved to avoid
conflicts
with projects that supply files with the same name.
DEPENDENCIES
DTrace for Linux makes use of BPF library functions that are compiled at
build time. It depends on BPF support in GCC and binutils to generate the
pre-compiled BPF function library.
DTrace for Linux benefits from an optional kernel feature that is not
commonly
available in Linux kernels: CTF data generation at compile time. This
provides important datatype information for kernel and kernel module
symbols.
DTrace for Linux can be used for tracing without this patch, albeit with
some
limitations. This additional support feature for tracing is available at:
https://github.com/oracle/dtrace-linux-kernel/tree/v2/6.10
Please consider joining our development list: dtrace at lists.linux.dev
and/or our IRC channel: #linux-dtrace at libera.chat
Enjoy!
More information about the DTrace-devel
mailing list