KS2008: Tracing [LWN.net]

By Jonathan Corbet
September 17, 2008

LWN's 2008 Kernel Summit coverage

Tracing is a hot issue in the Linux community, mostly as the result of the actions of an allegedly friendly company: Sun Microsystems has been putting a lot of marketing energy into telling customers that DTrace makes Solaris a better system. The fact of the matter is that Linux does not lack tracing tools, but it does seem to lack tools which are usable to the wider community. The second day of the 2008 kernel summit started with a pair of sessions dedicated to determining where the gaps are and trying to figure out what to do about them.

James Bottomley started with a description of his experiences with SystemTap, the utility which is most often cited as our answer to DTrace. He had a lot of trouble getting it to work with his system. In his mind, the root cause for all this trouble is the simple fact that nobody from the development community is actually using SystemTap. A quick query of the room suggested that about half of the developers present had tried using SystemTap at one point or other; maybe 20% actually succeeded. So there is a roadblock of sorts here; SystemTap needs attention from kernel developers to progress, but those developers find it unsuited to their needs and difficult to use, so they tend to ignore it.

But kernel developers are not the targeted user base for a tool like SystemTap; it is aimed at end users and deployed systems. To help clarify what those users need, Vinod Kutty from the Chicago Mercantile Exchange took some time to talk about his needs for tracing tools. In general, these users need a higher level of visibility into running, production systems. They need to be able to track down slowdowns, look at the environment in which processes are running, and, in general, to be able to look in corners of the system which nobody will have anticipated in advance. All of this has to happen while the system is running in production; it is, he says, somewhat like needing to look under the hood of a car while driving at 100mph.

Also useful is the ability to run tracing tools in a "flight recorder" mode, where an administrator can look at historical data after something goes wrong. And it is necessary to be able to look at user-space events as well as those from the kernel. Events generated in user space are often more meaningful to the people running the system. All of this is needed to be able to communicate with distributors about where the problems come up, so that the distributor can work toward a fix. Current tracing tools for Linux are insufficient.

Linus asked: is tracing needed primarily to track down bugs or to find performance issues? It turns out that performance problems are the big issue. James asked what parameters were the most important; the answer mentioned individual process I/O events, user-space events, and the ability to map user events to kernel-level events.

Moving on, Vinod also noted that low impact is important; the tracing tool cannot place a heavy load on the system. These tools need to start quickly. Current tools are far too big. There is also a need for good filtering; tracing tools can generate a lot of data. Administrators and developers need a way to boil down all that data to an amount they can deal with. Even better are tools which can spot problems in the trace stream and raise red flags when they happen.

And, of course, tracing tools really cannot crash the system while they are running. SystemTap still falls a little short in this area; it's not hard to bring down a system while trying to trace it. Adding a DTrace-style virtual machine was discussed; in theory, a VM can make the tracing tool demonstrably safer. Vinod responded that it could be useful, but the proof of maturity is in watching the software run for a while.

This is where Linus came in to proclaim that he hates every tracing tool he has seen. SystemTap is far too complicated; these tools need to be simpler. Adding a virtual machine to SystemTap would just make things more complicated; that's not the way to fix its problems. According to Linus, most of the problems solved by tracing come down to figuring out scheduling issues, and we have the tools to do that now. We should be making better use of the simple tools which are currently in the kernel before trying to put more complicated stuff in. We should, for example, make latencytop work better and push to get it into the enterprise distributions. This "use the tools we already have" suggestion came back many times during the session.

Christoph Hellwig brought up another recurring theme: while dynamic tracing is nice, there is a lot of value to be had from well-placed static trace points which are managed by the maintainer of the code. Matthew Wilcox added that the user-space trace points (for DTrace) added to PostgreSQL have proved to be highly useful for database administrators; people running PostgreSQL now have a strong motivation to do so on Solaris systems. We would do well to match that functionality on Linux.

A key component of SystemTap is the collection of "tapsets," scripts which allow a user to look into the kernel for specific information. These tapsets are a problem, though; they are tightly tied to a specific kernel, but the kernel is constantly being changed. So tapsets go stale quickly. Moving these tapsets into the kernel might help, but they will still be a separate body of code which is prone to breaking. Static trace points, which can be maintained directly with the code they monitor, are much more likely to continue to work in the long term.

Martin Bligh noted that Google maintains a set of 20-30 static trace points for use with the LTTng trace tool. This very small set of trace points is sufficient to solve most problems that Google encounters. Martin will, hopefully, be posting those trace points for inclusion into the mainline, though Google's associated tools might not be available.

Vinod finished this portion of the session by stating the he likes the tapset concept. It allows him (or somebody in his group) to write a script aimed at a specific situation, and others can make use of it immediately. There's no need to wait for the release of a more specialized tool.

Trace toolkits

Mathieu Desnoyers spent a few moments introducing the LTTng tracing package. LTTng is a static tracing tool, depending on markers placed in the kernel itself. It has been designed for high performance and simplicity; that, in turn, should help to make it safe to use on production systems. All LTTng trace points have to be in the kernel code itself and be maintained by the appropriate subsystem maintainers.

The core kernel code includes a module for precise time stamping (needed to preserve the ordering of events which go through different per-CPU relay buffers), the relaying code, and a netlink-driven module to control tracing. There is a user-space library and, of course, a set of analysis tools. LTTng can support "flight recorder" mode which can initiate tracing when a specific trigger situation comes about. There is also a mechanism for putting markers into user space.

Frank Eigler spent some time talking about SystemTap; he used much of that time to defend the design decisions which had been made. When the SystemTap project started, the kernel had almost no tracing features at all, so they had to pick a path that worked. Since there is a lot of hostility to putting a virtual machine into the kernel, they had to go with code generation instead. They used kprobes because that was the mechanism that was available. And so on. In general, SystemTap has a lot of the same objectives as LTTng, plus, of course, the dynamic tracing feature. There are "some demos" showing working user-space tracing.

James stated that there was a real need for the users of these tools - kernel developers, in this case - to provide input into how they work. Frank responded that the SystemTap team has been crying out for people to help. It's clear, though, that this particular user base is not sufficiently engaged in the development process. It was said that the real users of SystemTap are Red Hat consultants, who find that it works well with the standard RHEL kernel. But people trying to use SystemTap with a current mainline kernel have to download "a shaky weekly tarball" to try to make it work. Until SystemTap is easier to use with the mainline kernel, it will be a hard sell in the development community.

The problem there, of course, is that keeping SystemTap current while it is out of the mainline tree is always going to be a struggle. Resolving that problem will require getting more of that code merged. It seems that the core SystemTap code is about 15,000 lines - small, according to Frank. This could maybe go in, but Linus is resistant, saying that we need to get the current, simple, in-kernel tracing tools into a usable state before we try to add more of them.

Ted Ts'o remarked that there is a real difference with SystemTap: it is the only Linux-based tracing package which, like DTrace, allows users to run code at the trace points. Thus it is able to do more complicated triggering, filtering, and analysis. Thomas Gleixner responded that this is all good, but what is really needed is a simple trace package which does not require the installation of a whole set of new tools. He does tracing (using ftrace) on a number of platforms, including embedded systems, and he isn't willing to deal with the hassle involved in adding another complicated set of software.

After that the conversation wandered into various, relatively obscure technical topics like the details of how buffering mechanisms should work, who should really be managing trace points, who manages instrumentation as a whole, and so on. But there was a general sense that the summit wasn't the venue for that kind of low-level detail, which isn't where the real problems are anyway. The tracing topic will be revisited at the Linux Plumbers Conference, so it was decided to defer much of the discussion of the details until then.

(Log in to post comments)

dtrace on Linux

Posted Sep 18, 2008 4:35 UTC (Thu) by fuhchee (subscriber, #40059) [Link]

LWN doesn't allow a simple "no" for an answer, so
this is a sentence stating "no".

dtrace on Linux

Posted Sep 18, 2008 5:19 UTC (Thu) by corbet (editor, #1) [Link]

No mention of the DTrace port. The licensing of Linux makes a DTrace port undistributable by anybody, so it is not of any practical interest.

dtrace on Linux

Posted Sep 18, 2008 10:15 UTC (Thu) by zdzichu (subscriber, #17118) [Link]

It's a learning material. From all discussion about Linux tracing I get a feeling that no Linux kernel developer seen DTrace in action. And no one exactly knows what they compete against. It would be nice if kernel developers tried DTrace, learn about problems it helped to solve (there are many reports on blogs) and saw how powerful yet easy it is.

DTrace is wonderfully usable by Joe random admin and is generic enough to stop blooming of specialised tracing frameworks. Sure, latency top is cool, powertop is cool, usbmon is cool, blktrace is cool, but each of them needs its own hooks in kernel. On Solaris, powertop is implemented on top of DTrace, without modifing kernel.

dtrace on Linux

Posted Sep 18, 2008 16:56 UTC (Thu) by zooko (subscriber, #2589) [Link]

It could be of practical interest if someone wanted to download it and install it and use it, right?

Also, I find it hard to imagine that some Linux copyright holder would sue you if you redistributed it to a third party. That would be interesting. I would almost want to be sued (for what -- monetary damages? An injunction forbidding me to keep redistributing it?) just to see it happen.

Unfortunately, I don't have time today to download the dtrace port, combine it with the Linux kernel, and put it up on my web server for redistribution. Maybe tomorrow.

dtrace on Linux

Posted Sep 19, 2008 1:48 UTC (Fri) by njs (guest, #40338) [Link]

But the point is that it doesn't matter if you redistribute it; in the big picture it only matters if major distros start redistributing it.

And no major distro's legal department is going to let them blatantly violate the copyrights of everyone on lkml and open themselves up to legal action. (But at least SCO would finally have a valid case against Novell!)

So don't let me stop your fun, but you're kind of tilting at windmills, to prove some sort of point that I don't quite see...

dtrace on Linux

Posted Sep 19, 2008 12:22 UTC (Fri) by zooko (subscriber, #2589) [Link]

Hm... Wouldn't this mean that the dtrace-for-linux code is in the exact same legal status as the "proprietary codecs" that various distributions have various ways of dealing with?

For example:

http://fedoraproject.org/wiki/ForbiddenItems#MP3_Support

https://help.ubuntu.com/community/RestrictedFormats

In both cases, there is some source code which is legal for end-users to use, but (perhaps?) not legal for Linux distributions to distribute.

If I'm right that this is the same legal situation, then this implies that it is legally possible for dtrace-on-linux to be as widely used as MP3-on-linux is. :-)

Regards,

Don Quizooko

P.S. I love tilting at windmills. Every now and then you get a solid hit on those titanic monsters.

dtrace on Linux

Posted Sep 20, 2008 1:37 UTC (Sat) by rahulsundaram (subscriber, #21946) [Link]

dtrace on Linux

Posted Sep 20, 2008 14:43 UTC (Sat) by zooko (subscriber, #2589) [Link]

That's a good point. A more precise comparison then would be copyright-restricted codecs or the Microsoft fonts, or copyright-restricted drivers.

How's that for a comparison? The legal constraint on using dtrace or ZFS on Linux is exactly the same as the legal constraint on using a proprietary hardware driver on Linux.

dtrace on Linux

Posted Sep 21, 2008 4:43 UTC (Sun) by njs (guest, #40338) [Link]

That sounds accurate.

I note that proprietary hardware drivers *suck* in many, many ways. They make your system impossible to provide support for, which is kind of a problem for a product whose core market is high-end enterprise production servers. They break things horribly and regularly -- and dtrace is obviously *much* more intrusive than your average driver. They're a huge pain to use and maintain -- is there any reason to think that the guy porting dtrace will be more successful at tracking linux mainline than RH's engineers are with systemtap? And will it even be possible to load as a module, or will you have to patch your core kernel/rebuild/reboot?

And, perhaps worst, they create all kinds of obnoxious arguments that divide the community -- look at any discussion of nvidia drivers, or the dtrace discussions here. Part of the magic of FOSS is that normally the enthusiasts, the law-skirters, the enterprise distros, the big-iron vendors, the small consultants, etc. etc. can all work towards common goals, and all provide necessary value at different parts of a system's lifecycle. When people spend their time yelling at each other over whether nVidia's drivers are legal or whether systemtap/btrfs/whatever is worth the effort, we all lose.

Which maybe shouldn't be surprising, since all the evidence suggests that one of Sun's strategic goals in choosing to license dtrace and ZFS in a Linux-incompatible way was to create exactly this sort of division within the FOSS community, and thus give Solaris a competitive chance. What I'm still not clear on is which of these titanic monsters you're going after, exactly...

dtrace on Linux

Posted Sep 21, 2008 12:39 UTC (Sun) by zooko (subscriber, #2589) [Link]

Wait, that's a different argument. The original statement by bronson was Argument 1: that the licensing issues make dtrace "undistributable by anybody, so therefore not of any practical interest". NJS added that it "only matters if major distros start redistributing it".

But this original argument is not true. At least, it is true only inasmuch as it is also true that the licensing issues of nvidia drivers make them undistributable by anyone, so therefore not not of any practical interest.

Now you're making two other arguments. If I understand correctly, Argument 2: If people do use kernel modules or patches with this kind of legal restriction, it is hard to support and tends to break. and Argument 3: It distracts the community with inflammatory bickering about legal issues.

I don't necessarily disagree with either of those. I personally have gone to great effort to get Free Software drivers for my graphics cards. On the other hand, I have occasionly fallen back to using the proprietary graphics card drivers when needed. I think it could be useful to people to understand that even if the latter two arguments are valid, the first one wasn't: dtrace and ZFS are exactly as legally-portable-to-linux as are proprietary graphics card drivers.

Regards,

Zooko

P.S. Oh wait, I'm not sure if I agree with Argument 2. Argument 2 is a strong argument when we're talking about proprietary, closed-source software, but dtrace and ZFS are Free and Open source, so I'm not sure that it would be as fragile and problematic as proprietary drivers.

dtrace on Linux

Posted Sep 21, 2008 18:38 UTC (Sun) by njs (guest, #40338) [Link]

>But this original argument is not true. At least, it is true only inasmuch as it is also true that the licensing issues of nvidia drivers make them undistributable by anyone, so therefore not not of any practical interest.

It's still of no practical interest to kernel developers, distributors, enterprise users, and many others. Jon's (not bronson's) comment was totally reasonable in context -- a kernel developers' discussion about what enterprise-funded developers should work on!

But fair enough -- there may be (probably are) others who find linux-dtrace of practical interest.

But arguments 2 and 3 are linked to this -- to the extent that such people use linux-dtrace, the harms described in those arguments swing into effect. To the extent they avoid linux-dtrace, the harms are abated -- with a trade-off: then they lose dtrace's benefits. There's a tragedy of the commons danger here; the costs of supporting inscrutably broken systems and inflammatory bickering are borne by the community, while the benefits of dtrace are received only only by individuals. Plus, people using/supporting linux-dtrace are not doing themselves any favors in the long run, because it's clearly a dead-end; it's better than nothing, but getting a great solution will require abandoning it and switching to one of the other systems that linux-dtrace sucks the oxygen away from.

So I guess 2 & 3 are arguments for why if we encounter someone for whom linux-dtrace is of practical interest, we should attempt to stop them ;-).

>dtrace and ZFS are exactly as legally-portable-to-linux as are proprietary graphics card drivers.

As a side-point, I'm actually not convinced, at least for dtrace. The nvidia driver uses two tricks: it makes a serious attempt not to be a derived work of the kernel, by including a Free shim layer to basically a windows driver. And it's always distributed separately from the kernel -- otherwise you're distributing a combined, thus derived, thus un-distributable, work. Even the little distros that tried to play fast and loose seem to have given in on this point.

Dtrace is far more intrusive than a graphics driver, and in copyright relevant ways -- it needs to muck around with other people's code to put hooks in. That makes both of the above tricks hard to achieve. Maybe not impossible, I don't know. From his rhetoric about licenses, I haven't gotten the impression that Paul Fox is being that careful. I would not tell people that linux-dtrace as it exists is legal to distribute at all without knowing many more details.

>Argument 2 is a strong argument when we're talking about proprietary, closed-source software, but dtrace and ZFS are Free and Open source, so I'm not sure that it would be as fragile and problematic as proprietary drivers.

It's true the problems are worse for proprietary drivers, but they're quite bad even for plain old out-of-tree drivers. (Note part of the discussion above is about RH's systemtap team's trouble keeping sync with mainline!) And worries about license contamination are an extra burden on top of that.

Sorry for nattering on so!
-- Nathaniel

dtrace on Linux

Posted Sep 21, 2008 9:29 UTC (Sun) by paulj (subscriber, #341) [Link]

The legal constraint on using dtrace or ZFS on Linux is exactly the same as the legal constraint on using a proprietary hardware driver on Linux.

Uh, not really. DTrace is free software..

dtrace on Linux

Posted Sep 21, 2008 11:22 UTC (Sun) by Jonno (subscriber, #49613) [Link]

But it's not GPL compatible, so the *legal* constraints are the same.

Morally and technically it's another matter however, as the source *is*
availible, and *can* be fixed if nessesary...

dtrace on Linux

Posted Sep 22, 2008 10:58 UTC (Mon) by paulj (subscriber, #341) [Link]

And yet Linux distros still manage to ship these proprietary, binary-only drivers, despite these terrible legal constraints.

With DTrace being free-software, there isn't even much of a moral hazard...

dtrace on Linux

Posted Sep 22, 2008 13:57 UTC (Mon) by corbet (editor, #1) [Link]

The number of Linux distributions shipping binary-only drivers has gotten quite small; there are good reasons for that.

DTrace presents a different hazard; imagine a Sun-turns-SCO scenario, for example. The fact that Sun does not appear to be interested in taking that path now is irrelevant; neither was Caldera, once upon a time.

dtrace on Linux

Posted Sep 22, 2008 14:54 UTC (Mon) by paulj (subscriber, #341) [Link]

There's no hazard from Sun, as the CDDL licensed DTrace bits can be combined just fine with GPL bits, as far as the former licence is concerned. The hazard is from a Linux kernel copyright holder turning SCO on Linux distributors, I thought we had established in an earlier discussion.

dtrace on Linux

Posted Sep 22, 2008 15:42 UTC (Mon) by zooko (subscriber, #2589) [Link]

Wait, what happens if Sun decides to try to use all of its copyrights to sue Linux distributors or users or otherwise to do harm to Linux development? Haven't they already granted a permanent, irrevocable Free Software licence over the current versions of DTrace and ZFS, in the form of the CDDL?

I have a feeling that you already addressed this in your "What if Sun turns Evil?" article, but I don't recall any actual problems that could result from use of DTrace or ZFS source code.

dtrace on Linux

Posted Sep 22, 2008 17:33 UTC (Mon) by njs (guest, #40338) [Link]

Well, there is Sun's ongoing refusal to answer questions like "Are you willing to grant a license to any ZFS patents you hold to other FOSS implementations?", which creates at least a cloud of uncertainty about what they might do if they became evil, or just decided that Linux was catching up with Solaris and threatening them.

Unless they have changed their mind and answered this at some point. I hope so -- haven't followed closely.

But paulj is right re: copyrights; Sun wrote the CDDL in such a way that combining CDDL and GPLv2 violates the GPL but not the CDDL. This has the same effect in practice as not granting permission, but it means that for copyright issues we don't need to worry about Sun-turns-SCO -- we need to worry about SCO-turns-SCO.

dtrace on Linux

Posted Sep 21, 2008 12:43 UTC (Sun) by zooko (subscriber, #2589) [Link]

That's a really good point that DTrace is Free Software. I just now eventually came around to realizing the relevance of that in another post on this thread.

However, my point here was that resulting restrictions on use and redistribution are similar:

The copyright holder on DTrace has granted permission to use it in Linux systems, but the GPL which governs redistribution of Linux source code forbids redistributing derived works which include non-GPL'ed code such as DTrace.

This winds up imposing the same sort of restriction on users and distributors that a proprietary driver does: the copyright holder of the proprietary driver grants you the right to use it in your Linux kernel, but the Linux licence forbids you to redistribute it (assuming the current standard interpretation of GPL applied to this issue).

dtrace on Linux

Posted Sep 18, 2008 20:10 UTC (Thu) by SEJeff (subscriber, #51588) [Link]

http://www.crisp.demon.co.uk/blog/ his blog is pretty interesting to watch also. He doesn't update it super often, but it is always something good.