Here are some nits to correct in the body of the otherwise well-done article. I'm a systemtap developer.
It is true that systemtap relies on dynamic probes almost exclusively. Since these are expressed in terms of functions / source code lines, they indeed rely on an understanding of the kernel. We are well aware that this is too much for an ordinary user, which is why from day 1, systemtap has included a "tapset" facility. This method allows kernel experts to encode their knowledge about subsystems into higher level probe points, so that end-user scripts can refer to higher level abstractions. So, a knowledgeable person can probe kernel.function("sys_open") and look at local variables or parameters; a less knowledgeable one can rely on the automatic tapset searching and probe syscall.open. Such higher level tapset probes are intended to allay the "must be a kernel hacker" worry, and are generally documented accordingly.
The documentation not only mutters about a blacklist. There are kernel-side and systemtap-side blacklists. (There exists a similar blacklist in dtrace for analogous low-level kernel code.) While these are actively maintained, they are not complete, thus the caution in the docs.
Regarding the relative safety of a virtual-machine-based interpreter versus the compiled-in checks of systemtap, as far as we can see, it's a toss-up. One can consider the systemtap method to be equivalent to inlining all the same checks that the virtual machine would do. All the difficult areas of safety assurance come from other places - the runtime, the choice of probe points.
Regarding the difficulty of getting started with systemtap due to its installation requirements, we agree, and are working on improving this aspect. Similarly, we are aware of the need for more polish, fuller documentation, a bigger library of samples. Our small group is working on these things, and would appreciate community assistance. All of our work (code, bugs, documents, mailing lists) have been in the open since day 1.
Let me finish off with a plug at a systemtap-dtrace comparison page. We have invited Adam Leventhal from Sun to help edit it to keep us all honest.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds