stap

stap [ options ] filename.stp [ arguments ]

-v
    Verbose mode. Print more information about the compilation and execution process.

-g
    Guru mode. Allows access to potentially unsafe operations. Use with caution.

-o
    Redirects the standard output to the specified file.

-F
    Force operation, overriding certain safety checks.

-p
    Pass number to the compiler.

-k
    Keep the temporary directory after execution.

-x
    Probe the target process PID.

-G
    Produce a graph of the generated code (requires dot).

--version
    Display the SystemTap version information.

--help
    Display help information.

--use-color[=never,always,auto]
    Control the use of color in the output.

stap is a scripting language and command-line tool for dynamic instrumentation of running Linux systems. It allows users to write scripts in a C-like language to probe various events within the kernel and user-space applications, providing insights into system behavior without requiring recompilation or modification of the target software. stap scripts can access kernel data structures, function arguments, and return values, enabling detailed analysis of performance bottlenecks, security vulnerabilities, and other system-level issues. It relies on debuginfo packages (e.g., -debuginfo RPMs) for accessing symbol information. The primary use of stap is by developers, system administrators and researchers who want to monitor, trace, and analyze the behavior of running software.

stap requires root privileges to operate. Incorrectly written stap scripts can crash the system or expose sensitive information. Always exercise caution when using guru mode. It is recommended to test scripts in a safe environment before deploying them to production systems. SystemTap relies on the availability of debuginfo packages for the targeted kernel and user-space applications. stap is dependent on the kernel version, and scripts may need to be adapted when the kernel is upgraded.

Because stap can access and modify kernel data, it must be used with caution. Always review and understand the behavior of your stap scripts before executing them. Avoid using guru mode unless absolutely necessary. Restrict access to the stap command and related tools to trusted users.

The SystemTap scripting language is similar to C, but with extensions for probing kernel events and accessing kernel data structures. It includes features such as probe points, variables, functions, and control flow statements. stap scripts are typically written in files with the .stp extension.

SystemTap originated as a research project at Red Hat in the early 2000s.
It aimed to provide a safe and efficient way to dynamically instrument Linux systems without requiring kernel recompilation.
Over the years, it has evolved into a powerful tool widely used for performance analysis, debugging, and security investigations.
It is maintained as an open-source project and has a vibrant community of developers and users.
It is now part of many Linux distributions.

perf(1), strace(1), ltrace(1)