stap(1) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | DOCUMENTATION OVERVIEW | OPTIONS | ARGUMENTS | SCRIPT LANGUAGE | PROCESSING | EXAMPLES | CACHING | SAFETY AND SECURITY | UNPRIVILEGED USERS | ALTERNATE RUNTIMES | EXIT STATUS | DEPRECATION | FILES | SEE ALSO | BUGS | COLOPHON

STAP(1)                  General Commands Manual                 STAP(1)

NAME         top

       stap - systemtap script translator/driver

SYNOPSIS         top

       stap [ OPTIONS ] FILENAME [ ARGUMENTS ]
       stap [ OPTIONS ] - [ ARGUMENTS ]
       stap [ OPTIONS ] -e SCRIPT [ ARGUMENTS ]
       stap [ OPTIONS ] -l PROBE [ ARGUMENTS ]
       stap [ OPTIONS ] -L PROBE [ ARGUMENTS ]
       stap [ OPTIONS ] --dump-probe-types
       stap [ OPTIONS ] --dump-probe-aliases
       stap [ OPTIONS ] --dump-functions

DESCRIPTION         top

       The stap program is the front-end to the Systemtap tool.  It
       accepts probing instructions written in a simple domain-specific
       language, translates those instructions into C code, compiles
       this C code, and loads the resulting module into a running Linux
       kernel or a Dyninst user-space mutator, to perform the requested
       system trace/probe functions.  You can supply the script in a
       named file (FILENAME), from standard input (use - instead of
       FILENAME), or from the command line (using -e SCRIPT).  The
       program runs until it is interrupted by the user, or if the
       script voluntarily invokes the exit() function, or by sufficient
       number of soft errors.

       The language, which is described the SCRIPT LANGUAGE section
       below, is strictly typed, expressive, declaration free,
       procedural, prototyping-friendly, and inspired by awk and C.  It
       allows source code points or events in the system to be
       associated with handlers, which are subroutines that are executed
       synchronously.  It is somewhat similar conceptually to
       "breakpoint command lists" in the gdb debugger.

DOCUMENTATION OVERVIEW         top

       systemtap comes with a variety of educational, documentation and
       reference resources.  They come online and/or packaged for
       offline use.  Some systemtap diagnostic warning/error messages
       specially suggest reading a man page by including a string like
       [man error::pass5].  For online documentation, see the project
       web site, https://sourceware.org/systemtap/

       ┌──────────────────────────┬──────────────────────────────────────────────────────┐
       │man pages                 │                                                      │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stap (this page)          │ language syntax, concepts, operation, options        │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │error::*                  │ further explanation of error conditions              │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │warning::*                │ further explanation of warning conditions            │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stapprobes                │ probe points and their $context variables            │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stapref                   │ quick reference to language syntax                   │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stappaths                 │ list of directories, including books & references    │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stap-prep                 │ program to install auxiliary dependencies like       │
       │                          │ kernel debuginfo                                     │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │tapset::*                 │ generated list of tapsets                            │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │probe::*                  │ generated list of tapset probe aliases               │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │function::*               │ generated list of tapset functions                   │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │macro::*                  │ generated list of tapset macros                      │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stapvars                  │ some of the tapset global variables                  │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │staprun, stapdyn, stapbpf │ programs for executing compiled systemtap scripts    │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │systemtap                 │ initscript, boot-time probing                        │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stap-server               │ compilation server                                   │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │stapex                    │ a few very basic script examples                     │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │books                     │                                                      │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │Beginner's Guide          │ tutorial book, language essentials, examples         │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │Tutorial                  │ shorter tutorial, exercises                          │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │Language Reference        │ detailed language manual, covers statistics/analysis │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │Tapset Reference          │ the tapset man pages, reformatted into a book        │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │references                │                                                      │
       ├──────────────────────────┼──────────────────────────────────────────────────────┤
       │example scripts           │ over a hundred directly usable sysadmin tools, toys, │
       │                          │ hacks to learn from                                  │
       └──────────────────────────┴──────────────────────────────────────────────────────┘

OPTIONS         top

       The systemtap translator supports the following options.  Any
       other option prints a list of supported options.  Options may be
       given on the command line, as usual.  If the file
       $SYSTEMTAP_DIR/rc exist, options are also loaded from there and
       interpreted first.  ($SYSTEMTAP_DIR defaults to $HOME/.systemtap
       if unset.)

       In some cases, the default value of an option depends on
       particular system configuration and thus can't be mentioned here
       directly.  In some of those cases running "stap --help" might
       display the default.

       -      Use standard input instead of a given FILENAME as probe
              language input, unless -e SCRIPT is given.

       -h --help
              Show help message.

       -V --version
              Show version message.

       -p NUM Stop after pass NUM.  The passes are numbered 1-5: parse,
              elaborate, translate, compile, run.  See the PROCESSING
              section for details.

       -v     Increase verbosity for all passes.  Produce a larger
              volume of informative (?) output each time option
              repeated.

       --vp ABCDE
              Increase verbosity on a per-pass basis.  For example,
              "--vp 002" adds 2 units of verbosity to pass 3 only.  The
              combination "-v --vp 00004" adds 1 unit of verbosity for
              all passes, and 4 more for pass 5.

       -k     Keep the temporary directory after all processing.  This
              may be useful in order to examine the generated C code, or
              to reuse the compiled kernel object.

       -g     Guru mode.  Enable parsing of unsafe expert-level
              constructs like embedded C.

       -P     Prologue-searching mode.  This is equivalent to
              --prologue-searching=always.  Activate heuristics to work
              around incorrect debugging information for function
              parameter $context variables.

       -u     Unoptimized mode.  Disable unused code elision and many
              other optimizations during elaboration / translation.

       -w     Suppressed warnings mode.  Disables all warning messages.

       -W     Treat all warnings as errors.

       -b     Use bulk mode (percpu files) for kernel-to-user data
              transfer.  Use the stap-merge program to multiplex them
              back together later.

       -i --interactive
              Interactive mode. Enable an interface to build the
              systemtap script incrementally and interactively.

       -t     Collect timing information on the number of times probe
              executes and average amount of time spent in each probe-
              point. Also shows the derivation for each probe-point.

       -s NUM Use NUM megabyte buffers for kernel-to-user data transfer.
              On a multiprocessor in bulk mode, this is a per-processor
              amount.

       -I DIR Add the given directory to the tapset search directory.
              See the description of pass 2 for details.

       -D NAME=VALUE
              Add the given C preprocessor directive to the module
              Makefile.  These can be used to override limit parameters
              described below.

       -B NAME=VALUE
              In kernel-runtime mode, add the given make directive to
              the kernel module build's make invocation.  These can be
              used to add or override kconfig options.  For example, use

              -B CONFIG_DEBUG_INFO=y

              to add debugging information.

       -B FLAG
              In dyninst-runtime mode, add the given parameter to the
              compiler CFLAGS used for building the dyninst shared
              library.  For example, use

              -B -g

              to add debugging information.

       -a ARCH
              Use a cross-compilation mode for the given target
              architecture.  This requires access to the cross-compiler
              and the kernel build tree, and goes along with the

              -B CROSS_COMPILE=arch-tool-prefix-
              and
              -r /build/tree

              options.

       --modinfo NAME=VALUE
              Add the name/value pair as a MODULE_INFO macro call to the
              generated module.  This may be useful to inform or
              override various module-related checks in the kernel.

       -G NAME=VALUE
              Sets the value of global variable NAME to VALUE when
              staprun is invoked.  This applies to scalar variables
              declared global in the script/tapset.

       -R DIR Look for the systemtap runtime sources in the given
              directory.  Your DIR default can be seen using "stap
              --help".

       -r /DIR
              Build for kernel in given build tree. Can also be set with
              the SYSTEMTAP_RELEASE environment variable.

       -r RELEASE
              Build for kernel in build tree /lib/modules/RELEASE/build.
              Can also be set with the SYSTEMTAP_RELEASE environment
              variable.

       -m MODULE
              Use the given name for the generated kernel object module,
              instead of a unique randomized name.  The generated kernel
              object module is copied to the current directory.

       -d MODULE
              Add symbol/unwind information for the given module into
              the kernel object module.  This may enable symbolic
              tracebacks from those modules/programs, even if they do
              not have an explicit probe placed into them.

       --ldd  Add symbol/unwind information for all user-space shared
              libraries suspected by ldd to be necessary for user-space
              binaries being probed or listed with the -d option.
              Caution: this can make the probe modules considerably
              larger.  Note that this option does not deal with kernel-
              space modules: see instead --all-modules below.

       --all-modules
              Equivalent to specifying "-dkernel" and a "-d" for each
              kernel module that is currently loaded.  Caution: this can
              make the probe modules considerably larger.

       -o FILE
              Send standard output to named file. In bulk mode, percpu
              files will start with FILE_ (FILE_cpu with -F) followed by
              the cpu number.  This supports strftime(3) formats for
              FILE.

       -c CMD Start the probes, run CMD, and exit when CMD finishes.
              This also has the effect of setting target() to the pid of
              the command ran.

       -x PID Sets target() to PID. This allows scripts to be written
              that filter on a specific process. Scripts run independent
              of the PID's lifespan.

       -e SCRIPT
              Run the given SCRIPT specified on the command line.

       -E SCRIPT
              Run the given SCRIPT specified. This SCRIPT is run in
              addition to the main script specified, through -e, or as a
              script file. This option can be repeated to run multiple
              scripts, and can be used in listing mode (-l/-L).

       -l PROBE
              Instead of running a probe script, just list all available
              probe points matching the given single probe point.  The
              pattern may include wildcards and aliases, but not comma-
              separated multiple probe points.  The process result code
              will indicate failure if there are no matches.

              % stap -e 'probe syscall.* { }'
              [...]
              % stap -l 'syscall.*'
              syscall.accept
              [...]
              syscall.writev

       -L PROBE
              Similar to "-l", but list matching probe points plus their
              available context variables.  When -v is set with -L, the
              output includes duplicate probe points which are
              distinguished by their PC address.

              % stap -L 'process("/lib64/libpython*.so.*").mark("*")'
              process("/usr/lib64/libpython2.7.so.1.0").mark("function__entry") $arg1:long $arg2:long $arg3:long
              process("/usr/lib64/libpython2.7.so.1.0").mark("function__return") $arg1:long $arg2:long $arg3:long
              process("/usr/lib64/libpython3.6m.so.1.0").mark("function__entry") $arg1:long $arg2:long $arg3:long
              process("/usr/lib64/libpython3.6m.so.1.0").mark("function__return") $arg1:long $arg2:long $arg3:long
              process("/usr/lib64/libpython3.6m.so.1.0").mark("gc__done") $arg1:long
              process("/usr/lib64/libpython3.6m.so.1.0").mark("gc__start") $arg1:long
              process("/usr/lib64/libpython3.6m.so.1.0").mark("line") $arg1:long $arg2:long $arg3:long

       -F     Without -o option, load module and start probes, then
              detach from the module leaving the probes running.  With
              -o option, run staprun in background as a daemon and show
              its pid.

       -S size[,N]
              Sets the maximum size of output file and the maximum
              number of output files.  If the size of output file will
              exceed size , systemtap switches output file to the next
              file. And if the number of output files exceed N ,
              systemtap removes the oldest output file. You can omit the
              second argument.

       -T TIMEOUT
              Exit the script after TIMEOUT seconds.

       --skip-badvars
              Ignore unresolvable or run-time-inaccessible context
              variables and substitute with 0, without errors.

       --prologue-searching[=WHEN]
              Prologue-searching mode. Activate heuristics to work
              around incorrect debugging information  for  function
              parameter $context variables. WHEN can be either "never",
              "always", or "auto" (i.e. enabled by heuristic). If WHEN
              is missing, then "always" is assumed. If the option is
              missing, then "auto" is assumed.

       --suppress-handler-errors
              Wrap all probe handlers into something like this

              try { ... } catch { next }

              block, which causes any runtime errors to be quietly
              suppressed.  Suppressed errors do not count against
              MAXERRORS limits.  In this mode, the MAXSKIPPED limits are
              also suppressed, so that many errors and skipped probes
              may be accumulated during a script's runtime.  Any overall
              counts will still be reported at shutdown.

       --compatible VERSION
              Suppress recent script language or tapset changes which
              are incompatible with given older version of systemtap.
              This may be useful if a much older systemtap script fails
              to run.  See the DEPRECATION section for more details.

       --check-version
              This option is used to check if the active script has any
              constructs that may be systemtap version specific.  See
              the DEPRECATION section for more details.

       --clean-cache
              This option prunes stale entries from the cache directory.
              This is normally done automatically after successful runs,
              but this option will trigger the cleanup manually and then
              exit.  See the CACHING section for more details about
              cache limits.

       --color[=WHEN], --colour[=WHEN]
              This option controls coloring of error messages. WHEN can
              be either "never", "always", or "auto" (i.e. enable only
              if at a terminal). If WHEN is missing, then "always" is
              assumed. If the option is missing, then "auto" is assumed.

              Colors can be modified using the SYSTEMTAP_COLORS
              environment variable. The format must be of the form
              key1=val1:key2=val2:key3=val3 ...etc.  Valid keys are
              "error", "warning", "source", "caret", and "token".
              Values constitute Select Graphic Rendition (SGR)
              parameter(s). Consult the documentation of your terminal
              for the SGRs it supports. As an example, the default
              colors would be expressed as
              error=01;31:warning=00;33:source=00;34:caret=01:token=01.
              If SYSTEMTAP_COLORS is absent, the default colors will be
              used. If it is empty or invalid, coloring is turned off.

       --disable-cache
              This option disables all use of the cache directory.  No
              files will be either read from or written to the cache.

       --poison-cache
              This option treats files in the cache directory as
              invalid.  No files will be read from the cache, but
              resulting files from this run will still be written to the
              cache.  This is meant as a troubleshooting aid when stap's
              cached behavior seems to be misbehaving.  If it helped,
              there is a probably a bug in systemtap that the developers
              would like you to report.

       --privilege[=stapusr | =stapsys | =stapdev]
              This option instructs stap to examine the script looking
              for constructs which are not allowed for the specified
              privilege level (see UNPRIVILEGED USERS).  Compilation
              fails if any such constructs are used.  If stapusr or
              stapsys are specified when using a compile server (see
              --use-server), the server will examine the script and, if
              compilation succeeds, the server will cryptographically
              sign the resulting kernel module, certifying that is it
              safe for use by users at the specified privilege level.

              If --privilege has not been specified, -pN has not been
              specified with N < 5, and the invoking user is not root,
              and is not a member of the group stapdev, then stap will
              automatically add the appropriate --privilege option to
              the options already specified.

       --unprivileged
              This option is equivalent to --privilege=stapusr.

       --use-server[=HOSTNAME[:PORT] | =IP_ADDRESS[:PORT] |
       =CERT_SERIAL]
              Specify compile-server(s) to be used for compilation
              and/or in conjunction with --list-servers and
              --trust-servers (see below) for listing. If no argument is
              supplied, then the default in unprivileged mode (see
              --privilege) is to select compatible servers which are
              trusted as SSL peers and as module signers and currently
              online. Otherwise the default is to select compatible
              servers which are trusted as SSL peers and currently
              online.  --use-server may be specified more than once, in
              which case a list of servers is accumulated in the order
              specified. Servers may be specified by host name, ip
              address, or by certificate serial number (obtained using
              --list-servers).  The latter is most commonly used when
              adding or revoking trust in a server (see --trust-servers
              below). If a server is specified by host name or ip
              address, then an optional port number may be specified.
              This is useful for accessing servers which are not on the
              local network or to specify a particular server.

              IP addresses may be IPv4 or IPv6 addresses.

              If a particular IPv6 address is link local and exists on
              more than one interface, the intended interface may be
              specified by appending the address with a percent sign (%)
              followed by the intended interface name. For example,
              "fe80::5eff:35ff:fe07:55ca%eth0".

              In order to specify a port number with an IPv6 address, it
              is necessary to enclose the IPv6 address in square
              brackets ([]) in order to separate the port number from
              the rest of the address. For example,
              "[fe80::5eff:35ff:fe07:55ca]:5000" or
              "[fe80::5eff:35ff:fe07:55ca%eth0]:5000".

              If --use-server has not been specified, -pN has not been
              specified with N < 5, and the invoking user not root, is
              not a member of the group stapdev, but is a member of the
              group stapusr, then stap will automatically add
              --use-server to the options already specified.

       --use-server-on-error[=yes|=no]
              Instructs stap to retry compilation of a script using a
              compile server if compilation on the local host fails in a
              manner which suggests that it might succeed using a
              server.  If this option is not specified, the default is
              no.  If no argument is provided, then the default is yes.
              Compilation will be retried for certain types of errors
              (e.g. insufficient data or resources) which may not occur
              during re-compilation by a compile server. Compile servers
              will be selected automatically for the re-compilation
              attempt as if --use-server was specified with no
              arguments.

       --list-servers[=SERVERS]
              Display the status of the requested SERVERS, where SERVERS
              is a comma-separated list of server attributes. The list
              of attributes is combined to filter the list of servers
              displayed. Supported attributes are:

              all    specifies all known servers (trusted SSL peers,
                     trusted module signers, online servers).

              specified
                     specifies servers specified using --use-server.

              online filters the output by retaining information about
                     servers which are currently online.

              trusted
                     filters the output by retaining information about
                     servers which are trusted as SSL peers.

              signer filters the output by retaining information about
                     servers which are trusted as module signers (see
                     --privilege).

              compatible
                     filters the output by retaining information about
                     servers which are compatible with the current
                     kernel release and architecture.

              If no argument is provided, then the default is specified.
              If no servers were specified using --use-server, then the
              default servers for --use-server are listed.

              Note that --list-servers uses the avahi-daemon service to
              detect online servers. If this service is not available,
              then --list-servers will fail to detect any online
              servers. In order for --list-servers to detect servers
              listening on IPv6 addresses, the avahi-daemon
              configuration file /etc/avahi/avahi-daemon.conf must
              contain an active "use-ipv6=yes" line. The service must be
              restarted after adding this line in order for IPv6 to be
              enabled.

       --trust-servers[=TRUST_SPEC]
              Grant or revoke trust in compile-servers, specified using
              --use-server as specified by TRUST_SPEC, where TRUST_SPEC
              is a comma-separated list specifying the trust which is to
              be granted or revoked. Supported elements are:

              ssl    trust the specified servers as SSL peers.

              signer trust the specified servers as module signers (see
                     --privilege).  Only root can specify signer.

              all-users
                     grant trust as an ssl peer for all users on the
                     local host. The default is to grant trust as an ssl
                     peer for the current user only. Trust as a module
                     signer is always granted for all users. Only root
                     can specify all-users.

              revoke revoke the specified trust. The default is to grant
                     it.

              no-prompt
                     do not prompt the user for confirmation before
                     carrying out the requested action. The default is
                     to prompt the user for confirmation.

              If no argument is provided, then the default is ssl.  If
              no servers were specified using --use-server, then no
              trust will be granted or revoked.

              Unless no-prompt has been specified, the user will be
              prompted to confirm the trust to be granted or revoked
              before the operation is performed.

       --dump-probe-types
              Dumps a list of supported probe types and exits. If
              --privilege=stapusr is also specified, the list will be
              limited to probe types available to unprivileged users.

       --dump-probe-aliases
              Dumps a list of all probe aliases found in library files
              and exits.

       --dump-functions
              Dumps a list of all the public functions found in library
              files and exits. Also includes their parameters and types.
              A function of type 'unknown' indicates a function that
              does not return a value. Note that not all
              function/parameter types may be resolved (these are also
              shown by 'unknown'). This features is very memory-
              intensive and thus may not work properly with --use-server
              if the target server imposes an rlimit on process memory
              (i.e. through the ~stap-server/.systemtap/rc configuration
              file, see stap-server(8)).

       --remote URL
              Set the execution target to the given host.  This option
              may be repeated to target multiple execution targets.
              Passes 1-4 are completed locally as normal to build the
              script, and then pass 5 will copy the module to the target
              and run it.  Acceptable URL forms include:

              [USER@]HOSTNAME, ssh://[USER@]HOSTNAME
                     This mode uses ssh, optionally using a username not
                     matching your own. If a custom ssh_config file is
                     in use, add SendEnv LANG to retain
                     internationalization functionality.

              libvirt://DOMAIN, libvirt://DOMAIN/LIBVIRT_URI
                     This mode uses stapvirt to execute the script on a
                     domain managed by libvirt. Optionally, LIBVIRT_URI
                     may be specified to connect to a specific driver
                     and/or a remote host. For example, to connect to
                     the local privileged QEMU driver, use:

                     --remote libvirt://MyDomain/qemu:///system

                     See the page at <http://libvirt.org/uri.html> for
                     supported URIs. Also see stapvirt(1) for more
                     information on how to prepare the domain for stap
                     probing.

              unix:PATH
                     This mode connects to a UNIX socket. This can be
                     used with a QEMU virtio-serial port for executing
                     scripts inside a running virtual machine.

              direct://
                     Special loopback mode to run on the local host.

       --remote-prefix
              Prefix each line of remote output with "N: ", where N is
              the index of the remote execution target from which the
              given line originated.

       --download-debuginfo[=OPTION]
              Enable, disable or set a timeout for the automatic
              debuginfo downloading feature offered by abrt as specified
              by OPTION, where OPTION is one of the following:

              yes    enable automatic downloading of debuginfo with no
                     timeout. This is the same as not providing an
                     OPTION value to --download-debuginfo

              no     explicitly disable automatic downloading of
                     debuginfo. This is the same as not using the option
                     at all.

              ask    show abrt output, and ask before continuing
                     download. No timeout will be set.

              <timeout>
                     specify a timeout as a positive number to stop the
                     download if it is taking longer than <timeout>
                     seconds.

       --rlimit-as=NUM
              Specify the maximum size of the process's virtual memory
              (address space), in bytes.

       --rlimit-cpu=NUM
              Specify the CPU time limit, in seconds.

       --rlimit-nproc=NUM
              Specify the maximum number of processes that can be
              created.

       --rlimit-stack=NUM
              Specify the maximum size of the process stack, in bytes.

       --rlimit-fsize=NUM
              Specify the maximum size of files that the process may
              create, in bytes.

       --sysroot=DIR
              Specify sysroot directory where target files (executables,
              libraries, etc.)  are located.  With -r RELEASE, the
              sysroot will be searched for the appropriate kernel build
              directory.  With -r /DIR, however, the sysroot will not be
              used to find the kernel build.

       --sysenv=VAR=VALUE
              Provide an alternate value for an environment variable
              where the value on a remote system differs.  Path
              variables (e.g. PATH, LD_LIBRARY_PATH) are assumed to be
              relative to the directory provided by --sysroot, if
              provided.

       --suppress-time-limits
              Disable -DSTP_OVERLOAD related options as well as
              -DMAXACTION and -DMAXTRYLOCK.  This option requires guru
              mode.

       --runtime=MODE
              Set the pass-5 runtime mode.  Valid options are kernel
              (default), dyninst and bpf.  See ALTERNATE RUNTIMES below
              for more information.

       --dyninst
              Shorthand for --runtime=dyninst.

       --bpf  Shorthand for --runtime=bpf.

       --save-uprobes
              On machines that require SystemTap to build its own
              uprobes module (kernels prior to version 3.5), this option
              instructs SystemTap to also save a copy of the module in
              the current directory (creating a new "uprobes" directory
              first).

       --target-namespaces=PID
              Allow for a set of target namespaces to be set based on
              the namespaces the given PID is in. This is for
              namespace-aware tapset functions. If the target namespaces
              was not set, the target defaults to the stap process'
              namespaces.

       --monitor=INTERVAL
              Enables an interface to display status information about
              the module(uptime, module name, invoker uid, memory sizes,
              global variables, list of probes with their statistics).
              An optional argument INTERVAL can be supplied to set the
              refresh rate in seconds of the status window. The module
              can also be controlled by a list of commands using the
              following keys:

              c      Resets all global variables to their initial values
                     or zeroes them if they did not have an initial
                     value.

              s      Rotates the attribute used to sort the list of
                     probes.

              t      Brings up a prompt to allow toggling(on/off) of
                     probes by index. Probe points are still affected by
                     their conditions.

              r      Resumes the script by toggling on all probes.

              p      Pauses the script by toggling off all probes.

              x      Hides/shows the status window. This allows for more
                     output to be seen.

              navigation-keys
                     The navigation keys can be used to scroll up and
                     down the windows.

              Tab    Toggle scrolling between status and output windows.

       --example
              This option is used to run example scripts without having
              to enter the entire path to the script. Example scripts
              can be found in the directory specified in the
              stappaths(7) manual page.

       --no-global-var-display
              This option is used to disable the automatic logging of
              unused global variables at the end of a stap session.

ARGUMENTS         top

       Any additional arguments on the command line are passed to the
       script parser for substitution.  See below.

SCRIPT LANGUAGE         top

       The systemtap script language resembles awk and C.  There are two
       main outermost constructs: probes and functions.  Within these,
       statements and expressions use C-like operator syntax and
       precedence.

   GENERAL SYNTAX
       Whitespace is ignored.  Three forms of comments are supported:
              # ... shell style, to the end of line, except for $# and
              @#
              // ... C++ style, to the end of line
              /* ... C style ... */
       Literals are either strings enclosed in double-quotes (passing
       through the usual C escape codes with backslashes, and with
       adjacent string literals glued together, also as in C), or
       integers (in decimal, hexadecimal, or octal, using the same
       notation as in C).  All strings are limited in length to some
       reasonable value (a few hundred bytes).  Integers are 64-bit
       signed quantities, although the parser also accepts (and wraps
       around) values above positive 2**63.

       In addition, script arguments given at the end of the command
       line may be inserted.  Use $1 ... $<NN> for insertion unquoted,
       @1 ... @<NN> for insertion as a string literal.  The number of
       arguments may be accessed through $# (as an unquoted number) or
       through @# (as a quoted number).  These may be used at any place
       a token may begin, including within the preprocessing stage.
       Reference to an argument number beyond what was actually given is
       an error.

   PREPROCESSING
       A simple conditional preprocessing stage is run as a part of
       parsing.  The general form is similar to the cond ? exp1 : exp2
       ternary operator:

              %( CONDITION %? TRUE-TOKENS %)
              %( CONDITION %? TRUE-TOKENS %: FALSE-TOKENS %)

       The CONDITION is either an expression whose format is determined
       by its first keyword, or a string literals comparison or a
       numeric literals comparison.  It can be also composed of many
       alternatives and conjunctions of CONDITIONs (meant as in previous
       sentence) using || and && respectively.  However, parentheses are
       not supported yet, so remembering that conjunction takes
       precedence over alternative is important.

       If the first part is the identifier kernel_vr or kernel_v to
       refer to the kernel version number, with ("2.6.13-1.322FC3smp")
       or without ("2.6.13") the release code suffix, then the second
       part is one of the six standard numeric comparison operators <,
       <=, ==, !=, >, and >=, and the third part is a string literal
       that contains an RPM-style version-release value.  The condition
       is deemed satisfied if the version of the target kernel (as
       optionally overridden by the -r option) compares to the given
       version string.  The comparison is performed by the glibc
       function strverscmp.  As a special case, if the operator is for
       simple equality (==), or inequality (!=), and the third part
       contains any wildcard characters (* or ? or [), then the
       expression is treated as a wildcard (mis)match as evaluated by
       fnmatch.

       If, on the other hand, the first part is the identifier arch to
       refer to the processor architecture (as named by the kernel build
       system ARCH/SUBARCH), then the second part is one of the two
       string comparison operators == or !=, and the third part is a
       string literal for matching it.  This comparison is a wildcard
       (mis)match.

       Similarly, if the first part is an identifier like
       CONFIG_something to refer to a kernel configuration option, then
       the second part is == or !=, and the third part is a string
       literal for matching the value (commonly "y" or "m").
       Nonexistent or unset kernel configuration options are represented
       by the empty string.  This comparison is also a wildcard
       (mis)match.

       If the first part is the identifier systemtap_v, the test refers
       to the systemtap compatibility version, which may be overridden
       for old scripts with the --compatible flag.  The comparison
       operator is as is for kernel_v and the right operand is a version
       string.  See also the DEPRECATION section below.

       If the first part is the identifier systemtap_privilege, the test
       refers to the privilege level that the systemtap script is
       compiled with. Here the second part is == or !=, and the third
       part is a string literal, either "stapusr" or "stapsys" or
       "stapdev".

       If the first part is the identifier guru_mode, the test refers to
       if the systemtap script is compiled with guru_mode. Here the
       second part is == or !=, and the third part is a number, either 1
       or 0.

       If the first part is the identifier runtime, the test refers to
       the systemtap runtime mode. See ALTERNATE RUNTIMES below for more
       information on runtimes.  The second part is one of the two
       string comparison operators == or !=, and the third part is a
       string literal for matching it.  This comparison is a wildcard
       (mis)match.

       Otherwise, the CONDITION is expected to be a comparison between
       two string literals or two numeric literals.  In this case, the
       arguments are the only variables usable.

       The TRUE-TOKENS and FALSE-TOKENS are zero or more general parser
       tokens (possibly including nested preprocessor conditionals), and
       are passed into the input stream if the condition is true or
       false.  For example, the following code induces a parse error
       unless the target kernel version is newer than 2.6.5:

              %( kernel_v <= "2.6.5" %? **ERROR** %) # invalid token sequence

       The following code might adapt to hypothetical kernel version
       drift:

              probe kernel.function (
                %( kernel_v <= "2.6.12" %? "__mm_do_fault" %:
                   %( kernel_vr == "2.6.13*smp" %? "do_page_fault" %:
                      UNSUPPORTED %) %)
              ) { /* ... */ }

              %( arch == "ia64" %?
                 probe syscall.vliw = kernel.function("vliw_widget") {}
              %)

   PREPROCESSOR MACROS
       The preprocessor also supports a simple macro facility, run as a
       separate pass before conditional preprocessing.

       Macros are defined using the following construct:

              @define NAME %( BODY %)
              @define NAME(PARAM_1, PARAM_2, ...) %( BODY %)

       Macros, and parameters inside a macro body, are both invoked by
       prefixing the macro name with an @ symbol:

              @define foo %( x %)
              @define add(a,b) %( ((@a)+(@b)) %)

                 @foo = @add(2,2)

       Macro expansion is currently performed in a separate pass before
       conditional compilation. Therefore, both TRUE- and FALSE-tokens
       in conditional expressions will be macroexpanded regardless of
       how the condition is evaluated. This can sometimes lead to
       errors:

              // The following results in a conflict:
              %( CONFIG_UTRACE == "y" %?
                  @define foo %( process.syscall %)
              %:
                  @define foo %( **ERROR** %)
              %)

              // The following works properly as expected:
              @define foo %(
                %( CONFIG_UTRACE == "y" %? process.syscall %: **ERROR** %)
              %)

       The first example is incorrect because both @defines are
       evaluated in a pass prior to the conditional being evaluated.

       Normally, a macro definition is local to the file it occurs in.
       Thus, defining a macro in a tapset does not make it available to
       the user of the tapset. Publically available library macros can
       be defined by including .stpm files on the tapset search path.
       These files may only contain @define constructs, which become
       visible across all tapsets and user scripts. Optionally, within
       the .stpm files, a public macro definition can be surrounded by a
       preprocessor conditional as described above.

   CONSTANTS
       Tapsets or guru-mode user scripts can access header file constant
       tokens, typically macros, using built-in @const() operator.  The
       respective header file inclusion is possible either via the
       tapset library, or using a top-level guru mode embedded-C
       construct.  This results in appropriate embedded C pragma
       comments setting.

              @const("STP_SKIP_BADVARS")

   VARIABLES
       Identifiers for variables and functions are an alphanumeric
       sequence, and may include _ and $ characters.  They may not start
       with a plain digit, as in C.  Each variable is by default local
       to the probe or function statement block within which it is
       mentioned, and therefore its scope and lifetime is limited to a
       particular probe or function invocation.

       Scalar variables are implicitly typed as either string or
       integer.  Associative arrays also have a string or integer value,
       and a tuple of strings and/or integers serving as a key.  Here
       are a few basic expressions.

              var1 = 5
              var2 = "bar"
              array1 [pid()] = "name"     # single numeric key
              array2 ["foo",4,i++] += 5   # vector of string/num/num keys
              if (["hello",5,4] in array2) println ("yes")  # membership test

       The translator performs type inference on all identifiers,
       including array indexes and function parameters.  Inconsistent
       type-related use of identifiers signals an error.

       Variables may be declared global, so that they are shared amongst
       all probes and functions and live as long as the entire systemtap
       session.  There is one namespace for all global variables,
       regardless of which script file they are found within.
       Concurrent access to global variables is automatically protected
       with locks, see the SAFETY AND SECURITY section for more details.
       A global declaration may be written at the outermost level
       anywhere, not within a block of code.  Global variables which are
       written but never read will be displayed automatically at session
       shutdown.  The translator will infer for each its value type, and
       if it is used as an array, its key types.  Optionally, scalar
       globals may be initialized with a string or number literal.  The
       following declaration marks variables as global.

              global var1, var2, var3=4

       Global variables can also be set as module options. One can do
       this by either using the -G option, or the module must first be
       compiled using stap -p4.  Global variables can then be set on the
       command line when calling staprun on the module generated by stap
       -p4. See staprun(8) for more information.

       The scope of a global variable may be limited to a tapset or user
       script file using private keyword. The global keyword is optional
       when defining a private global variable. Following declaration
       marks var1 and var2 private globals.

              private global var1=2
              private var2

       Arrays are limited in size by the MAXMAPENTRIES variable -- see
       the SAFETY AND SECURITY section for details.  Optionally, global
       arrays may be declared with a maximum size in brackets,
       overriding MAXMAPENTRIES for that array only.  Note that this
       doesn't indicate the type of keys for the array, just the size.

              global tiny_array[10], normal_array, big_array[50000]

       Arrays may be configured for wrapping using the '%' suffix.  This
       causes older elements to be overwritten if more elements are
       inserted than the array can hold. This works for both associative
       and statistics typed arrays.

              global wrapped_array1%[10], wrapped_array2%

       Many types of probe points provide context variables, which are
       run-time values, safely extracted from the kernel or userspace
       program being probed.  These are prefixed with the $ character.
       The CONTEXT VARIABLES section in stapprobes(3stap) lists what is
       available for each type of probe point.  These context variables
       become normal string or numeric scalars once they are stored in
       normal script variables.  See the TYPECASTING section below on
       how to to turn them back into typed pointers for further
       processing as context variables.  There is some automation to
       help!

   STATEMENTS
       Statements enable procedural control flow.  They may occur within
       functions and probe handlers.  The total number of statements
       executed in response to any single probe event is limited to some
       number defined by the MAXACTION macro in the translated C code,
       and is in the neighbourhood of 1000.

       EXP    Execute the string- or integer-valued expression and throw
              away the value.

       { STMT1 STMT2 ... }
              Execute each statement in sequence in this block.  Note
              that separators or terminators are generally not necessary
              between statements.

       ;      Null statement, do nothing.  It is useful as an optional
              separator between statements to improve syntax-error
              detection and to handle certain grammar ambiguities.

       if (EXP) STMT1 [ else STMT2 ]
              Compare integer-valued EXP to zero.  Execute the first
              (non-zero) or second STMT (zero).

       while (EXP) STMT
              While integer-valued EXP evaluates to non-zero, execute
              STMT.

       for (EXP1; EXP2; EXP3) STMT
              Execute EXP1 as initialization.  While EXP2 is non-zero,
              execute STMT, then the iteration expression EXP3.

       foreach (VAR in ARRAY [ limit EXP ]) STMT
              Loop over each element of the named global array,
              assigning current key to VAR.  The array may not be
              modified within the statement.  By adding a single + or -
              operator after the VAR or the ARRAY identifier, the
              iteration will proceed in a sorted order, by ascending or
              descending index or value.  If the array contains
              statistics aggregates, adding the desired @operator
              between the ARRAY identifier and the + or - will specify
              the sorting aggregate function.  See the STATISTICS
              section below for the ones available.  Default is @count.
              Using the optional limit keyword limits the number of loop
              iterations to EXP times.  EXP is evaluated once at the
              beginning of the loop.

       foreach ([VAR1, VAR2, ...] in ARRAY [ limit EXP ]) STMT
              Same as above, used when the array is indexed with a tuple
              of keys.  A sorting suffix may be used on at most one VAR
              or ARRAY identifier.

       foreach ([VAR1, VAR2, ...] in ARRAY [INDEX1, INDEX2, ...] [ limit
       EXP ]) STMT
              Same as above, where iterations are limited to elements in
              the array where the keys match the index values specified.
              The symbol * can be used to specify an index and will be
              treated as a wildcard.

       foreach (VAR0 = VAR in ARRAY [ limit EXP ]) STMT
              This variant of foreach saves current value into VAR0 on
              each iteration, so it is the same as ARRAY[VAR].  This
              also works with a tuple of keys.  Sorting suffixes on VAR0
              have the same effect as on ARRAY.

       foreach (VAR0 = VAR in ARRAY [INDEX1, INDEX2, ...] [ limit EXP ])
       STMT
              Same as above, where iterations are limited to elements in
              the array where the keys match the index values specified.
              The symbol * can be used to specify an index and will be
              treated as a wildcard.

       break, continue
              Exit or iterate the innermost nesting loop (while or for
              or foreach) statement.

       return EXP
              Return EXP value from enclosing function.  If the
              function's value is not taken anywhere, then a return
              statement is not needed, and the function will have a
              special "unknown" type with no return value.

       next   Return now from enclosing probe handler.  This is
              especially useful in probe aliases that apply event
              filtering predicates. When used in functions, the
              execution will be immediately transferred to the next
              overloaded function.

       try { STMT1 } catch { STMT2 }
              Run the statements in the first block.  Upon any run-time
              errors, abort STMT1 and start executing STMT2.  Any errors
              in STMT2 will propagate to outer try/catch blocks, if any.

       try { STMT1 } catch(VAR) { STMT2 }
              Same as above, plus assign the error message to the string
              scalar variable VAR.

       delete ARRAY[INDEX1, INDEX2, ...]
              Remove from ARRAY the element specified by the index
              tuple.  If the index tuple contains a * in place of an
              index, the * is treated as a wildcard and all elements
              with keys that match the index tuple will be removed from
              ARRAY.  The value will no longer be available, and
              subsequent iterations will not report the element.  It is
              not an error to delete an element that does not exist.

       delete ARRAY
              Remove all elements from ARRAY.

       delete SCALAR
              Removes the value of SCALAR.  Integers and strings are
              cleared to 0 and "" respectively, while statistics are
              reset to the initial empty state.

   EXPRESSIONS
       Systemtap supports a number of operators that have the same
       general syntax, semantics, and precedence as in C and awk.
       Arithmetic is performed as per typical C rules for signed
       integers.  Division by zero or overflow is detected and results
       in an error.

       binary numeric operators
              * / % + - >> << & ^ | && ||

       binary string operators
              .  (string concatenation)

       numeric assignment operators
              = *= /= %= += -= >>= <<= &= ^= |=

       string assignment operators
              = .=

       unary numeric operators
              + - ! ~ ++ --

       binary numeric, string comparison or regex matching operators
              < > <= >= == != =~ !~

       ternary operator
              cond ? exp1 : exp2

       grouping operator
              ( exp )

       function call
              fn ([ arg1, arg2, ... ])

       array membership check
              exp in array
              [exp1, exp2, ... ] in array
              [*, *, ... ] in array

   REGULAR EXPRESSION MATCHING
       The scripting language supports regular expression matching.  The
       basic syntax is as follows:

              exp =~ regex
              exp !~ regex

       (The first operand must be an expression evaluating to a string;
       the second operand must be a string literal containing a
       syntactically valid regular expression.)

       The regular expression syntax supports most of the features of
       POSIX Extended Regular Expressions, except for subexpression
       reuse ("\1") functionality.

       After a successful match, the contents of the matched string and
       subexpressions can be extracted using the matched() and ngroups()
       tapset functions as follows:

              if ("an example string" =~ "str(ing)") {
                matched(0) // -> returns "string", the matched substring
                matched(1) // -> returns "ing", the 1st matched subexpression
                ngroups()  // -> returns 2, the number of matched groups
              }

   PROBES
       The main construct in the scripting language identifies probes.
       Probes associate abstract events with a statement block ("probe
       handler") that is to be executed when any of those events occur.
       The general syntax is as follows:

              probe PROBEPOINT [, PROBEPOINT] { [STMT ...] }
              probe PROBEPOINT [, PROBEPOINT] if (CONDITION) { [STMT ...] }

       Events are specified in a special syntax called "probe points".
       There are several varieties of probe points defined by the
       translator, and tapset scripts may define further ones using
       aliases.  Probe points may be wildcarded, grouped, or listed in
       preference sequences, or declared optional.  More details on
       probe point syntax and semantics are listed on the
       stapprobes(3stap) manual page.

       The probe handler is interpreted relative to the context of each
       event.  For events associated with kernel code, this context may
       include variables defined in the source code at that spot.  These
       "context variables" are presented to the script as variables
       whose names are prefixed with "$".  They may be accessed only if
       the kernel's compiler preserved them despite optimization.  This
       is the same constraint that a debugger user faces when working
       with optimized code.  In addition, the objects must exist in
       paged-in memory at the moment of the systemtap probe handler's
       execution, because systemtap must not cause (suppresses) any
       additional paging.  Some probe types have very little context.
       See the stapprobes(3stap) man pages to see the kinds of context
       variables available at each kind of probe point.  As of systemtap
       version 4.3, functions called from the handlers of some probe
       point types may also refer to context variables.  These are
       treated as if a clone of that function was inlined into the
       calling probe handler and $variables evaluated in its context.

       Probes may be decorated with an arming condition, consisting of a
       simple boolean expression on read-only global script variables.
       While disarmed (inactive, condition evaluates to false), some
       probe types reduce or eliminate their run-time overheads.  When
       an arming condition evaluates to true, probes will be soon re-
       armed, and their probe handlers will start getting called as the
       events fire.  (Some events may be lost during the arming
       interval.  If this is unacceptable, do not use arming conditions
       for those probes.)  Example of the syntax:

              probe timer.us(TIMER) if (enabled) {
              }

       New probe points may be defined using "aliases".  Probe point
       aliases look similar to probe definitions, but instead of
       activating a probe at the given point, it just defines a new
       probe point name as an alias to an existing one. There are two
       types of alias, i.e. the prologue style and the epilogue style
       which are identified by "=" and "+=" respectively.

       For prologue style alias, the statement block that follows an
       alias definition is implicitly added as a prologue to any probe
       that refers to the alias. While for the epilogue style alias, the
       statement block that follows an alias definition is implicitly
       added as an epilogue to any probe that refers to the alias.  For
       example:

              probe syscall.read = kernel.function("sys_read") {
                fildes = $fd
                if (execname() == "init") next  # skip rest of probe
              }

       defines a new probe point syscall.read, which expands to
       kernel.function("sys_read"), with the given statement as a
       prologue, which is useful to predefine some variables for the
       alias user and/or to skip probe processing entirely based on some
       conditions.  And

              probe syscall.read += kernel.function("sys_read") {
                if (tracethis) println ($fd)
              }

       defines a new probe point with the given statement as an
       epilogue, which is useful to take actions based upon variables
       set or left over by the the alias user.  Please note that in each
       case, the statements in the alias handler block are treated
       ordinarily, so that variables assigned there constitute mere
       initialization, not a macro substitution.

       Aliases can also be defined to include both a prologue and an
       epilogue.

              probe syscall.read = kernel.function("sys_read") {
                fildes = $fd
                if (execname() == "init") next
              },{
                if (tracethis) println ($fd)
              }

       An alias is used just like a built-in probe type.

              probe syscall.read {
                printf("reading fd=%d\n", fildes)
                if (fildes > 10) tracethis = 1
              }

       Probes with an alias can make use of the @probewrite predicate.
       This check is used to detect whether a script variable or target
       variable has been written to in the probe handler body.

       @probewrite(var)
              expands to 1 iff var has been written to in the probe
              handler body, otherwise it expands to 0.

       In the following example, @probewrite(var) expands to 1 because
       var has been written to in the probe handler body and
       consequently, the conditional statement will run.

              probe foo = begin { var = 0 }, { if (@probewrite(var)) println(var) }

              probe foo {
                var = 1
              }

   FUNCTIONS
       Systemtap scripts may define subroutines to factor out common
       work.  Functions take any number of scalar (integer or string)
       arguments, and must return a single scalar (integer or string).
       An example function declaration looks like this:

              function thisfn (arg1, arg2) {
                 return arg1 + arg2
              }

       Note the general absence of type declarations, which are instead
       inferred by the translator.  However, if desired, a function
       definition may include explicit type declarations for its return
       value and/or its arguments.  This is especially helpful for
       embedded-C functions.  In the following example, the type
       inference engine need only infer type type of arg2 (a string).

              function thatfn:string (arg1:long, arg2) {
                 return sprint(arg1) . arg2
              }

       Functions may call others or themselves recursively, up to a
       fixed nesting limit.  This limit is defined by the MAXNESTING
       macro in the translated C code and is in the neighbourhood of 10.

       Functions may be marked private using the private keyword to
       limit their scope to the tapset or user script file they are
       defined in. An example definition of a private function follows:

              private function three:long () { return 3 }

       Functions terminating without reaching an explicit return
       statement will return an implicit 0 or "", determined by type
       inference.

       Functions may be overloaded during both runtime and compile time.

       Runtime overloading allows the executed function to be selected
       while the module is running based on runtime conditions and is
       achieved using the "next" statement in script functions and
       STAP_NEXT macro for embedded-C functions. For example,

              function f() { if (condition) next; print("first function") }
              function f() %{ STAP_NEXT; print("second function") %}
              function f() { print("third function") }

       During a functioncall f(), the execution will transfer to the
       third function if condition evaluates to true and print "third
       function". Note that the second function is unconditionally
       nexted.

       Parameter overloading allows the function to be executed to be
       selected at compile time based on the number of arguments
       provided to the functioncall. For example,

              function g() { print("first function") }
              function g(x) { print("second function") }
              g() -> "first function"
              g(1) -> "second function"

       Note that runtime overloading does not occur in the above
       example, as exactly one function will be resolved for the
       functioncall. The use of a next statement inside a function while
       no more overloads remain will trigger a runtime exception Runtime
       overloading will only occur if the functions have the same arity,
       functions with the same name but different number of parameters
       are completely unrelated.

       Execution order is determined by a priority value which may be
       specified.  If no explicit priority is specified, user script
       functions are given a higher priority than library functions.
       User script functions and library functions are assigned a
       default priority value of 0 and 1 respectively.  Functions with
       the same priority are executed in declaration order. For example,

              function f():3 { if (condition) next; print("first function") }
              function f():1 { if (condition) next; print("second function") }
              function f():2 { print("third function") }

       Since the second function has highest priority, it is executed
       first.  The first function is never executed as there no "next"
       statements in the third function to transfer execution.

   PRINTING
       There are a set of function names that are specially treated by
       the translator.  They format values for printing to the standard
       systemtap output stream in a more convenient way (note that data
       generated in the kernel module need to get transferred to user-
       space in order to get printed).

         The sprint* variants return the formatted string instead of
       printing it.

       print, sprint
              Print one or more values of any type, concatenated
              directly together.

       println, sprintln
              Print values like print and sprint, but also append a
              newline.

       printd, sprintd
              Take a string delimiter and two or more values of any
              type, and print the values with the delimiter interposed.
              The delimiter must be a literal string constant.

       printdln, sprintdln
              Print values with a delimiter like printd and sprintd, but
              also append a newline.

       printf, sprintf
              Take a formatting string and a number of values of
              corresponding types, and print them all.  The format must
              be a literal string constant.

       The printf formatting directives similar to those of C, except
       that they are fully type-checked by the translator:

              %b     Writes a binary blob of the value given, instead of
                     ASCII text.  The width specifier determines the
                     number of bytes to write; valid specifiers are %b
                     %1b %2b %4b %8b.  Default (%b) is 8 bytes.

              %c     Character.

              %d,%i  Signed decimal.

              %m     Safely reads kernel (without #) or user (with #)
                     memory at the given address, outputs its content.
                     The optional precision specifier (not field width)
                     determines the number of bytes to read - default is
                     1 byte.  %10.4m prints 4 bytes of the memory in a
                     10-character-wide field.  Note, on some
                     architectures user memory can still be read without
                     #.

              %M     Same as %m, but outputs in hexadecimal.  The
                     minimal size of output is double the optional
                     precision specifier - default is 1 byte (2 hex
                     chars).  %10.4M prints 4 bytes of the memory as 8
                     hexadecimal characters in a 10-character-wide
                     field.   %.*M hex-dumps a given number of bytes
                     from a given buffer.

              %o     Unsigned octal.

              %p     Unsigned pointer address.

              %s     String.

              %u     Unsigned decimal.

              %x     Unsigned hex value, in all lower-case.

              %X     Unsigned hex value, in all upper-case.

              %%     Writes a %.

       The # flag selects the alternate forms.  For octal, this prefixes
       a 0.  For hex, this prefixes 0x or 0X, depending on case.  For
       characters, this escapes non-printing values with either C-like
       escapes or raw octal.  In the case of %#m/%#M, this safely
       accesses user space memory rather than kernel space memory.

       Examples:

              a = "alice", b = "bob", p = 0x1234abcd, i = 123, j = -1, id[a] = 1234, id[b] = 4567
              print("hello")
                                        Prints: hello
              println(b)
                                        Prints: bob\n
              println(a . " is " . sprint(16))
                                        Prints: alice is 16
              foreach (name in id)  printdln("|", strlen(name), name, id[name])
                                        Prints: 5|alice|1234\n3|bob|4567
              printf("%c is %s; %x or %X or %p; %d or %u\n",97,a,p,p,p,j,j)
                                        Prints: a is alice; 1234abcd or 1234ABCD or 0x1234abcd; -1 or 18446744073709551615\n
              printf("2 bytes of kernel buffer at address %p: %2m", p, p)
                                        Prints: 2 byte of kernel buffer at address 0x1234abcd: <binary data>
              printf("%4b", p)
                                        Prints (these values as binary data): 0x1234abcd
              printf("%#o %#x %#X\n", 1, 2, 3)
                                        Prints: 01 0x2 0X3
              printf("%#c %#c %#c\n", 0, 9, 42)
                                        Prints: \000 \t *

   STATISTICS
       It is often desirable to collect statistics in a way that avoids
       the penalties of repeatedly exclusive locking the global
       variables those numbers are being put into.  Systemtap provides a
       solution using a special operator to accumulate values, and
       several pseudo-functions to extract the statistical aggregates.

       The aggregation operator is <<<, and resembles an assignment, or
       a C++ output-streaming operation.  The left operand specifies a
       scalar or array-index lvalue, which must be declared global.  The
       right operand is a numeric expression.  The meaning is intuitive:
       add the given number to the pile of numbers to compute statistics
       of.  (The specific list of statistics to gather is given
       separately, by the extraction functions.)

              foo <<< 1
              stats[pid()] <<< memsize

       The extraction functions are also special.  For each appearance
       of a distinct extraction function operating on a given
       identifier, the translator arranges to compute a set of
       statistics that satisfy it.  The statistics system is thereby
       "on-demand".  Each execution of an extraction function causes the
       aggregation to be computed for that moment across all processors.

       Here is the set of extractor functions.  The first argument of
       each is the same style of lvalue used on the left hand side of
       the accumulate operation.  The @count(v), @sum(v), @min(v),
       @max(v), @avg(v), @variance(v[, b]) extractor functions compute
       the number/total/minimum/maximum/average/variance of all
       accumulated values.  The resulting values are all simple
       integers.  Arrays containing aggregates may be sorted and
       iterated.  See the foreach construct above.

       Variance uses Welford's online algorithm.  The calculations are
       based on integer arithmetic, and so may suffer from low precision
       and overflow.  To improve this, @variance(v[, b]) accepts an
       optional parameter b, the bit-shift, ranging from 0 (default) to
       62, for internal scaling.  Only one value of bit-shift may be
       used with given global variable.  A larger bitshift value
       increases precision, but increases the likelihood of overflow.

              $ stap -e \
              > 'global x probe oneshot { for(i=1;i<=5;i++) x<<<i println(@variance(x)) }'
              12
              $ stap -e \
              > 'global x probe oneshot { for(i=1;i<=5;i++) x<<<i println(@variance(x,1)) }'
              2
              $ python3 -c 'import statistics; print(statistics.variance([1, 2, 3, 4, 5]))'
              2.5
              $

       Overflow (from internal multiplication of large numbers) may
       occur and may cause a negative variance result.  Consider
       normalizing your input data.  Adding or subtracting a fixed value
       from all variance inputs preserves the original variance.
       Dividing the variance inputs by a fixed value shrinks the
       original variance by that value squared.

       Histograms are also available, but are more complicated because
       they have a vector rather than scalar value.
       @hist_linear(v,start,stop,interval) represents a linear histogram
       from "start" to "stop" (inclusive) by increments of "interval".
       The interval must be positive. Similarly, @hist_log(v) represents
       a base-2 logarithmic histogram. Printing a histogram with the
       print family of functions renders a histogram object as a tabular
       "ASCII art" bar chart.

              probe timer.profile {
                x[1] <<< pid()
                x[2] <<< uid()
                y <<< tid()
              }
              global x // an array containing aggregates
              global y // a scalar
              probe end {
                foreach ([i] in x @count+) {
                   printf ("x[%d]: avg %d = sum %d / count %d\n",
                           i, @avg(x[i]), @sum(x[i]), @count(x[i]))
                   println (@hist_log(x[i]))
                }
                println ("y:")
                println (@hist_log(y))
              }

       The counts of each histogram bucket may be individually accessed
       via the [index] operator.  Each bucket is addressed from 1
       through N (for each natural bucket).  In addition bucket #0
       counts all the samples beneath the start value, and bucket #N+1
       counts all the samples above the stop value.  Histogram buckets
       (including the two out-of-range buckets) may also be iterated
       with foreach.

              global x
              probe oneshot {
                x <<< -100
                x <<< 1
                x <<< 2
                x <<< 3
                x <<< 100
                foreach (bucket in @hist_linear(x,1,3,1))
                  // expecting   1 out-of-range-low bucket
                  //             3 payload buckets
                  //             1 out-of-range-high bucket
                  printf("bucket %d count %d\n",
                         bucket, @hist_linear(x,1,3,1)[bucket])
              }

   TYPECASTING
       Once a pointer (see the CONTEXT VARIABLES section of
       stapprobes(3stap)) has been saved into a script integer variable,
       the translator attempts to keep the type information necessary to
       access members from that pointer.

       The translator attempts to track DWARF typing associated with
       script variables assigned from addresses of context $variables,
       @cast or @var operators.  Depending on the complexity of the
       script code, this association may pass to related variables, so
       that -> and [] operators may be used on them, just as on the
       original context variable.  For example:

              foo = $param->foo; printf("x:%d y:%d\n", foo->x, foo->y)
              printf("my value is %d\n", ($type == 42 ? $foo : $bar)->value)
              printf("my parent pid is %d\n", task_parent(task_current())->tgid)

       However, if this association heuristic doesn't work for a script,
       using the @cast() operator tells the translator how to interpret
       the number as a typed pointer.

              @cast(p, "type_name"[, "module"])->member

       This will interpret p as a pointer to a struct/union named
       type_name and dereference the member value.  Further ->subfield
       expressions may be appended to dereference more levels. Note that
       for direct dereferencing of a pointer
       {kernel,user}_{char,int,...}($p) should be used.  (Refer to
       stapfuncs(5) for more details.)   NOTE: the same dereferencing
       operator -> is used to refer to both direct containment or
       pointer indirection.  Systemtap automatically determines which.
       The optional module tells the translator where to look for
       information about that type.  Multiple modules may be specified
       as a list with : separators.  If the module is not specified, it
       will default either to the probe module for dwarf probes, or to
       "kernel" for functions and all other probes types.

       The translator can create its own module with type information
       from a header surrounded by angle brackets, in case normal
       debuginfo is not available.  For kernel headers, prefix it with
       "kernel" to use the appropriate build system.  All other headers
       are built with default GCC parameters into a user module.
       Multiple headers may be specified in sequence to resolve a
       codependency.

              @cast(tv, "timeval", "<sys/time.h>")->tv_sec
              @cast(task, "task_struct", "kernel<linux/sched.h>")->tgid
              @cast(task, "task_struct",
                    "kernel<linux/sched.h><linux/fs_struct.h>")->fs->umask

       Values acquired by @cast may be pretty-printed by the $ and $$
       suffix operators, the same way as described in the CONTEXT
       VARIABLES section of the stapprobes(3stap) manual page.

       When in guru mode, the translator will also allow scripts to
       assign new values to members of typecasted pointers.

       Typecasting is also useful in the case of void* members whose
       type may be determinable at runtime.

              probe foo {
                if ($var->type == 1) {
                  value = @cast($var->data, "type1")->bar
                } else {
                  value = @cast($var->data, "type2")->baz
                }
                print(value)
              }

   EMBEDDED C
       When in guru mode, the translator accepts embedded C code in the
       top level of the script.  Such code is enclosed between %{ and %}
       markers, and is transcribed verbatim, without analysis, in some
       sequence, into the top level of the generated C code.  At the
       outermost level, this may be useful to add #include instructions,
       and any auxiliary definitions for use by other embedded code.

       Another place where embedded code is permitted is as a function
       body.  In this case, the script language body is replaced
       entirely by a piece of C code enclosed again between %{ and %}
       markers.  This C code may do anything reasonable and safe.  There
       are a number of undocumented but complex safety constraints on
       atomicity, concurrency, resource consumption, and run time
       limits, so this is an advanced technique.

       The memory locations set aside for input and output values are
       made available to it using macros STAP_ARG_* and STAP_RETVALUE.
       Errors may be signalled with STAP_ERROR. Output may be written
       with STAP_PRINTF. The function may return early with STAP_RETURN.
       Here are some examples:

              function integer_ops (val) %{
                STAP_PRINTF("%d\n", STAP_ARG_val);
                STAP_RETVALUE = STAP_ARG_val + 1;
                if (STAP_RETVALUE == 4)
                    STAP_ERROR("wrong guess: %d", (int) STAP_RETVALUE);
                if (STAP_RETVALUE == 3)
                    STAP_RETURN(0);
                STAP_RETVALUE ++;
              %}
              function string_ops (val) %{
                strlcpy (STAP_RETVALUE, STAP_ARG_val, MAXSTRINGLEN);
                strlcat (STAP_RETVALUE, "one", MAXSTRINGLEN);
                if (strcmp (STAP_RETVALUE, "three-two-one"))
                    STAP_RETURN("parameter should be three-two-");
              %}
              function no_ops () %{
                  STAP_RETURN(); /* function inferred with no return value */
              %}

       The function argument and return value types have to be inferred
       by the translator from the call sites in order for this to work.
       The user should examine C code generated for ordinary script-
       language functions in order to write compatible embedded-C ones.

       The last place where embedded code is permitted is as an
       expression rvalue.  In this case, the C code enclosed between %{
       and %} markers is interpreted as an ordinary expression value.
       It is assumed to be a normal 64-bit signed number, unless the
       marker /* string */ is included, in which case it's treated as a
       string.

              function add_one (val) {
                return val + %{ 1 %}
              }
              function add_string_two (val) {
                return val . %{ /* string */ "two" %}
              }
              @define SOME_STAP_MACRO %( %{ SOME_C_MACRO %} %)
              probe begin {
                    printf("SOME_C_MACRO has value: %d\n", @SOME_STAP_MACRO);
              }

       The embedded-C code may contain markers to assert optimization
       and safety properties.

       /* pure */
              means that the C code has no side effects and may be
              elided entirely if its value is not used by script code.

       /* stable */
              means that the C code always has the same value (in any
              given probe handler invocation), so repeated calls may be
              automatically replaced by memoized values.  Such functions
              must take no parameters, and also be pure.

       /* unprivileged */
              means that the C code is so safe that even unprivileged
              users are permitted to use it.

       /* myproc-unprivileged */
              means that the C code is so safe that even unprivileged
              users are permitted to use it, provided that the target of
              the current probe is within the user's own process.

       /* guru */
              means that the C code is so unsafe that a systemtap user
              must specify -g (guru mode) to use this.  (Tapsets are
              permitted and presumed to call them safely.)

       /* unmangled */
              in an embedded-C function, means that the legacy (pre-1.8)
              argument access syntax should be made available inside the
              function. Hence, in addition to STAP_ARG_foo and
              STAP_RETVALUE one can use THIS->foo and THIS->__retvalue
              respectively inside the function. This is useful for
              quickly migrating code written for SystemTap version 1.7
              and earlier.

       /* unmodified-fnargs */
              in an embedded-C function, means that the function
              arguments are not modified inside the function body.

       /* string */
              in embedded-C expressions only, means that the expression
              has const char * type and should be treated as a string
              value, instead of the default long numeric.

       Script level global variables may be accessed in embedded-C
       functions and blocks. To read or write the global variable var ,
       the /* pragma:read:var */ or /* pragma:write:var */ marker must
       be first placed in the embedded-C function or block. This
       provides the macros STAP_GLOBAL_GET_* and STAP_GLOBAL_SET_*
       macros to allow reading and writing, respectively. For example:

              global var
              global var2[100]
              function increment() %{
                  /* pragma:read:var */ /* pragma:write:var */
                  /* pragma:read:var2 */ /* pragma:write:var2 */
                  STAP_GLOBAL_SET_var(STAP_GLOBAL_GET_var()+1); //var++
                  STAP_GLOBAL_SET_var2(1, 1, STAP_GLOBAL_GET_var2(1, 1)+1); //var2[1,1]++
              %}

       Variables may be read and set in both embedded-C functions and
       expressions.  Strings returned from embedded-C code are decayed
       to pointers. Variables must also be assigned at script level to
       allow for type inference. Map assignment does not return the
       value written, so chaining does not work.

   BUILT-INS
       A set of builtin probe point aliases are provided by the scripts
       installed in the directory specified in the stappaths(7) manual
       page.  The functions are described in the stapprobes(3stap)
       manual page.

   DEREFERENCING
       Integers can be dereferenced from pointers saved as a script
       integer variables using the @kderef() or @uderef() operators.
       @kderef() is used for kernel space addresses and @uderef() is
       used for user space addresses.

              @kderef(SIZE, addr)
              @uderef(SIZE, addr)

       This will interpret addr as a kernel/user address and read SIZE
       bytes starting at that address.  SIZE should be either 1, 2, 4 or
       8 bytes.

   REGISTERS
       The value stored within a register can be accessed using the
       @kregister() or @uregister() operators.  @kregister() is used for
       kernel space registers and @uregister() is used for user space
       registers. The register of interest is specified using its DWARF
       number.

              @kregister(0)
              @uregister(5)

PROCESSING         top

       The translator begins pass 1 by parsing the given input script,
       and all scripts (files named *.stp) found in a tapset directory.
       The directories listed with -I are processed in sequence, each
       processed in "guru mode".  For each directory, a number of
       subdirectories are also searched.  These subdirectories are
       derived from the selected kernel version (the -R option), in
       order to allow more kernel-version-specific scripts to override
       less specific ones.  For example, for a kernel version
       2.6.12-23.FC3 the following patterns would be searched, in
       sequence: 2.6.12-23.FC3/*.stp, 2.6.12/*.stp, 2.6/*.stp, and
       finally *.stp.  Stopping the translator after pass 1 causes it to
       print the parse trees.

       In pass 2, the translator analyzes the input script to resolve
       symbols and types.  References to variables, functions, and probe
       aliases that are unresolved internally are satisfied by searching
       through the parsed tapset script files.  If any tapset script
       file is selected because it defines an unresolved symbol, then
       the entirety of that file is added to the translator's resolution
       queue.  This process iterates until all symbols are resolved and
       a subset of tapset script files is selected.

       Next, all probe point descriptions are validated against the wide
       variety supported by the translator.  Probe points that refer to
       code locations ("synchronous probe points") require the
       appropriate kernel debugging information to be installed.  In the
       associated probe handlers, target-side variables (whose names
       begin with "$") are found and have their run-time locations
       decoded.

       Next, all probes and functions are analyzed for optimization
       opportunities, in order to remove variables, expressions, and
       functions that have no useful value and no side-effect.
       Embedded-C functions are assumed to have side-effects unless they
       include the magic string /* pure */.  Since this optimization can
       hide latent code errors such as type mismatches or invalid
       $context variables, it sometimes may be useful to disable the
       optimizations with the -u option.

       Finally, all variable, function, parameter, array, and index
       types are inferred from context (literals and operators).
       Stopping the translator after pass 2 causes it to list all the
       probes, functions, and variables, along with all inferred types.
       Any inconsistent or unresolved types cause an error.

       In pass 3, the translator writes C code that represents the
       actions of all selected script files, and creates a Makefile to
       build that into a kernel object.  These files are placed into a
       temporary directory.  Stopping the translator at this point
       causes it to print the contents of the C file.

       In pass 4, the translator invokes the Linux kernel build system
       to create the actual kernel object file.  This involves running
       make in the temporary directory, and requires a kernel module
       build system (headers, config and Makefiles) to be installed in
       the usual spot /lib/modules/VERSION/build.  Stopping the
       translator after pass 4 is the last chance before running the
       kernel object.  This may be useful if you want to archive the
       file.

       In pass 5, the translator invokes the systemtap auxiliary program
       staprun program for the given kernel object.  This program
       arranges to load the module then communicates with it, copying
       trace data from the kernel into temporary files, until the user
       sends an interrupt signal.  Any run-time error encountered by the
       probe handlers, such as running out of memory, division by zero,
       exceeding nesting or runtime limits, results in a soft error
       indication.  Soft errors in excess of MAXERRORS block of all
       subsequent probes (except error-handling probes), and terminate
       the session.  Finally, staprun unloads the module, and cleans up.

   ABNORMAL TERMINATION
       One should avoid killing the stap process forcibly, for example
       with SIGKILL, because the stapio process (a child process of the
       stap process) and the loaded module may be left running on the
       system.  If this happens, send SIGTERM or SIGINT to any remaining
       stapio processes, then use rmmod to unload the systemtap module.

EXAMPLES         top

       See the stapex(3stap) manual page for a brief collection of
       samples, or a large set of installed samples under the systemtap
       documentation/testsuite directories.  See stappaths(7stap) for
       the likely location of these on the system.

CACHING         top

       The systemtap translator caches the pass 3 output (the generated
       C code) and the pass 4 output (the compiled kernel module) if
       pass 4 completes successfully.  This cached output is reused if
       the same script is translated again assuming the same conditions
       exist (same kernel version, same systemtap version, etc.).
       Cached files are stored in the $SYSTEMTAP_DIR/cache directory.
       The cache can be limited by having the file cache_mb_limit placed
       in the cache directory (shown above) containing only an ASCII
       integer representing how many MiB the cache should not exceed. In
       the absence of this file, a default will be created with the
       limit set to 256MiB.  This is a 'soft' limit in that the cache
       will be cleaned after a new entry is added if the cache clean
       interval is exceeded, so the total cache size may temporarily
       exceed this limit. This interval can be specified by having the
       file cache_clean_interval_s placed in the cache directory (shown
       above) containing only an ASCII integer representing the interval
       in seconds. In the absence of this file, a default will be
       created with the interval set to 300 s.

SAFETY AND SECURITY         top

       Systemtap may be used as a powerful administrative tool.  It can
       expose kernel internal data structures and potentially private
       user information.  (In dyninst runtime mode, this is not the
       case, see the ALTERNATE RUNTIMES section below.)

       The translator asserts many safety constraints during compilation
       and more during run-time.  It aims to ensure that no handler
       routine can run for very long, allocate boundless memory, perform
       unsafe operations, or in unintentionally interfere with the
       system.  Uses of script global variables are automatically
       read/write locked as appropriate, to protect against manipulation
       by concurrent probe handlers.  Locks are taken so as to run the
       global-variable manipulation portion of probe handlers atomically
       (locks are taken all-or-none).  Deadlocks are detected with
       timeouts.  Use the -t flag to receive reports of excessive lock
       contention.  Experimenting with scripts is therefore generally
       safe.  The guru-mode -g option allows administrators to bypass
       most safety measures, which permits invasive or state-changing
       operations, embedded-C code, and increases the risk of upset.  By
       default, overload prevention is turned on for all modules.  If
       you would like to disable overload processing, use the
       --suppress-time-limits option.

       Errors that are caught at run time normally result in a clean
       script shutdown and a pass-5 error message.  The
       --suppress-handler-errors option lets scripts tolerate soft
       errors without shutting down.

   PERMISSIONS
       For the normal linux-kernel-module runtime, to run the kernel
       objects systemtap builds, a user must be one of the following:

       •   the root user;

       •   a member of the stapdev and stapusr groups;

       •   a member of the stapsys and stapusr groups; or

       •   a member of the stapusr group.

       The root user or a user who is a member of both the stapdev and
       stapusr groups can build and run any systemtap script.

       A user who is a member of both the stapsys and stapusr groups can
       only use pre-built modules under the following conditions:

       •   The module has been signed by a trusted signer. Trusted
           signers are normally systemtap compile-servers which sign
           modules when the --privilege option is specified by the
           client. See the stap-server(8) manual page for more
           information.

       •   The module was built using the --privilege=stapsys or the
           --privilege=stapusr options.

       Members of only the stapusr group can only use pre-built modules
       under the following conditions:

       •   The module is located in the /lib/modules/VERSION/systemtap
           directory.  This directory must be owned by root and not be
           world writable.

       or

       •   The module has been signed by a trusted signer. Trusted
           signers are normally systemtap compile-servers which sign
           modules when the --privilege option is specified by the
           client. See the stap-server(8) manual page for more
           information.

       •   The module was built using the --privilege=stapusr option.

       The kernel modules generated by stap program are run by the
       staprun program.  The latter is a part of the Systemtap package,
       dedicated to module loading and unloading (but only in the white
       zone), and kernel-to-user data transfer.  Since staprun does not
       perform any additional security checks on the kernel objects it
       is given, it would be unwise for a system administrator to add
       untrusted users to the stapdev or stapusr groups.

   SECUREBOOT
       If the current system has SecureBoot turned on in the UEFI
       firmware, all kernel modules must be signed.  (Some kernels may
       allow disabling SecureBoot long after booting with a key sequence
       such as SysRq-X, making it unnecessary to sign modules.)  The
       systemtap compile server can sign modules with a MOK (Machine
       Owner Key) that it has in common with a client system. See the
       following wiki page for more details:

              https://sourceware.org/systemtap/wiki/SecureBoot 

       Some kernels do not let systemtap guess whether module module
       signing is in effect.  On such machines, set the SYSTEMTAP_SIGN
       environment variable to any value while running stap.

   RESOURCE LIMITS
       Many resource use limits are set by macros in the generated C
       code.  These may be overridden with -D flags.  A selection of
       these is as follows:

       MAXNESTING
              Maximum number of nested function calls.  Default
              determined by script analysis, with a bonus 10 slots added
              for recursive scripts.

       MAXSTRINGLEN
              Maximum length of strings, default 128.

       MAXTRYLOCK
              Maximum number of iterations to wait for locks on global
              variables before declaring possible deadlock and skipping
              the probe, default 1000.

       MAXACTION
              Maximum number of statements to execute during any single
              probe hit (with interrupts disabled), default 1000.  Note
              that for straight-through probe handlers lacking loops or
              recursion, due to optimization, this parameter may be
              interpreted too conservatively.

       MAXACTION_INTERRUPTIBLE
              Maximum number of statements to execute during any single
              probe hit which is executed with interrupts enabled (such
              as begin/end probes), default (MAXACTION * 10).

       MAXBACKTRACE
              Maximum number of stack frames that will be be processed
              by the stap runtime unwinder as produced by the backtrace
              functions in the [u]context-unwind.stp tapsets, default
              20.

       MAXMAPENTRIES
              Maximum number of rows in any single global array, default
              2048.  Individual arrays may be declared with a larger or
              smaller limit instead:

              global big[10000],little[5]

              or denoted with % to make them wrap-around (replace old
              entries) automatically, as in

              global big%

              or both.

       MAPHASHBIAS
              The number of powers-of-two to add or subtract from the
              natural size of the hash table backing each global
              associative array.  Default is 0.  Try small positive
              numbers to get extra performance at the cost of more
              memory consumption, because that should reduce hash table
              collisions.  Try small negative numbers for the opposite
              tradeoff.

       MAXERRORS
              Maximum number of soft errors before an exit is triggered,
              default 0, which means that the first error will exit the
              script.  Note that with the --suppress-handler-errors
              option, this limit is not enforced.

       MAXSKIPPED
              Maximum number of skipped probes before an exit is
              triggered, default 100.  Running systemtap with -t
              (timing) mode gives more details about skipped probes.
              With the default -DINTERRUPTIBLE=1 setting, probes skipped
              due to reentrancy are not accumulated against this limit.
              Note that with the --suppress-handler-errors option, this
              limit is not enforced.

       MINSTACKSPACE
              Minimum number of free kernel stack bytes required in
              order to run a probe handler, default 1024.  This number
              should be large enough for the probe handler's own needs,
              plus a safety margin.

       MAXUPROBES
              Maximum number of concurrently armed user-space probes
              (uprobes), default somewhat larger than the number of
              user-space probe points named in the script.  This pool
              needs to be potentially large because individual uprobe
              objects (about 64 bytes each) are allocated for each
              process for each matching script-level probe.

       STP_MAXMEMORY
              Maximum amount of memory (in kilobytes) that the systemtap
              module should use, default unlimited.  The memory size
              includes the size of the module itself, plus any
              additional allocations.  This only tracks direct
              allocations by the systemtap runtime.  This does not track
              indirect allocations (as done by kprobes/uprobes/etc.
              internals).

       STP_OVERLOAD_THRESHOLD, STP_OVERLOAD_INTERVAL
              Maximum number of machine cycles spent in probes on any
              cpu per given interval, before an overload condition is
              declared and the script shut down.  The defaults are 500
              million and 1 billion, so as to limit stap script cpu
              consumption at around 50%.

       STP_PROCFS_BUFSIZE
              Size of procfs probe read buffers (in bytes).  Defaults to
              MAXSTRINGLEN.  This value can be overridden on a per-
              procfs file basis using the procfs read probe
              .maxsize(MAXSIZE) parameter.

       With scripts that contain probes on any interrupt path, it is
       possible that those interrupts may occur in the middle of another
       probe handler.  The probe in the interrupt handler would be
       skipped in this case to avoid reentrance.  To work around this
       issue, execute stap with the option -DINTERRUPTIBLE=0 to mask
       interrupts throughout the probe handler.  This does add some
       extra overhead to the probes, but it may prevent reentrance for
       common problem cases.  However, probes in NMI handlers and in the
       callpath of the stap runtime may still be skipped due to
       reentrance.

       In case something goes wrong with stap or staprun after a probe
       has already started running, one may safely kill both user
       processes, and remove the active probe kernel module with rmmod.
       Any pending trace messages may be lost.

UNPRIVILEGED USERS         top

       Systemtap exposes kernel internal data structures and potentially
       private user information. Because of this, use of systemtap's
       full capabilities are restricted to root and to users who are
       members of the groups stapdev and stapusr.

       However, a restricted set of systemtap's features can be made
       available to trusted, unprivileged users. These users are members
       of the group stapusr only, or members of the groups stapusr and
       stapsys.  These users can load systemtap modules which have been
       compiled and certified by a trusted systemtap compile-server. See
       the descriptions of the options --privilege and --use-server. See
       README.unprivileged in the systemtap source code for information
       about setting up a trusted compile server.

       The restrictions enforced when --privilege=stapsys is specified
       are designed to prevent unprivileged users from:

              •   harming the system maliciously.

       The restrictions enforced when --privilege=stapusr is specified
       are designed to prevent unprivileged users from:

              •   harming the system maliciously.

              •   gaining access to information which would not normally
                  be available to an unprivileged user.

              •   disrupting the performance of processes owned by other
                  users of the system.  Some overhead to the system in
                  general is unavoidable since the unprivileged  user's
                  probes will be triggered at the appropriate times.
                  What we would like to avoid is targeted interruption
                  of another user's processes which would not normally
                  be possible by an unprivileged user.

   PROBE RESTRICTIONS
       A member of the groups stapusr and stapsys may use all probe
       points.

       A member of only the group stapusr may use only the following
       probes:

              •   begin, begin(n)

              •   end, end(n)

              •   error(n)

              •   never

              •   process.*, where the target process is owned by the
                  user.

              •   timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*

              •   timer.hz(n)

   SCRIPT LANGUAGE RESTRICTIONS
       The following scripting language features are unavailable to all
       unprivileged users:

              •   any feature enabled by the Guru Mode (-g) option.

              •   embedded C code.

   RUNTIME RESTRICTIONS
       The following runtime restrictions are placed upon all
       unprivileged users:

              •   Only the default runtime code (see -R) may be used.

       Additional restrictions are placed on members of only the group
       stapusr:

              •   Probing of processes owned by other users is not
                  permitted.

              •   Access of kernel memory (read and write) is not
                  permitted.

   COMMAND LINE OPTION RESTRICTIONS
       Some command line options provide access to features which must
       not be available to all unprivileged users:

              •   -g may not be specified.

              •   The following options may not be used by the compile-
                  server client:

                      -a, -B, -D, -I, -r, -R

   ENVIRONMENT RESTRICTIONS
       The following environment variables must not be set for all
       unprivileged users:

              SYSTEMTAP_RUNTIME
              SYSTEMTAP_TAPSET
              SYSTEMTAP_DEBUGINFO_PATH

   TAPSET RESTRICTIONS
       In general, tapset functions are only available for members of
       the group stapusr when they do not gather information that an
       ordinary program running with that user's privileges would be
       denied access to.

       There are two categories of unprivileged tapset functions. The
       first category consists of utility functions that are
       unconditionally available to all users; these include such things
       as:

              cpu:long ()
              exit ()
              str_replace:string (prnt_str:string, srch_str:string, rplc_str:string)

       The second category consists of so-called myproc-unprivileged
       functions that can only gather information within their own
       processes. Scripts that wish to use these functions must test the
       result of the tapset function is_myproc and only call these
       functions if the result is 1. The script will exit immediately if
       any of these functions are called by an unprivileged user within
       a probe within a process which is not owned by that user.
       Examples of myproc-unprivileged functions include:

              print_usyms (stk:string)
              user_int:long (addr:long)
              usymname:string (addr:long)

       A compile error is triggered when any function not in either of
       the above categories is used by members of only the group
       stapusr.

       No other built-in tapset functions may be used by members of only
       the group stapusr.

ALTERNATE RUNTIMES         top

       As described above, systemtap's default runtime mode involves
       building and loading kernel modules, with various security
       tradeoffs presented.  Systemtap now includes two new prototype
       backends: --runtime=dyninst and --runtime=bpf.

       --runtime=dyninst uses Dyninst to instrument a user's own
       processes at runtime. This backend does not use kernel modules,
       and does not require root privileges, but is restricted with
       respect to the kinds of probes and other constructs that a script
       may use. dyninst runtime operates in target-attach mode, so it
       does require a -c COMMAND or -x PID process.  For example:

              stap --runtime=dyninst -c 'stap -V' \
                   -e 'probe process.function("main")
                       { println("hi from dyninst!") }'

       It may be necessary to disable a conflicting selinux check with

              # setsebool allow_execstack 1

       --runtime=bpf compiles the user script into extended Berkeley
       Packet Filter (eBPF) programs instead of a kernel module. eBPF
       programs are verified by the kernel for safety and are executed
       by an in-kernel virtual machine.  This runtime is in an early
       stage of development and currently lacks support for a number of
       features available in the default runtime. Please see the
       stapbpf(8) man page for more information.

EXIT STATUS         top

       The systemtap translator generally returns with a success code of
       0 if the requested script was processed and executed successfully
       through the requested pass.  Otherwise, errors may be printed to
       stderr and a failure code is returned.  Use -v or -vp N to
       increase (global or per-pass) verbosity to identify the source of
       the trouble.

       In listings mode (-l and -L), error messages are normally
       suppressed.  A success code of 0 is returned if at least one
       matching probe was found.

       A script executing in pass 5 that is interrupted with ^C / SIGINT
       is considered to be successful.

DEPRECATION         top

       Over time, some features of the script language and the tapset
       library may undergo incompatible changes, so that a script
       written against an old version of systemtap may no longer run.
       In these cases, it may help to run systemtap with the
       --compatible VERSION flag, specifying the last known working
       version.  Running systemtap with the --check-version flag will
       output a warning if any possible incompatible elements have been
       parsed.  Deprecation historical details may be found in the NEWS
       file.

       The purpose of deprecation facility is to improve the experience
       of scripts written for newer versions of systemtap (by adding
       better alternatives and removing conflicting or messy older
       alternatives), while at the same time permitting scripts written
       for older versions of systemtap to continue running.  Deprecation
       is thus intended a service to users (and an inconvenience to
       systemtap's developers), rather than the other way around.

       Please note that underscore-prefixed identifiers in the tapset
       sometimes undergo such changes that are difficult to preserve
       compatibility for, even with the deprecation mechanisms.  Avoid
       relying on these in your scripts; instead propose them for
       promotion to non-underscored status.

FILES         top

       Important files and their corresponding paths can be located in
       the
              stappaths (7) manual page.

SEE ALSO         top

       stapprobes(3stap),
       function::*(3stap),
       probe::*(3stap),
       tapset::*(3stap),
       stappaths(7),
       staprun(8),
       stapdyn(8),
       systemtap(8),
       stapvars(3stap),
       stapex(3stap),
       stap-server(8),
       stap-prep(1),
       stapref(1),
       awk(1),
       gdb(1)

BUGS         top

       Use the Bugzilla link of the project web page or our mailing
       list.  http://sourceware.org/systemtap/ ,
       <systemtap@sourceware.org>.

       error::reporting(7stap),
       https://sourceware.org/systemtap/wiki/HowToReportBugs 

COLOPHON         top

       This page is part of the systemtap (a tracing and live-system
       analysis tool) project.  Information about the project can be
       found at ⟨https://sourceware.org/systemtap/⟩.  If you have a bug
       report for this manual page, send it to systemtap@sourceware.org.
       This page was obtained from the project's upstream Git repository
       ⟨git://sourceware.org/git/systemtap.git⟩ on 2021-04-01.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2021-03-29.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

                                                                 STAP(1)

Pages that refer to this page: dtrace(1)stap-prep(1)stapref(1)stap-report(1)stapvirt(1)stapex(3stap)stapfuncs(3stap)stapprobes(3stap)stapvars(3stap)error::dwarf(7stap)error::fault(7stap)error::inode-uprobes(7stap)error::pass1(7stap)error::pass2(7stap)error::pass3(7stap)error::pass4(7stap)error::pass5(7stap)error::process-tracking(7stap)error::reporting(7stap)error::sdt(7stap)warning::buildid(7stap)warning::debuginfo(7stap)warning::symbols(7stap)stapbpf(8)stapdyn(8)stap-exporter(8)staprun(8)stap-server(8)stapsh(8)systemtap(8)systemtap-service(8)