The strjoin() implementation is currently simply adding the length of the two component strings and storing that as length for the result. This can cause the stored length to be larger than strsize.

Using dtrace on a mac with M2 chip, even though I run the command “csrutil enable --without dtrace”, it still reports an error when running the script.

dtrace: error on enabled probe ID 659 (ID 4252: pid39182:libdyld.dylib:dyld_program_sdk_at_least:entry): invalid user access in action #1
dtrace: error on enabled probe ID 674 (ID 4237: pid39182:libdyld.dylib:_dyld_for_each_objc_class:entry): invalid user access in action #1
dtrace: error on enabled probe ID 661 (ID 4250: pid39182:libdyld.dylib:tlv_get_addr:entry): invalid user access in action #1
dtrace: error on enabled probe ID 661 (ID 4250: pid39182:libdyld.dylib:tlv_get_addr:entry): invalid user access in action #1
dtrace: error on enabled probe ID 661 (ID 4250: pid39182:libdyld.dylib:tlv_get_addr:entry): invalid user access in action #1
dtrace: error on enabled probe ID 661 (ID 4250: pid39182:libdyld.dylib:tlv_get_addr:entry): invalid user access in action #1
dtrace: error on enabled probe ID 692 (ID 4219: pid39182:libdyld.dylib:_dyld_get_objc_selector:entry): invalid user access in action #1

Aggregations may be described in a D script but never used (e.g., probes using them never fire). In this case, the aggregations should not be reported.

Consider

        BEGIN {
            x = 1234;
            @a = sum(x);
            exit(0)
        }
        tick-7s {
            @b = min(x);
            @c = max(x)
        }

Aggregation @A will have data, but @b and @c will not. Here is the behavior with DTv1:

                    1234

That is, the sum() aggregation is reported while the min() and max() aggregations, having no data, are not. In contrast, here is DTv2:

        DTrace 2.0.0 [Pre-Release with limited functionality]
                        1234
         9223372036854775807
         -9223372036854775808

Here, the min() and max() aggregations are reported as well.

dtrace -s /dev/stdin << EOT

self int n[1];
BEGIN { self->n[0] = 1; }
EOT

dtrace: script '/dev/stdin' matched 1 probe
dtrace: error on enabled probe ID 1 (ID 1: dtrace:::BEGIN): invalid address (0x0) in action #1 at DIF offset 24

Consider:

    BEGIN {
        @s = sum(1);
        printa(@s);
        printa(@s);
        printa(@s);
        exit(0)
    }

One sees the anticipated behavior -- "1" printed three times -- with DTv1. In contrast, with DTv2, the output is

                1
                2
                3

Or, consider

    'tick-5 { @s = sum(1); printa(@s); } tick-1100ms { exit(0) }'
    'tick-2s { @s = sum(1); printa(@s); } tick-11s { exit(0) }'

We would expect the aggregation to increase from 1 to 5, with it being printed five times along the way. The difference is the timing, and output can depend on buffering, aggregation rate, and so on. With DTv1, we observe

                5
                5
                5
                5
                5

("fast" firing rate) and

                1
                2
                3
                4
                5

("slow" firing rate) respectively, both reasonable results. In contrast, with DTv2, we get

                1
                3
                6
               10
               15

The result string of a substr() subroutine call can have the wrong length stored in its prefix. This can cause issues with other string operations that the substr() provides arguments for.

Consider the following:

dtrace -n BEGIN'{ x = "a|b|c|"; trace(x); trace(strtok(x, "|")); trace(strtok(NULL, "|")); trace(strtok(NULL, "|")); trace(strtok(NULL, "|")); exit(0); }'
dtrace: description 'BEGIN' matched 1 probe
dtrace: error on enabled probe ID 2 (ID 1: dtrace:::BEGIN): invalid address (0x0) in action #1

vs

dtrace -n BEGIN'{ x = "a|b|c|"; trace(x); trace(strtok(x, "|")); trace(strtok(NULL, "|")); trace(strtok(NULL, "|")); s = strtok(NULL, "|"); trace(s); exit(0); }'
dtrace: description 'BEGIN' matched 1 probe
CPU ID FUNCTION:NAME
9 1 :BEGIN a|b|c| a b c

In the second case, s is output as the empty string while the first example would indicate that the result of the strtok is NULL.

Consider
/*
* Determine the amount of data to be copied. It is
* the lesser of the size of the identifier and the
* size of the data being copied in.
*/
srcsz = dt_node_type_size(dnp->dn_right);
if (dt_node_is_string(dnp))
srcsz += DT_STRLEN_BYTES;
size = MIN(srcsz, size);

"srcsz = dt_node_type_size(dnp->dn_right)" includes the terminating NUL byte for string constants but not for regular string types.

"size = idp->di_size" generally will not include the NUL terminating byte either.

Check and fix this code on both the gvar/lvar and the tvar code paths.

In using dtrace, if other types can be converted to character types, then you can easily perform comparison operations, so the logic is much easier to write. But why I didn't find a good way to convert type, usually report error l type conversion failed, such as convert ustack(2) or usym(ucaller) to string type, please ask if there is a good way or suggestion, I will be very grateful!

I was curious to check this out (and was compiling the devel branch), but when compiling I get

bpf/agg_lqbin.c:7:10: fatal error: bpf-helpers.h: No such file or directory

I had some trouble tracking down where this file is supposed to be coming from,
e.g. libbpf has bpf_helpers.h with a dash, the kernel has a bpf-helper.h non-plural,

I assume perhaps it is supposed to be coming from binutils/sim/bpf, in which case my binutils is too new,
given this file was removed in the commit sim/bpf: desCGENization of the BPF simulator

It would be helpful to know if I am on the right track regarding which dependency should be providing this header.

A script like
x = 1;
@ = quantize(x);
@ = quantize(x);
[....97 similar lines...]
@ = quantize(x);
fails, printing about 16 Mbyte of BPF verifier log and ending in:
dtrace: could not enable tracing: BPF program load for '...' failed:
No space left on device

Current git tag 2.0.0-1.14 does not fulfill proper versioning criteria because it uses in the version tag dash which is forbidden charakter in version string. 🤔

Repo name clearly shows that project/package under name dtrace-utils or just dtrace (like it is in included in this repo dtrace.spec) so it is hard to say what is that 2.0.0. Is trat part the actual version string which suppose to be used?
If yes it should be more like 2.0.0.1.14.

test issue

We allocate space for dynamics variables, such as TLS variables, statically. Users have control over the space with the DTrace option dynvarsize. The size should be picked based on the largest variable size. Statically, we track the largest TLS variable size with dt_maxtlslen.

The size also depends on how many variables must be stored concurrently, however, and this cannot be known statically. Therefore, it is possible that there is insufficient storage and variables must be "dropped" at run time.

Nevertheless, we can provide more helpful diagnostics in at least one case: when dynvarsize < dt_maxtlslen. That is, static analysis tells us that there are TLS variables and yet we will allocate space for none of them.

Consider, for example:

# cat z.d
struct foo {
    long long a1, a2, a3, a4, a5, a6, a7, a8, a9;
};
self struct foo x;
BEGIN {
    self->a = 1;
    exit(0);
}
# dtrace -xdynvarsize=32 -s z.d
dtrace: script 'z.d' matched 1 probe
EUGENE 32 / 72 = 1
dtrace: error on enabled probe ID 2 (ID 1: dtrace:::BEGIN): invalid address (0x0) in action #1

Though the large struct is never used, there is insufficient storage even for a 4-byte int.

One can argue about how likely such scenarios are. The main point, however, is that we can easily generate helpful diagnostics for the case that dynvarsize < dt_maxtlslen.

When dt_consume_one() encounters an unrecognized hdr->type -- for example, PERF_RECORD_LOST -- it returns DTRACE_WORKSTATUS_ERROR without running dt_set_errno(dtp, errno). Then, dt_consume_cpu() passes DTRACE_WORKSTATUS_ERROR up the call stack through dtrace_consume() and dtrace_work(). In cmd/dtrace.c in main(), the dtrace_work() error return value leads to the dfatal("processing aborted") call. The unset dtp->dt_errno adds the "Success" string. The result is that processing is aborted with only the puzzling explanation that the status is "Success."

Runs of the test suite can produce occasional such failures, which are typically not reproducible upon retrial.

Here is one way to demonstrate the problem:
# dtrace -n 'ksys_write:entry { trace(1); }'
with output directed to the terminal (albeit possibly within a 'script' session to capture output). On my VM, even as many as ten million lines of output might be shown over the course of even a minute, but then the run aborts with the telltale message.

For thread-local variables and associative arrays, the documentation says that unassigned variables are considered to be initialized to zero. Storage is not allocated until nonzero values are assigned. Storage is to be freed when zero values are assigned.

These semantics are not well handled for struct variables. Consider

    struct foo {
        int bar, baz;
    } x;

We cannot assign zero to x to free its storage since x=0 is not defined. And we cannot initialize a member x.bar=1 unless x already exists.

These issues are not new to the port of DTrace onto BPF. They existed already in the legacy DTrace implementation on Linux.