Marker Probes; Timer Probes - Red Hat ENTERPRISE LINUX 5.4 - SYSTEMTAP LANGUAGE Reference Manual

Marker probes

count)
You can obtain the values of fd, buf, and count, respectively, as uint_arg(1),
pointer_arg(2), and ulong_arg(3). In this case, your probe code must first call asmlinkage(),
because on some architectures the asmlinkage attribute affects how the function's arguments are
passed.
When you're in a return probe, $return isn't supported without DWARF, but you can call
returnval() to get the value of the register in which the function value is typically returned, or call
returnstr() to get a string version of that value.
And at any code probepoint, you can call register("regname") to get the value of the
specified CPU register when the probe point was hit. u_register("regname") is like
register("regname"), but interprets the value as an unsigned integer.
SystemTap supports the following constructs:
kprobe.function(FUNCTION)
kprobe.function(FUNCTION).return
kprobe.module(NAME).function(FUNCTION)
kprobe.module(NAME).function(FUNCTION).return
kprobe.statement(ADDRESS).absolute
Use .function probes for kernel functions and .module probes for probing functions of a specified
module. If you do not know the absolute address of a kernel or module function, use .statement
probes. Do not use wildcards in FUNCTION and MODULE names. Wildcards cause the probe to not
register. Also, run statement probes in guru mode only.
4.4. Marker probes
This family of probe points connects to static probe markers inserted into the kernel or a module.
These markers are special macro calls in the kernel that make probing faster and more reliable than
with DWARF-based probes. DWARF debugging information is not required to use probe markers.
Marker probe points begin with a kernel or module("name") prefix, the same as DWARF probes. This
prefix identifies the source of the symbol table used for finding markers. The suffix names the marker
itself: mark("name"). The marker name string, which may contain wildcard characters, is matched
against the names given to the marker macros when the kernel or module was compiled.
The handler associated with a marker probe reads any optional parameters specified at the macro
call site named $arg1 through $argNN, where NN is the number of parameters supplied by the macro.
Number and string parameters are passed in a type-safe manner.

4.5. Timer probes

You can use intervals defined by the standard kernel jiffies timer to trigger probe handlers
asynchronously. A
jiffy is a kernel-defined unit of time typically between 1 and 60 msec. Two probe point variants are
supported by the translator:
19