Group Group Group Group Group Group Group Group Group

How in the world does DTrace work?

#1

I can’t believe how powerful DTrace is. Isn’t it remarkable that it can detect and handle every single userland function call (and even every CPU instruction)?

sudo dtrace -ln ’objc$target:::’ -p PID
This will create a probe description on every Objective-C every class, method, and assembly instruction within the Finder application.

In fact, I’m baffled. How in the world does it work?

If a userland process is chugging along, making calls its own statically-linked methods within its own module, then how do the dtrace probes know they should suspend the process and analyze what’s going on? I don’t know how it’s possible for dtrace to fulfill such a requirement without destroying system performance.

Does anyone know how this works? Is there a CPU hardware capability it’s leveraging?

#2

@lolgrep Can you please help with this when you get a chance? Thank you - much appreciated! :]