Mathieu Desnoyers 29/11/2004 1.00.01 This document describes how to install Linux Trace Toolkit Viewer and how to use it. Linux Trace Toolkit Viewer Linux Trace Toolkit tracing Linux visualization operating system Linux Trace Toolkit (LTT) is a tracing tool that permits to get all the possible execution information from the Linux Kernel. It is based on kernel instrumentation and a high-speed relay file system to copy the information from the kernel space to the user space. Linux Trace Toolkit Viewer (LTTV) is the second generation of visualization tool. It is based on a trace format (the files where the data is recorded on disk) slightly different from LTT. As for now, November 29, 2004, the implementation of the new trace format in LTT is still not done, we must use a conversion tool to transform the original LTT traces to the new format. This document explains all the steps that are necessary in order to record a trace with LTT and view it with LTTV. First, you must download the latests version of LTTV. You should get it from this site : ltt.polymtl.ca. I suggest that you get it from the "Packages" section. You need a recent gcc compiler to compile the project. You might want to use gcc 3.2 or newer. You will also need some libraries in order to compile it. They are described in the README of the LTTV package. These are GTK 2.0, GLIB 2.0, "popt" and Pango 1.0. Install them if they are not on your system. Remember that if you use a package manager from you favourite Linux distribution, you will need to specifically install the librairies'development packages. Then, you are ready to compile LTTV. Extract and untar the file you previously downloaded : $ tar -xvzof LinuxTraceToolkitViewer-x.x-dddddddd.tar.bz2 Then, go to the directory newly created, and type : $ ./configure $ make # make install (as root) At this point, LTTV is installed in the default directory. You may find the lttv executable in /usr/local/bin and the librairies in /usr/local/lib. You will also notice the presence of the convert executable in /usr/local/bin. This tool will be used later to convert from the Linux Trace Toolkit trace format to the LTTV format. You are now ready to go to the next step : installing the LTT kernel tracer. The goal of this guide is not to describe the Linux Trace Toolkit project in details, as it is a seperate project for now. It just gives pointers to the basic steps you must take in order to generate a trace suitable for conversion. First, go to the ltt.polymtl.ca website, in the "Patches for the Official LTT" section. Use the latest version of patches available. The file name convention used goes like this : aaaaaa-x.x--bbbbb-y.y.patch. That means a patch made for aaaaa, release x.x, that adds bbbbb, release y.y to it. Notice the presence of the -- sign that separates the "from" field from the name of the patch applied. This way, it's impossible to be mixed up on the specific sequence of patch application. I suggest that you use the "relayfs", "ltt" and then "md" patches. The "md" patch adds events useful to LTTV that are not in the official LTT. Once you have the patches you need, get the matching Linux kernel version, apply the patches on it, configure it, install it, reboot with the new kernel. You then have an instrumented kernel ready for tracing. If you have problems during this phase, please refer to www.opersys.com/ltt. If you need instructions about how to recompile a kernel, see Kernel-HOWTO. In order to install the LTT trace recording daemon, you should get the latest TraceToolkit (or ltt) package from the LTT ftp site. Use the link "Official Linux Trace Toolkit Packages" on the ltt.polymtl.ca webpage to access it. As of November 30, 2004, the most recent version is 0.9.6-pre3. Then, you should apply the TraceToolkit patches from the LTTV website related to the package version. Get them from the "Patches for the Official LTT" section. You are now ready to install the daemon in your system. Please refer to the documentation in the package for details. You may now use the following command to record a sample 30 seconds trace in your current directory. Command line switches are described on the official LTT website. #tracedaemon -ts30 sample.out sample.proc (as root) userinput> If you used the default directory for installation, you should find the conversion tool in /usr/local/bin/convert. Before using it, some other files are necessary. You will find them in /usr/local/share/LinuxTraceToolkitViewer/convert/. Those are sysInfo and core.xml. sysInfo is a script that get informations about the traced computer. It should be invoked like this : $ sh /usr/local/LinuxTraceToolkitViewer/convert/sysInfo It creates a file named sysInfo.out. This file has to be present in the current directory where the convert tool will be executed. I suggest that you choose a destination directory where will be written converted traces right now, put sysInfo.out in it, at use it as current directory for running the convert tool. Once the sysInfo.out file is ready and you have a trace ready for conversion, you should invoke convert like the following example. This is for a uniprocessor computer. If you whish to get detailed explanation on the parameters, simply execute the convert tool without any option. You may also wish to see the /usr/local/LinuxTraceToolkitViewer/convert/README file. $ /usr/local/bin/convert sample.proc 1 sample.trace sample.converted You must then copy the core event definition file to the converted trace directory : $ cp /usr/local/share/LinuxTraceToolkitViewer/convert/core.xml sample.converted/ You now have a converted trace ready for visualization in LTTV. Congratulations! Starting the graphical mode with the basic viewer activated is as simple as : $ lttv -L /usr/local/lib/lttv/plugins -m lttvwindow\ -m guievents -m guicontrolflow -m guistatistics -t sample.converted/ Using the text mode is very simple too. Look in /usr/local/lib/lttv/plugins for the list of modules. You may use the --help switch to get basic help on the command line parameters of every loaded modules. To simply output the events of a trace in a text file, try the textDump module. The batchAnalysis module permits to do batch mode analysis (state and statistics calculation ) on a trace. $ lttv -L /usr/local/lib/lttv/plugins -m textDump --help This section describes the main functionnalities that are provided by the LTTV GUI and how to use them. By default, when the lttv GUI starts with all the graphical modules loaded, it loads the statistics viewer, the control flow viewer, and the detailed event list inside a tab. Other viewers can be added later to this tab by interacting with the main window. Let's describe the operations available on the window : Linux Trace Toolkit Viewer GUI This toolbar allows you to navigate through the basic functionnalities of LTTV. The first button opens a new window and the second one, a new tab. You can leave your mouse over the buttons to read the information provided by the tooltips. This notebook, containing different tabs, lets you select the "Trace Set" you want to interact with. A trace set is an aggregation of traces, synchronised in time. You may also want to use one tab per viewer by simply cloning the traceset to a new tab. This way, you can have vertically stacked viewers in one tab, as well as different viewers, independant from the time interval. Note that once the Trace Set cloning is done, each trace set becomes completely independant. For Traceset cloning, see the File Menu. These buttons let you control the computation in progress on a trace. As sometimes the computation may last for a while, you may want to stop it, restart it from the beginning or simply to continue from where you stopped. This is exactly what those three buttons offer you. Buttons on the right side of the last spacer are semantically different from the others. While the other buttons at the left side of the bar are built in the lttv program and let you operate the basic functionnalities, the buttons at the right side let you add a viewer to the active Tab. They belong to the viewers themselves. The number of buttons that appears there should directly depend on the number of viewer's modules loaded. This is a tree representing the multiple statistics available for the current traceset. This is shown by the guistatistics viewer. This is the Y axis of the guicontrolflow viewer. It shows the process list of the traced system. You may notice that it grows : it dynamically adds process when they appear in the trace. This is a (missing) time bar for the X axis. Maybe will it be used for viewer specific buttons eventually. Work in progress. The is the current time selected. The concept of current event and current time selected is synchronised in a Tab for all the viewers. The control flow viewer shows it a vertical white dotted line. You move this marker by clicking on the background of the process state graph. This graph shows evolution of each process's state through time. The meaning of the colors will be explained later. This is the details event list. It shown the detailed information about each event of the trace. It is synchronised with the current time and current event, so selecting an event changes other viewer's current time and reciprocally. You can enter the values of start time and end time you wish to see on the screen here. It also supports pasting time as text input, simply by clicking of the "Time Frame", "start" or "end:" fields. A valid entry consists of any digital input separated by any quantity of non digital characters. For example : "I start at 356247.124626 and stop at 724524.453455" would be a valid input for the "Time Frame" field. This horizontal scrollbar modifies the window of time shown by all the viewers in the tab. It is linked with the fields below it (described at number 10 and 12). Another way to modify the time shown is to use the zoom buttons of the toolbar (yes, the ones that looks like magnifying glasses). This field works just like the "Time Frame" field. It modifies the current time selected by the viewers. For example, changing its value will change the current event selected by the detailed events list and the current time selected by the control flow viewer. Control Flow View Color Legend Here is a description of the colors used in the control flow view. Each color represents a state of the process at a given time. White : this color is used for process from which state is not known. It may happen when you seek quickly at a far time in the trace just after it has been launched. At that moment, the precomputed state information is incomplete. The "unknown" state is used to identify this. Note that the viewer gets refreshed once the precomputation ends. Green : This color is only used for process when they are running in user mode. That includes execution of all the source code of an executable as well as the libraries it uses. Pale blue : A process is doing a system call to the kernel, and the mode is switched from process limited rights to super user mode. Only code from the kernel (including modules) should be run in that state. Yellow : The kernel is running a trap that services a fault. The most frequent trap is the memory page fault trap : it is called every time a page is missing from physical memory. Orange : IRQ servicing routine is running. It interrupts the currently running process. As the IRQ does not change the currently running process (on some architectures it uses the same stack as the process), the IRQ state is shown in the state of the process. IRQ can be nested : a higher priority interrupt can interrupt a lower priority interrupt. Dark red : A process in that state is waiting for an input/output operation to complete before it can continue its execution. Dark yellow : A process is ready to run, but waiting to get the CPU (a schedule in event). Dark purple : A process in zombie state. This state happens when a process exits and then waits for the parent to wait for it (wait() or waitpid()). Dark green : A process has just been created by its parent and is waiting for first scheduling. Magenta : The process has exited, but still has the control of the CPU. It may happend if it has some tasks to do in the exit system call. This batch analysis module can be invoked like this : $ lttv -L path/to/lib/plugins -m batchAnalysis\ -t trace1 -t trace2 ... It permits to call any registered action to perform in batch mode on all the trace set, which consists of the traces loaded on the command line. Actions that are built in the batchAnalysis module are statistics computation. They can be triggered by using the -s (--stats) switch. However, the batchAnalysis module is mostly a backend for every other text module that does batch computation over a complete trace set. The goal of this module is to convert the binary data of the traces into a formatted text file. The text dump module is a good example of a usage of the batch analysis module backend. In fact, the text dump module depends on it. You don't need to explicitly load the batchAnalysis module though, as lttv offers a rich module backend that deals with the dependencies, loading the module automatically if needed. The text dump module is invoked just like the batchAnalysis module. It adds more options that can be specified in argument. You may specify the -o switch for the output file name of the text dump. You can enable the output of the field names (the identifier of the fields) with the -l switch. The -s switch, for process states, is very useful to indicate the state in which the process is when the event happens. If you use the --help option on the textDump module, you will see all the detail about the switches that can be used to show per cpu statistics and per process statistics. You will notice that you can use both the switches for the batchAnalysis module and those for textDump. You will also notice that the options --process_state (from textDump) and --stats (from batchAnalysis) has the same short name "-s". If you choose to invoke this option using the short name, it will use the option of the last module loaded just before the -s switch. For exemple, if you load the textDump module with -m textDump, it will first load the batchAnalysis module, and then load itself. As it is the last module loaded, the -s switch used after it will signify --process_stats. On the other hand, if you choose to specify explicitly the loading of both modules like this : $ lttv -L path/to/lib/plugins -m batchAnalysis -s\ -m textDump -s -t trace The first "-s" will invoke batchAnalysis --stats and the second "-s" will invoke textDump --process_state. The list of options generated by --help follows the order of registration of the options by the modules, therefore the invocation order of the modules.