This section enumerates some of the most commonly used array operations in SystemTap.

Use = to set an associated value to indexed unique pairs, as in: array_name[index_expression] = value shows a very basic example of how to set an explicit associated value to a unique key. You can also use a handler function as both your index_expression and value. For example, you can use arrays to set a timestamp as the associated value to a process name (which you wish to use as your unique key), as in: foo[execname()] = gettimeofday_s() Whenever an event invokes the statement in , SystemTap returns the appropriate execname() value (i.e. the name of a process, which is then used as the unique key). At the same time, SystemTap also uses the function gettimeofday_s() to set the corresponding timestamp as the associated value to the unique key defined by the function execname(). This creates an array composed of key pairs containing process names and timestamps. In this same example, if execname() returns a value that is already defined in the array foo, the operator will discard the original associated value to it, and replace it with the current timestamp from gettimeofday_s().

You can also use the = operator to read values from an array. This is accomplished by simply including the array_name[index_expression] as an element in a mathematical expression. For example: foo[execname()] = gettimeofday_s() delta = gettimeofday_s() - foo[execname()] In , the first statement sets a timestamp associated with the returned value of the handler function execname() as a reference point. The second statement computes a value for the variable delta by subtracting the associated value the reference point from the current gettimeofday_s(). Note that the first statement writes the value of gettimeofday_s() into the appropriate key of array foo, while in the second statement the value of foo[execname()] is read from the array in order to compute for delta. In this situation, if the index_expression cannot find the unique key, it returns a value of 0 (for numerical operations, such as ) or a null/empty string value (for string operations) by default.

Use ++ to increment the associated value of a unique key in an array, as in: array_name[index_expression] ++ Again, you can also use a handler function for your index_expression. For example, if you wanted to tally how many times a specific process performed a read to the virtual file system (using the event kernel.function("vfs_read")), you can use the following probe: probe kernel.function("vfs_read") { reads[execname()] ++ } In , the first time that the probe returns the process name gnome-terminal (i.e. the first time gnome-terminal performs a VFS read), that process name is set as the unique key gnome-terminal with an associated value of 1. The next time that the probe returns the process name gnome-terminal, SystemTap increments the associated value of gnome-terminal by 1. SystemTap performs this operation for all process names as the probe returns them.

Once you've collected enough information in an array, you will need to retrieve and process all elements in that array to make it useful. Consider : the script collects information about how many VFS reads each process performs, but does not specify what to do with it. The obvious means for making useful is to print the key pairs in the array reads, but how? The best way to process all elements in a tuple (treating each element as an iteration) is to use the foreach statement. Consider the following example: global reads probe kernel.function("vfs_read") { reads[execname()] ++ } probe timer.s(3) { foreach (count in reads) printf("%s : %d \n", count, reads[count]) } In the second probe of , the foreach statement uses the variable count to reference each iteration of a unique key in the array reads. The reads[count] array statement in the same probe retrieves the associated value of each unique key. Given what we know about the first probe in , the script prints VFS-read statistics every 3 seconds, displaying names of processes that performed a VFS-read along with a corresponding VFS-read count. Now, remember that the foreach statement in prints all iterations of process names in the array, and in no particular order. You can instruct the script to process the iterations in a particular order by using + (ascending) or - (descending). In addition, you can also limit the number of iterations the script needs to process with the limit value option. For example, consider the following replacement probe: probe timer.s(3) { foreach (count in reads+ limit 4) printf("%s : %d \n", count, reads[count]) } This foreach statement instructs the script to process the elements in the array reads in ascending order (of associated value). The limit 4 option instructs the script to only process the first four elements in the array (i.e. the first 4, starting with the lowest value).

Sometimes, you may need to clear the associated values in array elements, or reset an entire array for re-use in another probe. in allows you to track how the number of VFS reads per process grows over time, but it does not show you the number of VFS reads each process makes per 3-second period. To do that, you will need to clear the values accumulated by the array. You can accomplish this using the delete operator to delete elements in an array, or an entire array. Consider the following example: global reads probe kernel.function("vfs_read") { reads[execname()] ++ } probe timer.s(2) { printf("=======\n") foreach (count in reads+) printf("%s : %d \n", count, reads[count]) delete reads } In , the second probe prints the number of VFS reads each process made within the probed 2-second period only. The delete reads statement clears the reads array within the probe. You can have multiple array operations within the same probe. Using the examples from and , you can track the number of VFS reads each process makes per 2-second period and tally the cumulative VFS reads of those same processes. Consider the following example: global reads, totalreads probe kernel.function("vfs_read") { reads[execname()] ++ totalreads[execname()] ++ } probe timer.s(2) { printf("=======\n") foreach (count in reads+) printf("%s : %d \n", count, reads[count]) delete reads } probe end { printf("TOTALS\n") foreach (total in totalreads+) printf("%s : %d \n", total, totalreads[total]) } In this example, the arrays reads and totalreads track the same information, and are printed out in a similar fashion. The only difference here is that reads is cleared every 2-second period, whereas totalreads keeps growing.

You can also use associative arrays in if statements. This is useful if you want to execute a subroutine once a value in the array matches a certain condition. Consider the following example: global reads probe kernel.function("vfs_read") { reads[execname()] ++ } probe timer.s(2) { printf("=======\n") foreach (count in reads+) printf("%s : %d \n", count, reads[count]) if(reads["stapio"] >= 20) {exit()} } The if(reads["stapio"] >= 20) instructs the script to execute the subroutine exit() once the value associated with the unique key stapio (in the array reads) is greater than or equal to 20. You can also test whether a specific unique key is a member of an array. Further, membership in an array can be used in if statements, as in: if([index_expression] in array_name To illustrate this, consider the following example: global reads probe kernel.function("vfs_read") { reads[execname()] ++ } probe timer.s(2) { printf("=======\n") foreach (count in reads+) printf("%s : %d \n", count, reads[count]) if(["stapio"] in reads) {printf("stapio read detected, exiting\n") exit() } } The if(["stapio"] in reads) statement instructs the script to print stapio read detected, exiting once the unique key stapio is added to the array reads.

Statistical aggregates are used to collect statistics on numerical values where it is important to accumulate new data quickly and in large volume (i.e. storing only aggregated stream statistics). Statistical aggregates can be used in global variables or as elements in an array. To add value to a statistical aggregate, use the operator <<< value. need more examples of supported rvalues, e.g. length, count, and what each one does. global writes probe vfs_write { writes[execname()] <<< count } In , the operator <<< count stores the amount returned by count to to the associated value of the corresponding execname() in the writes array. Remember, these values are stored; they are not added to the associated values of each unique key, nor are they used to replace the current associated values. In a manner of speaking, think of it as having each unique key (execname()) having multiple associated values, accumulating with each probe handler run. In the context of , count returns the amount of data written by the returned execname() to the virtual file system. To extract data collected by statistical aggregates, use the syntax format @extractor(variable/array index expression). extractor can be any of the following integer extractors: count Returns the number of all values stored into the variable/array index expression. Given the sample probe in , the expression @count(writes[execname()]) will return how many values are stored in each unique key in array writes. sum Returns the sum of all values stored into the variable/array index expression. Again, given sample probe in , the expression @sum(writes[execname()]) will return the total of all values stored in each unique key in array writes. min Returns the smallest among all the values stored in the variable/array index expression. max Returns the largest among all the values stored in the variable/array index expression. avg Returns the average of all values stored in the variable/array index expression.