Loading your first CTF trace
Fire up Eclipse and switch the perspective to ‘LTTng Kernel’. By default, you will see some views. The important ones for now are Control Flow, Resource, Statistics Histogram and the Project Explorer. You can always add views using ‘Window →Show View→Other'.
Let's load up the combined kernel and thttpd trace first. Right click on Project Explorer→New→Tracing Project. Give it a new project name (such as OSFYTraces). Once it's created, go to ‘Traces' under OSFYTraces tree→right click→‘Batch Import...' Check the ‘Common Trace Format' and in the next window, click on‘Add Directory' and browse to your trace directory. You can use the traces from osfythttpd-20140127-194024.tar.gz which you just downloaded or your own traces (created by default in /home/username/lttngtraces). Now select the desired traces the wizard has found for you. Under Generic CTF Trace, select ‘64-bit’ (that’s our UST trace) and under LTTng Kernel Trace, select ‘kernel’. Before importing them, you can rename them by clicking on their names. I renamed the ‘64-bit' trace to ‘ust’.
So two traces will appear under ‘Traces’ in the project explorer. Double click on the kernel trace and wait for it to load. You will observe the histogram and control flow view being populated. The kernel events will start showing up too. At this point, you have successfully loaded the kernel trace and are ready for analysis.
So let's first get familiar with the interface now. We will go through a small example to get familiar with the usage. On your right, you will see multiple ‘views’. In Figure 1, you can see the top section shows ‘Control Flow’, ‘Resources' and ‘Statistics’ views in the tabs. The second section shows the event views. As you open a trace named ‘kernel’, it will show all the kernel events recorded. There will be lots of events listed in it. Click on ‘<srch>’ under the ‘Event Type’ section and type sys_execve. Under ‘Content’, type ‘thttpd’. This will take you to an event that is an execv syscall and contains thttpd as the string in the trace content. Have a look at Figure 2(a).
You can also observe that in the Control Flow view, the corresponding process is highlighted and the graph on the right now points to the exact time of the recorded event. You can move around and see other events on the graph by just clicking on events. A mouse-over gives some more information. You can zoom using the mouse wheel or more fine grained timing on events. You can also move to the next events in the same selected process using the right and left arrow keys. Colours are the next important thing and you can click on the small ‘Legend’ icon to understand what they mean. Blue is a SYSCALL, green shows that process was in USERMODE, yellow is WAIT_BLOCKED and so on.