I’m pleased to announce the release of Fibratus 0.3.0. This version ships with support for context switch instrumentation through the ContextSwitch kernel event type.
What’s new
Because the context switch instrumentation generates a massive volume of events, it is disabled by default. There is a new --cswitch command line flag to activate the stream of context switch events.
$ fibratus run --filters ContextSwitch --cswitch
...
4207 16:15:38.790000 0 conemu.exe (7368) - ContextSwitch (cpu=0, next_proc_name=conemu.exe, next_thread_id=6108, next_thread_prio=11, next_thread_wait_time=0, prev_proc_name=ipodservice.exe, prev_thread_id=0, prev_thread_prio=0, prev_thread_state=RUNNING, prev_thread_wait_mode=KERNEL, prev_thread_wait_reason=EXECUTIVE)
4208 16:15:38.790000 2 conemu.exe (7368) - ContextSwitch (cpu=2, next_proc_name=ConEmu.exe, next_thread_id=8076, next_thread_prio=11, next_thread_wait_time=0, prev_proc_name=ConEmuC64.exe, prev_thread_id=0, prev_thread_prio=0, prev_thread_state=RUNNING, prev_thread_wait_mode=KERNEL, prev_thread_wait_reason=EXECUTIVE)
4209 16:15:38.790000 2 idle (0) - ContextSwitch (cpu=2, next_proc_name=idle, next_thread_id=0, next_thread_prio=0, next_thread_wait_time=52, prev_proc_name=python.exe, prev_thread_id=8076, prev_thread_prio=11, prev_thread_state=WAITING, prev_thread_wait_mode=USER, prev_thread_wait_reason=USER_REQUEST)
4210 16:15:38.790000 3 chrome.exe (8348) - ContextSwitch (cpu=3, next_proc_name=chrome.exe, next_thread_id=8352, next_thread_prio=9, next_thread_wait_time=0, prev_proc_name=conemu.exe, prev_thread_id=0, prev_thread_prio=0, prev_thread_state=RUNNING, prev_thread_wait_mode=KERNEL, prev_thread_wait_reason=EXECUTIVE)
4211 16:15:38.790000 1 svchost.exe (820) - ContextSwitch (cpu=1, next_proc_name=svchost.exe, next_thread_id=5832, next_thread_prio=9, next_thread_wait_time=2, prev_proc_name=svchost.exe, prev_thread_id=4388, prev_thread_prio=9, prev_thread_state=WAITING, prev_thread_wait_mode=USER, prev_thread_wait_reason=LPC_REPLY)
...Let’s see what does those event’s parameters mean.
cpuis the identifier of the CPU core where the new thread is running after the context switch has taken placenext_proc_nameidentifies the process name of the thread which has been chosen by the schedulernext_thread_idis the identifier of the new threadnext_thread_priothe priority of the new threadnext_thread_wait_timeis the time thread has spent waiting in the ready queue before receiving the slice of the CPU timeprev_proc_namethe process name of the thread which has been preempted by the kernel. The scheduler assigns the CPU to the new threadprev_thread_idis the identifier of the old threadprev_thread_priothe priority of the old threadprev_thread_statedetermines the state of the previous threadprev_thread_wait_modeindicates if the previous thread has been executing in the user space or in the kernel spaceprev_thread_wait_reasonthe action emitted by the thread right before the dispatcher has moved it from the running queue
If you have any feedback or want to contribute you can reach out via Github or drop me an email.