As operating systems have become more sophisticated, and as the environments with which operating systems operate have become more complex, it has become important to monitor the actions taken by an operating system in response to events the operating system is tasked to handle. In particular, visibility into the internal workings of an operating system kernel can be important to activities including, but not limited to, developing, debugging, and/or diagnosing an operating system. For example, tracking the number and type of events that an operating system handles can be important to diagnosing system problems, bottlenecks, malfunctioning equipment and/or component, and capacity problems.
Conventionally, monitoring operating system events has been difficult to achieve. Even if possible to log events handled by an operating system, such logging negatively impacted the ability of the operating system to handle events. For example, when an operating system experienced a problem, support personnel may have considered monitoring the events handled by the operating system to diagnose the problem. But the processing required to log an event may have taken more time to perform than handling the event, and thus the operating system could not be monitored under conditions that produced the problem, thus reducing the relevance of the monitoring. Similarly, when testing an operating system, test conditions that stress the operating system to a point where bugs appear can overwhelm a conventional monitor, and events may not be logged or requests may not be handled and thus the problem may remain undiagnosed. Further, contemporaneously logging interrupt events and non-interrupt events frequently lead to interrupt data interfering with non-interrupt data, and thus accurate monitoring was difficult. Thus, the monitoring may not have been performed and operating system improvements may not have been achieved.
Even if operating system monitoring is performed, it can be difficult to understand complex interactions between entities including, but not limited to, threads, processes, mutexs, locks, events, device drivers and applications. The value of operating system monitoring can be limited if the data produced during such monitoring is difficult to understand.
Thus there remains a need for a minimally intrusive system and method to accurately monitor events handled by an operating system, where the data produced by such monitoring is viewable and facilitates understanding the running of the operating system.