Why is CTF important and how it's structure looks like?

With CTF, all headers, contexts, and event fields written in binary files are described using a custom C-like, declorative language called Trace Stream Description Language(TSDL).

A CTF trace is made from multiple streams of binary events. This is important because based on the configuration, the events generated by the tracer can be divided into any number of diffrent streams to be displayed in numerous ways.

Events are normally serialized in ascending order of time stamps. CTF readers can create an ordered list of events based on a header and a time stamp. The most effective feature of CTF is that the streams of data do not need to saved to hard disk. CTF readers like babeltrace and many others can be programmed to select data streams to be manipulated based on multiple conditions.

CTF Structure

A CTF binary stream is a concatenation of multiple packets.


A stream packet contains, in order:

1) A Header

2) A context (optional)

3) Zero or more concatenated events, each containing:

a) A header

b) A stream-specific context (optional)

c) An event-specific context (optional)

d) A payload

All the stream headers, contexts and payloads are described in TSDL using CTF types, amongst:

1.) Integers of any size, any alignment

2.) Floating point numbers with any exponent and mantissa sizes

3.) Null-terminated strings of bytes

4.) Enumerations with ranges of integers mapped to labels

5.) Static and dynamic arrays of any CTF type

6.) Structures associating field names to any CTF types

7.) Variants, i.e. dynamic selections between different CTF types

This rich set of configurable types makes it possible to describe about any binary structure, hence CTF’s great flexibility. On the other hand, this binary data is very fast to write for an application, as it’s usually just a matter of appending some memory contents as is to a CTF stream.




Written on June 30, 2019