Our customers are large enterprises and we need to be able to collect traces on our customers' endpoints in support cases. Especially critical are performance problems.
So far we've instructed our customers to use ktrace:
sudo ktrace artrace -p appname --type=profile
We would then open this trace in Instruments with the CPU profile and load our own symbols. The problem is, that symbols for system libraries are missing. In one instance we see that all of the high load is coming from a syscall made by libpcap. But all symbols other than our own are missing. How can we collect traces which include those symbols?
I tried to use
ktrace symbolicate
in tests where I recorded a trace and then used ktrace symbolicate to collect system lib symbols, but it fails for most libraries, including libpcap and the syscalls. This is somewhat surprising, because dyld_info -exports /usr/lib/libpcap.A.dylib is able to print the symbols including offsets.
So what is the recommended workflow for this scenario? Installing Xcode is of course not an option on a customer machine, especially not in an enterprise scenario.