2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
49 #if defined(IA64) && defined(LINUX)
50 # include <asm/ptrace_offsets.h>
58 #include <sys/stropts.h>
66 int debug = 0, followfork = 0, followvfork = 0;
67 int dtime = 0, cflag = 0, xflag = 0, qflag = 0;
68 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
70 /* Sometimes we want to print only succeeding syscalls. */
71 int not_failing_only = 0;
73 static char *username = NULL;
77 int acolumn = DEFAULT_ACOLUMN;
78 int max_strlen = DEFAULT_STRLEN;
79 static char *outfname = NULL;
82 unsigned int nprocs, tcbtabsize;
84 extern char **environ;
86 static int trace P((void));
87 static void cleanup P((void));
88 static void interrupt P((int sig));
89 static sigset_t empty_set, blocked_set;
91 #ifdef HAVE_SIG_ATOMIC_T
92 static volatile sig_atomic_t interrupted;
93 #else /* !HAVE_SIG_ATOMIC_T */
95 static volatile int interrupted;
97 static int interrupted;
98 #endif /* !__STDC__ */
99 #endif /* !HAVE_SIG_ATOMIC_T */
103 static struct tcb *pfd2tcb P((int pfd));
104 static void reaper P((int sig));
105 static void rebuild_pollv P((void));
106 static struct pollfd *pollv;
108 #ifndef HAVE_POLLABLE_PROCFS
110 static void proc_poll_open P((void));
111 static void proc_poller P((int pfd));
119 static int poller_pid;
120 static int proc_poll_pipe[2] = { -1, -1 };
122 #endif /* !HAVE_POLLABLE_PROCFS */
124 #ifdef HAVE_MP_PROCFS
125 #define POLLWANT POLLWRNORM
127 #define POLLWANT POLLPRI
129 #endif /* USE_PROCFS */
137 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
138 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
139 [command [arg ...]]\n\
140 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
141 [command [arg ...]]\n\
142 -c -- count time, calls, and errors for each syscall and report summary\n\
143 -f -- follow forks, -ff -- with output into separate files\n\
144 -F -- attempt to follow vforks, -h -- print help message\n\
145 -i -- print instruction pointer at time of syscall\n\
146 -q -- suppress messages about attaching, detaching, etc.\n\
147 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
148 -T -- print time spent in each syscall, -V -- print version\n\
149 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
150 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
151 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
152 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
153 options: trace, abbrev, verbose, raw, signal, read, or write\n\
154 -o file -- send trace output to FILE instead of stderr\n\
155 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
156 -p pid -- trace process with process id PID, may be repeated\n\
157 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
158 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
159 -u username -- run command as username handling setuid and/or setgid\n\
160 -E var=val -- put var=val in the environment for command\n\
161 -E var -- remove var from the environment for command\n\
162 " /* this is broken, so don't document it
163 -z -- print only succeeding syscalls\n\
165 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
179 set_cloexec_flag(int fd)
183 if ((flags = fcntl(fd, F_GETFD, 0)) < 0)
185 fprintf(stderr, "%s: fcntl F_GETFD: %s\n",
186 progname, strerror(errno));
190 newflags = flags | FD_CLOEXEC;
191 if (flags == newflags)
194 if (fcntl(fd, F_SETFD, newflags) < 0)
196 fprintf(stderr, "%s: fcntl F_SETFD: %s\n",
197 progname, strerror(errno));
205 * When strace is setuid executable, we have to swap uids
206 * before and after filesystem and process management operations.
212 int euid = geteuid(), uid = getuid();
214 if (euid != uid && setreuid(euid, uid) < 0)
216 fprintf(stderr, "%s: setreuid: %s\n",
217 progname, strerror(errno));
224 strace_fopen(const char *path, const char *mode)
229 if ((fp = fopen(path, mode)) == NULL)
230 fprintf(stderr, "%s: can't fopen '%s': %s\n",
231 progname, path, strerror(errno));
233 if (fp && set_cloexec_flag(fileno(fp)) < 0)
241 static int popen_pid = -1;
244 # define _PATH_BSHELL "/bin/sh"
248 * We cannot use standard popen(3) here because we have to distinguish
249 * popen child process from other processes we trace, and standard popen(3)
250 * does not export its child's pid.
253 strace_popen(const char *command)
260 fprintf(stderr, "%s: pipe: %s\n",
261 progname, strerror(errno));
266 if (set_cloexec_flag(fds[1]) < 0)
274 if ((popen_pid = fork()) == -1)
276 fprintf(stderr, "%s: fork: %s\n",
277 progname, strerror(errno));
289 return fdopen(fds[1], "w");
294 if (fds[0] && (dup2(fds[0], 0) || close(fds[0])))
296 fprintf(stderr, "%s: dup2: %s\n",
297 progname, strerror(errno));
300 execl(_PATH_BSHELL, "sh", "-c", command, NULL);
301 fprintf(stderr, "%s: execl: %s: %s\n",
302 progname, _PATH_BSHELL, strerror(errno));
308 newoutf(struct tcb *tcp)
310 if (outfname && followfork > 1) {
311 char name[MAXPATHLEN];
314 sprintf(name, "%s.%u", outfname, tcp->pid);
315 if ((fp = strace_fopen(name, "w")) == NULL)
333 static char buf[BUFSIZ];
335 /* Allocate the initial tcbtab. */
336 tcbtabsize = argc; /* Surely enough for all -p args. */
337 tcbtab = (struct tcb **) malloc (tcbtabsize * sizeof tcbtab[0]);
338 tcbtab[0] = (struct tcb *) calloc (tcbtabsize, sizeof *tcbtab[0]);
339 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
340 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
345 set_sortby(DEFAULT_SORTBY);
346 set_personality(DEFAULT_PERSONALITY);
347 qualify("trace=all");
348 qualify("abbrev=all");
349 qualify("verbose=all");
350 qualify("signal=all");
351 while ((c = getopt(argc, argv,
352 "+cdfFhiqrtTvVxza:e:o:O:p:s:S:u:E:")) != EOF) {
390 qualify("abbrev=none");
393 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
397 not_failing_only = 1;
400 acolumn = atoi(optarg);
406 outfname = strdup(optarg);
409 set_overhead(atoi(optarg));
412 if ((pid = atoi(optarg)) <= 0) {
413 fprintf(stderr, "%s: Invalid process id: %s\n",
417 if (pid == getpid()) {
418 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
421 if ((tcp = alloc_tcb(pid, 0)) == NULL) {
422 fprintf(stderr, "%s: out of memory\n",
426 tcp->flags |= TCB_ATTACHED;
430 max_strlen = atoi(optarg);
431 if (max_strlen < 0) {
433 "%s: invalid -s argument: %s\n",
442 username = strdup(optarg);
445 if (putenv(optarg) < 0) {
446 fprintf(stderr, "%s: out of memory\n",
457 if ((optind == argc) == !pflag_seen)
460 if (followfork > 1 && cflag) {
462 "%s: -c and -ff are mutually exclusive options\n",
467 /* See if they want to run as another user. */
468 if (username != NULL) {
471 if (getuid() != 0 || geteuid() != 0) {
473 "%s: you must be root to use the -u option\n",
477 if ((pent = getpwnam(username)) == NULL) {
478 fprintf(stderr, "%s: cannot find user `%s'\n",
482 run_uid = pent->pw_uid;
483 run_gid = pent->pw_gid;
490 /* Check if they want to redirect the output. */
492 /* See if they want to pipe the output. */
493 if (outfname[0] == '|' || outfname[0] == '!') {
495 * We can't do the <outfname>.PID funny business
496 * when using popen, so prohibit it.
498 if (followfork > 1) {
500 %s: piping the output and -ff are mutually exclusive options\n",
505 if ((outf = strace_popen(outfname + 1)) == NULL)
508 else if (followfork <= 1 &&
509 (outf = strace_fopen(outfname, "w")) == NULL)
513 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
514 setvbuf(outf, buf, _IOLBF, BUFSIZ);
515 if (outfname && optind < argc) {
520 for (c = 0; c < tcbtabsize; c++) {
522 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
525 if (tcp->flags & TCB_CLONE_THREAD)
528 /* Reinitialize the output since it may have changed. */
530 if (newoutf(tcp) < 0)
534 if (proc_open(tcp, 1) < 0) {
535 fprintf(stderr, "trouble opening proc file\n");
539 #else /* !USE_PROCFS */
542 char procdir[MAXPATHLEN];
545 sprintf(procdir, "/proc/%d/task", tcp->pid);
546 dir = opendir(procdir);
548 unsigned int ntid = 0, nerr = 0;
551 while ((de = readdir(dir)) != NULL) {
552 if (de->d_fileno == 0 ||
553 de->d_name[0] == '.')
555 tid = atoi(de->d_name);
559 if (ptrace(PTRACE_ATTACH, tid,
562 else if (tid != tcbtab[c]->pid) {
563 if (nprocs == tcbtabsize &&
570 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_CLONE_DETACHED|TCB_FOLLOWFORK;
571 tcbtab[c]->nchildren++;
572 tcbtab[c]->nclone_threads++;
573 tcbtab[c]->nclone_detached++;
574 tcp->parent = tcbtab[c];
579 perror("attach: ptrace(PTRACE_ATTACH, ...)");
587 Process %u attached with %u threads - interrupt to quit\n",
591 Process %u attached - interrupt to quit\n",
598 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
599 perror("attach: ptrace(PTRACE_ATTACH, ...)");
603 #endif /* !USE_PROCFS */
606 "Process %u attached - interrupt to quit\n",
613 char pathname[MAXPATHLEN];
615 filename = argv[optind];
616 if (strchr(filename, '/')) {
617 if (strlen(filename) > sizeof pathname - 1) {
618 errno = ENAMETOOLONG;
619 perror("strace: exec");
622 strcpy(pathname, filename);
624 #ifdef USE_DEBUGGING_EXEC
626 * Debuggers customarily check the current directory
627 * first regardless of the path but doing that gives
628 * security geeks a panic attack.
630 else if (stat(filename, &statbuf) == 0)
631 strcpy(pathname, filename);
632 #endif /* USE_DEBUGGING_EXEC */
637 for (path = getenv("PATH"); path && *path; path += m) {
638 if (strchr(path, ':')) {
639 n = strchr(path, ':') - path;
643 m = n = strlen(path);
645 if (!getcwd(pathname, MAXPATHLEN))
647 len = strlen(pathname);
649 else if (n > sizeof pathname - 1)
652 strncpy(pathname, path, n);
655 if (len && pathname[len - 1] != '/')
656 pathname[len++] = '/';
657 strcpy(pathname + len, filename);
658 if (stat(pathname, &statbuf) == 0 &&
659 /* Accept only regular files
660 with some execute bits set.
661 XXX not perfect, might still fail */
662 S_ISREG(statbuf.st_mode) &&
663 (statbuf.st_mode & 0111))
667 if (stat(pathname, &statbuf) < 0) {
668 fprintf(stderr, "%s: %s: command not found\n",
672 switch (pid = fork()) {
674 perror("strace: fork");
680 if (outf != stderr) close (fileno (outf));
682 /* Kludge for SGI, see proc_open for details. */
683 sa.sa_handler = foobar;
685 sigemptyset(&sa.sa_mask);
686 sigaction(SIGINT, &sa, NULL);
691 kill(getpid(), SIGSTOP); /* stop HERE */
693 #else /* !USE_PROCFS */
695 close(fileno (outf));
697 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
698 perror("strace: ptrace(PTRACE_TRACEME, ...)");
702 kill(getpid(), SIGSTOP);
704 if (username != NULL || geteuid() == 0) {
705 uid_t run_euid = run_uid;
706 gid_t run_egid = run_gid;
708 if (statbuf.st_mode & S_ISUID)
709 run_euid = statbuf.st_uid;
710 if (statbuf.st_mode & S_ISGID)
711 run_egid = statbuf.st_gid;
714 * It is important to set groups before we
715 * lose privileges on setuid.
717 if (username != NULL) {
718 if (initgroups(username, run_gid) < 0) {
719 perror("initgroups");
722 if (setregid(run_gid, run_egid) < 0) {
726 if (setreuid(run_uid, run_euid) < 0) {
733 setreuid(run_uid, run_uid);
736 * Induce an immediate stop so that the parent
737 * will resume us with PTRACE_SYSCALL and display
738 * this execve call normally.
740 kill(getpid(), SIGSTOP);
741 #endif /* !USE_PROCFS */
743 execv(pathname, &argv[optind]);
744 perror("strace: exec");
749 if ((tcp = alloctcb(pid)) == NULL) {
754 if (proc_open(tcp, 0) < 0) {
755 fprintf(stderr, "trouble opening proc file\n");
759 #endif /* USE_PROCFS */
764 sigemptyset(&empty_set);
765 sigemptyset(&blocked_set);
766 sa.sa_handler = SIG_IGN;
767 sigemptyset(&sa.sa_mask);
769 sigaction(SIGTTOU, &sa, NULL);
770 sigaction(SIGTTIN, &sa, NULL);
772 sigaddset(&blocked_set, SIGHUP);
773 sigaddset(&blocked_set, SIGINT);
774 sigaddset(&blocked_set, SIGQUIT);
775 sigaddset(&blocked_set, SIGPIPE);
776 sigaddset(&blocked_set, SIGTERM);
777 sa.sa_handler = interrupt;
779 /* POSIX signals on sunos4.1 are a little broken. */
780 sa.sa_flags = SA_INTERRUPT;
783 sigaction(SIGHUP, &sa, NULL);
784 sigaction(SIGINT, &sa, NULL);
785 sigaction(SIGQUIT, &sa, NULL);
786 sigaction(SIGPIPE, &sa, NULL);
787 sigaction(SIGTERM, &sa, NULL);
789 sa.sa_handler = reaper;
790 sigaction(SIGCHLD, &sa, NULL);
792 /* Make sure SIGCHLD has the default action so that waitpid
793 definitely works without losing track of children. The user
794 should not have given us a bogus state to inherit, but he might
795 have. Arguably we should detect SIG_IGN here and pass it on
796 to children, but probably noone really needs that. */
797 sa.sa_handler = SIG_DFL;
798 sigaction(SIGCHLD, &sa, NULL);
799 #endif /* USE_PROCFS */
810 /* Allocate some more TCBs and expand the table.
811 We don't want to relocate the TCBs because our
812 callers have pointers and it would be a pain.
813 So tcbtab is a table of pointers. Since we never
814 free the TCBs, we allocate a single chunk of many. */
815 struct tcb **newtab = (struct tcb **)
816 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
817 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
820 if (newtab == NULL || newtcbs == NULL) {
823 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
827 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
828 newtab[i] = &newtcbs[i - tcbtabsize];
837 alloc_tcb(int pid, int command_options_parsed)
842 for (i = 0; i < tcbtabsize; i++) {
844 if ((tcp->flags & TCB_INUSE) == 0) {
849 #ifdef TCB_CLONE_THREAD
850 tcp->nclone_threads = tcp->nclone_detached = 0;
851 tcp->nclone_waiting = 0;
853 tcp->flags = TCB_INUSE | TCB_STARTUP;
854 tcp->outf = outf; /* Initialise to current out file */
855 tcp->stime.tv_sec = 0;
856 tcp->stime.tv_usec = 0;
859 if (command_options_parsed)
864 fprintf(stderr, "%s: alloc_tcb: tcb table full\n", progname);
870 proc_open(tcp, attaching)
882 #ifndef HAVE_POLLABLE_PROCFS
886 #ifdef HAVE_MP_PROCFS
887 /* Open the process pseudo-files in /proc. */
888 sprintf(proc, "/proc/%d/ctl", tcp->pid);
889 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
890 perror("strace: open(\"/proc/...\", ...)");
893 if (set_cloexec_flag(tcp->pfd) < 0) {
896 sprintf(proc, "/proc/%d/status", tcp->pid);
897 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
898 perror("strace: open(\"/proc/...\", ...)");
901 if (set_cloexec_flag(tcp->pfd_stat) < 0) {
904 sprintf(proc, "/proc/%d/as", tcp->pid);
905 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
906 perror("strace: open(\"/proc/...\", ...)");
909 if (set_cloexec_flag(tcp->pfd_as) < 0) {
913 /* Open the process pseudo-file in /proc. */
915 sprintf(proc, "/proc/%d", tcp->pid);
916 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
918 sprintf(proc, "/proc/%d/mem", tcp->pid);
919 if ((tcp->pfd = open(proc, O_RDWR)) < 0) {
921 perror("strace: open(\"/proc/...\", ...)");
924 if (set_cloexec_flag(tcp->pfd) < 0) {
929 sprintf(proc, "/proc/%d/regs", tcp->pid);
930 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
931 perror("strace: open(\"/proc/.../regs\", ...)");
935 sprintf(proc, "/proc/%d/status", tcp->pid);
936 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
937 perror("strace: open(\"/proc/.../status\", ...)");
941 tcp->pfd_status = -1;
946 * Wait for the child to pause. Because of a race
947 * condition we have to poll for the event.
950 if (IOCTL_STATUS (tcp) < 0) {
951 perror("strace: PIOCSTATUS");
954 if (tcp->status.PR_FLAGS & PR_ASLEEP)
959 /* Stop the process so that we own the stop. */
960 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
961 perror("strace: PIOCSTOP");
966 /* Set Run-on-Last-Close. */
968 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
969 perror("PIOCSET PR_RLC");
972 /* Set or Reset Inherit-on-Fork. */
974 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
975 perror("PIOC{SET,RESET} PR_FORK");
980 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
984 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
985 perror("PIOC{S,R}FORK");
989 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
990 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
995 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
1000 #endif /* !PIOCSET */
1002 /* Enable all syscall entries we care about. */
1003 premptyset(&syscalls);
1004 for (i = 1; i < MAX_QUALS; ++i) {
1005 if (i > (sizeof syscalls) * CHAR_BIT) break;
1006 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
1008 praddset (&syscalls, SYS_execve);
1010 praddset (&syscalls, SYS_fork);
1012 praddset (&syscalls, SYS_forkall);
1015 praddset (&syscalls, SYS_fork1);
1018 praddset (&syscalls, SYS_rfork1);
1021 praddset (&syscalls, SYS_rforkall);
1024 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
1025 perror("PIOCSENTRY");
1028 /* Enable the syscall exits. */
1029 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
1033 /* Enable signals we care about. */
1034 premptyset(&signals);
1035 for (i = 1; i < MAX_QUALS; ++i) {
1036 if (i > (sizeof signals) * CHAR_BIT) break;
1037 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
1039 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
1040 perror("PIOCSTRACE");
1043 /* Enable faults we care about */
1044 premptyset(&faults);
1045 for (i = 1; i < MAX_QUALS; ++i) {
1046 if (i > (sizeof faults) * CHAR_BIT) break;
1047 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
1049 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
1050 perror("PIOCSFAULT");
1054 /* set events flags. */
1055 arg = S_SIG | S_SCE | S_SCX ;
1056 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
1060 #endif /* FREEBSD */
1064 * The SGI PRSABORT doesn't work for pause() so
1065 * we send it a caught signal to wake it up.
1067 kill(tcp->pid, SIGINT);
1070 /* The child is in a pause(), abort it. */
1072 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1079 /* wake up the child if it received the SIGSTOP */
1080 kill(tcp->pid, SIGCONT);
1083 /* Wait for the child to do something. */
1084 if (IOCTL_WSTOP (tcp) < 0) {
1085 perror("PIOCWSTOP");
1088 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1089 tcp->flags &= ~TCB_INSYSCALL;
1091 if (known_scno(tcp) == SYS_execve)
1094 /* Set it running: maybe execve will be next. */
1097 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1099 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1100 #endif /* FREEBSD */
1105 /* handle the case where we "opened" the child before
1106 it did the kill -STOP */
1107 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1108 tcp->status.PR_WHAT == SIGSTOP)
1109 kill(tcp->pid, SIGCONT);
1116 if (attaching < 2) {
1117 /* We are attaching to an already running process.
1118 * Try to figure out the state of the process in syscalls,
1119 * to handle the first event well.
1120 * This is done by having a look at the "wchan" property of the
1121 * process, which tells where it is stopped (if it is). */
1123 char wchan[20]; /* should be enough */
1125 sprintf(proc, "/proc/%d/status", tcp->pid);
1126 status = fopen(proc, "r");
1128 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1129 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1130 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1131 strcmp(wchan, "stopevent")) {
1132 /* The process is asleep in the middle of a syscall.
1133 Fake the syscall entry event */
1134 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1135 tcp->status.PR_WHY = PR_SYSENTRY;
1140 } /* otherwise it's a fork being followed */
1142 #endif /* FREEBSD */
1143 #ifndef HAVE_POLLABLE_PROCFS
1144 if (proc_poll_pipe[0] != -1)
1145 proc_poller(tcp->pfd);
1146 else if (nprocs > 1) {
1148 proc_poller(last_pfd);
1149 proc_poller(tcp->pfd);
1151 last_pfd = tcp->pfd;
1152 #endif /* !HAVE_POLLABLE_PROCFS */
1156 #endif /* USE_PROCFS */
1165 for (i = 0; i < tcbtabsize; i++) {
1167 if (pid && tcp->pid != pid)
1169 if (tcp->flags & TCB_INUSE)
1183 for (i = 0; i < tcbtabsize; i++) {
1184 struct tcb *tcp = tcbtab[i];
1185 if (tcp->pfd != pfd)
1187 if (tcp->flags & TCB_INUSE)
1193 #endif /* USE_PROCFS */
1201 #ifdef TCB_CLONE_THREAD
1202 if (tcp->nclone_threads > 0) {
1203 /* There are other threads left in this process, but this
1204 is the one whose PID represents the whole process.
1205 We need to keep this record around as a zombie until
1206 all the threads die. */
1207 tcp->flags |= TCB_EXITING;
1214 if (tcp->parent != NULL) {
1215 tcp->parent->nchildren--;
1216 #ifdef TCB_CLONE_THREAD
1217 if (tcp->flags & TCB_CLONE_DETACHED)
1218 tcp->parent->nclone_detached--;
1219 if (tcp->flags & TCB_CLONE_THREAD)
1220 tcp->parent->nclone_threads--;
1222 #ifdef TCB_CLONE_DETACHED
1223 if (!(tcp->flags & TCB_CLONE_DETACHED))
1225 tcp->parent->nzombies++;
1230 if (tcp->pfd != -1) {
1234 if (tcp->pfd_reg != -1) {
1235 close(tcp->pfd_reg);
1238 if (tcp->pfd_status != -1) {
1239 close(tcp->pfd_status);
1240 tcp->pfd_status = -1;
1242 #endif /* !FREEBSD */
1244 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1248 if (outfname && followfork > 1 && tcp->outf)
1263 if (!(tcp->flags & TCB_SUSPENDED)) {
1264 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1267 tcp->flags &= ~TCB_SUSPENDED;
1268 #ifdef TCB_CLONE_THREAD
1269 if (tcp->flags & TCB_CLONE_THREAD)
1270 tcp->parent->nclone_waiting--;
1273 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
1274 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
1279 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1283 #endif /* !USE_PROCFS */
1285 /* detach traced process; continue with sig */
1294 int status, resumed;
1295 struct tcb *zombie = NULL;
1297 /* If the group leader is lingering only because of this other
1298 thread now dying, then detach the leader as well. */
1299 if ((tcp->flags & TCB_CLONE_THREAD) &&
1300 tcp->parent->nclone_threads == 1 &&
1301 (tcp->parent->flags & TCB_EXITING))
1302 zombie = tcp->parent;
1305 if (tcp->flags & TCB_BPTSET)
1310 * Linux wrongly insists the child be stopped
1311 * before detaching. Arghh. We go through hoops
1312 * to make a clean break of things.
1315 #undef PTRACE_DETACH
1316 #define PTRACE_DETACH PTRACE_SUNDETACH
1318 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1319 /* On a clear day, you can see forever. */
1321 else if (errno != ESRCH) {
1322 /* Shouldn't happen. */
1323 perror("detach: ptrace(PTRACE_DETACH, ...)");
1325 else if (kill(tcp->pid, 0) < 0) {
1327 perror("detach: checking sanity");
1329 else if (kill(tcp->pid, SIGSTOP) < 0) {
1331 perror("detach: stopping child");
1336 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1337 if (errno == ECHILD) /* Already gone. */
1339 if (errno != EINVAL) {
1340 perror("detach: waiting");
1344 /* No __WALL here. */
1345 if (waitpid(tcp->pid, &status, 0) < 0) {
1346 if (errno != ECHILD) {
1347 perror("detach: waiting");
1351 /* If no processes, try clones. */
1352 if (wait4(tcp->pid, &status, __WCLONE,
1354 if (errno != ECHILD)
1355 perror("detach: waiting");
1358 #endif /* __WCLONE */
1363 if (!WIFSTOPPED(status)) {
1364 /* Au revoir, mon ami. */
1367 if (WSTOPSIG(status) == SIGSTOP) {
1368 if ((error = ptrace(PTRACE_DETACH,
1369 tcp->pid, (char *) 1, sig)) < 0) {
1371 perror("detach: ptrace(PTRACE_DETACH, ...)");
1372 /* I died trying. */
1376 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
1377 WSTOPSIG(status) == SIGTRAP ?
1378 0 : WSTOPSIG(status))) < 0) {
1380 perror("detach: ptrace(PTRACE_CONT, ...)");
1388 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1389 if (sig && kill(tcp->pid, sig) < 0)
1390 perror("detach: kill");
1392 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
1393 perror("detach: ptrace(PTRACE_DETACH, ...)");
1399 /* XXX This won't always be quite right (but it never was).
1400 A waiter with argument 0 or < -1 is waiting for any pid in
1401 a particular pgrp, which this child might or might not be
1402 in. The waiter will only wake up if it's argument is -1
1403 or if it's waiting for tcp->pid's pgrp. It makes a
1404 difference to wake up a waiter when there might be more
1405 traced children, because it could get a false ECHILD
1406 error. OTOH, if this was the last child in the pgrp, then
1407 it ought to wake up and get ECHILD. We would have to
1408 search the system for all pid's in the pgrp to be sure.
1410 && (t->waitpid == -1 ||
1411 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1412 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1416 (tcp->parent->flags & TCB_SUSPENDED) &&
1417 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1418 error = resume(tcp->parent);
1421 #ifdef TCB_CLONE_THREAD
1422 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1423 /* Some other threads of our parent are waiting too. */
1426 /* Resume all the threads that were waiting for this PID. */
1427 for (i = 0; i < tcbtabsize; i++) {
1428 struct tcb *t = tcbtab[i];
1429 if (t->parent == tcp->parent && t != tcp
1430 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1431 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1432 && t->waitpid == tcp->pid) {
1433 error |= resume (t);
1438 /* Noone was waiting for this PID in particular,
1439 so now we might need to resume some wildcarders. */
1440 for (i = 0; i < tcbtabsize; i++) {
1441 struct tcb *t = tcbtab[i];
1442 if (t->parent == tcp->parent && t != tcp
1444 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1445 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1448 error |= resume (t);
1455 #endif /* !USE_PROCFS */
1458 fprintf(stderr, "Process %u detached\n", tcp->pid);
1464 error = detach(zombie) || error;
1479 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1490 #endif /* USE_PROCFS */
1498 for (i = 0; i < tcbtabsize; i++) {
1500 if (!(tcp->flags & TCB_INUSE))
1504 "cleanup: looking at pid %u\n", tcp->pid);
1506 (!outfname || followfork < 2 || tcp_last == tcp)) {
1507 tprintf(" <unfinished ...>\n");
1510 if (tcp->flags & TCB_ATTACHED)
1513 kill(tcp->pid, SIGCONT);
1514 kill(tcp->pid, SIGTERM);
1528 #ifndef HAVE_STRERROR
1530 #if !HAVE_DECL_SYS_ERRLIST
1531 extern int sys_nerr;
1532 extern char *sys_errlist[];
1533 #endif /* HAVE_DECL_SYS_ERRLIST */
1539 static char buf[64];
1541 if (errno < 1 || errno >= sys_nerr) {
1542 sprintf(buf, "Unknown error %d", errno);
1545 return sys_errlist[errno];
1548 #endif /* HAVE_STERRROR */
1550 #ifndef HAVE_STRSIGNAL
1552 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1553 extern char *sys_siglist[];
1555 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1556 extern char *_sys_siglist[];
1563 static char buf[64];
1565 if (sig < 1 || sig >= NSIG) {
1566 sprintf(buf, "Unknown signal %d", sig);
1569 #ifdef HAVE__SYS_SIGLIST
1570 return _sys_siglist[sig];
1572 return sys_siglist[sig];
1576 #endif /* HAVE_STRSIGNAL */
1587 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1588 if (pollv == NULL) {
1589 fprintf(stderr, "%s: out of memory\n", progname);
1593 for (i = j = 0; i < tcbtabsize; i++) {
1594 struct tcb *tcp = tcbtab[i];
1595 if (!(tcp->flags & TCB_INUSE))
1597 pollv[j].fd = tcp->pfd;
1598 pollv[j].events = POLLWANT;
1602 fprintf(stderr, "strace: proc miscount\n");
1607 #ifndef HAVE_POLLABLE_PROCFS
1614 if (pipe(proc_poll_pipe) < 0) {
1618 for (i = 0; i < 2; i++) {
1619 if (set_cloexec_flag(proc_poll_pipe[i]) < 0) {
1626 proc_poll(pollv, nfds, timeout)
1627 struct pollfd *pollv;
1633 struct proc_pollfd pollinfo;
1635 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1637 if (n != sizeof(struct proc_pollfd)) {
1638 fprintf(stderr, "panic: short read: %d\n", n);
1641 for (i = 0; i < nprocs; i++) {
1642 if (pollv[i].fd == pollinfo.fd)
1643 pollv[i].revents = pollinfo.revents;
1645 pollv[i].revents = 0;
1647 poller_pid = pollinfo.pid;
1661 struct proc_pollfd pollinfo;
1662 struct sigaction sa;
1663 sigset_t blocked_set, empty_set;
1668 struct procfs_status pfs;
1669 #endif /* FREEBSD */
1681 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1683 sigemptyset(&sa.sa_mask);
1684 sigaction(SIGHUP, &sa, NULL);
1685 sigaction(SIGINT, &sa, NULL);
1686 sigaction(SIGQUIT, &sa, NULL);
1687 sigaction(SIGPIPE, &sa, NULL);
1688 sigaction(SIGTERM, &sa, NULL);
1689 sa.sa_handler = wakeup_handler;
1690 sigaction(SIGUSR1, &sa, NULL);
1691 sigemptyset(&blocked_set);
1692 sigaddset(&blocked_set, SIGUSR1);
1693 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1694 sigemptyset(&empty_set);
1696 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1697 perror("getrlimit(RLIMIT_NOFILE, ...)");
1701 for (i = 0; i < n; i++) {
1702 if (i != pfd && i != proc_poll_pipe[1])
1707 pollinfo.pid = getpid();
1710 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1712 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1713 #endif /* FREEBSD */
1719 pollinfo.revents = POLLERR;
1722 pollinfo.revents = POLLHUP;
1725 perror("proc_poller: PIOCWSTOP");
1727 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1730 pollinfo.revents = POLLWANT;
1731 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1732 sigsuspend(&empty_set);
1736 #endif /* !HAVE_POLLABLE_PROCFS */
1746 if (followfork < 2 &&
1747 last < nprocs && (pollv[last].revents & POLLWANT)) {
1749 * The previous process is ready to run again. We'll
1750 * let it do so if it is currently in a syscall. This
1751 * heuristic improves the readability of the trace.
1753 tcp = pfd2tcb(pollv[last].fd);
1754 if (tcp && (tcp->flags & TCB_INSYSCALL))
1755 return pollv[last].fd;
1758 for (i = 0; i < nprocs; i++) {
1759 /* Let competing children run round robin. */
1760 j = (i + last + 1) % nprocs;
1761 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1762 tcp = pfd2tcb(pollv[j].fd);
1764 fprintf(stderr, "strace: lost proc\n");
1770 if (pollv[j].revents & POLLWANT) {
1775 fprintf(stderr, "strace: nothing ready\n");
1783 struct tcb *in_syscall = NULL;
1788 int ioctl_result = 0, ioctl_errno = 0;
1793 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1800 #ifndef HAVE_POLLABLE_PROCFS
1801 if (proc_poll_pipe[0] == -1) {
1810 #ifndef HAVE_POLLABLE_PROCFS
1812 /* fall through ... */
1813 #endif /* !HAVE_POLLABLE_PROCFS */
1815 #ifdef HAVE_POLLABLE_PROCFS
1817 /* On some systems (e.g. UnixWare) we get too much ugly
1818 "unfinished..." stuff when multiple proceses are in
1819 syscalls. Here's a nasty hack */
1826 pv.events = POLLWANT;
1827 if ((what = poll (&pv, 1, 1)) < 0) {
1832 else if (what == 1 && pv.revents & POLLWANT) {
1838 if (poll(pollv, nprocs, INFTIM) < 0) {
1843 #else /* !HAVE_POLLABLE_PROCFS */
1844 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1849 #endif /* !HAVE_POLLABLE_PROCFS */
1856 /* Look up `pfd' in our table. */
1857 if ((tcp = pfd2tcb(pfd)) == NULL) {
1858 fprintf(stderr, "unknown pfd: %u\n", pfd);
1864 /* Get the status of the process. */
1867 ioctl_result = IOCTL_WSTOP (tcp);
1869 /* Thanks to some scheduling mystery, the first poller
1870 sometimes waits for the already processed end of fork
1871 event. Doing a non blocking poll here solves the problem. */
1872 if (proc_poll_pipe[0] != -1)
1873 ioctl_result = IOCTL_STATUS (tcp);
1875 ioctl_result = IOCTL_WSTOP (tcp);
1876 #endif /* FREEBSD */
1877 ioctl_errno = errno;
1878 #ifndef HAVE_POLLABLE_PROCFS
1879 if (proc_poll_pipe[0] != -1) {
1880 if (ioctl_result < 0)
1881 kill(poller_pid, SIGKILL);
1883 kill(poller_pid, SIGUSR1);
1885 #endif /* !HAVE_POLLABLE_PROCFS */
1891 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1893 if (ioctl_result < 0) {
1894 /* Find out what happened if it failed. */
1895 switch (ioctl_errno) {
1906 perror("PIOCWSTOP");
1912 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
1913 /* discard first event for a syscall we never entered */
1914 IOCTL (tcp->pfd, PIOCRUN, 0);
1919 /* clear the just started flag */
1920 tcp->flags &= ~TCB_STARTUP;
1922 /* set current output file */
1926 struct timeval stime;
1931 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
1934 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
1935 &stime.tv_sec, &stime.tv_usec);
1937 stime.tv_sec = stime.tv_usec = 0;
1938 #else /* !FREEBSD */
1939 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1940 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1941 #endif /* !FREEBSD */
1942 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1945 what = tcp->status.PR_WHAT;
1946 switch (tcp->status.PR_WHY) {
1949 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
1950 tcp->status.PR_WHY = PR_SYSENTRY;
1951 if (trace_syscall(tcp) < 0) {
1952 fprintf(stderr, "syscall trouble\n");
1957 #endif /* !FREEBSD */
1963 if (trace_syscall(tcp) < 0) {
1964 fprintf(stderr, "syscall trouble\n");
1969 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1971 tprintf("--- %s (%s) ---",
1972 signame(what), strsignal(what));
1975 if (tcp->status.PR_INFO.si_signo == what) {
1977 tprintf(" siginfo=");
1978 printsiginfo(&tcp->status.PR_INFO, 1);
1985 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1987 tprintf("=== FAULT %d ===", what);
1992 case 0: /* handle case we polled for nothing */
1996 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
2002 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
2004 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0) {
2013 #else /* !USE_PROCFS */
2015 #ifdef TCB_GROUP_EXITING
2016 /* Handle an exit detach or death signal that is taking all the
2017 related clone threads with it. This is called in three circumstances:
2018 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
2019 SIG == 0 Continuing TCP will perform an exit_group syscall.
2020 SIG == other Continuing TCP with SIG will kill the process.
2023 handle_group_exit(struct tcb *tcp, int sig)
2025 /* We need to locate our records of all the clone threads
2026 related to TCP, either its children or siblings. */
2027 struct tcb *leader = ((tcp->flags & TCB_CLONE_THREAD)
2029 : tcp->nclone_detached > 0
2033 if (leader != NULL && leader != tcp &&
2034 !(leader->flags & TCB_GROUP_EXITING))
2036 "PANIC: handle_group_exit: %d leader %d\n",
2037 tcp->pid, leader ? leader->pid : -1);
2038 detach(tcp); /* Already died. */
2041 /* Mark that we are taking the process down. */
2042 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
2043 if (tcp->flags & TCB_ATTACHED) {
2044 if (leader != NULL && leader != tcp) {
2045 if (leader->flags & TCB_ATTACHED) {
2046 /* We need to detach the leader so
2047 that the process death will be
2048 reported to its real parent.
2049 But we kill it first to prevent
2050 it doing anything before we kill
2051 the whole process in a moment.
2052 We can use PTRACE_KILL on a
2053 thread that's not already
2054 stopped. Then the value we pass
2055 in PTRACE_DETACH just sets the
2056 death signal reported to the
2058 ptrace(PTRACE_KILL, leader->pid, 0, 0);
2061 " [%d exit %d kills %d]\n",
2062 tcp->pid, sig, leader->pid);
2063 detach(leader, sig);
2066 leader->flags |= TCB_GROUP_EXITING;
2070 else if (ptrace(PTRACE_CONT, tcp->pid, (char *) 1, sig) < 0) {
2071 perror("strace: ptrace(PTRACE_CONT, ...)");
2077 leader->flags |= TCB_GROUP_EXITING;
2078 if (leader != NULL && leader != tcp)
2080 /* The leader will report to us as parent now,
2081 and then we'll get to the SIG==-1 case. */
2100 static int wait4_options = __WALL;
2104 while (nprocs != 0) {
2106 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2109 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2110 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2111 /* this kernel does not support __WALL */
2112 wait4_options &= ~__WALL;
2114 pid = wait4(-1, &status, wait4_options,
2115 cflag ? &ru : NULL);
2117 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2118 /* most likely a "cloned" process */
2119 pid = wait4(-1, &status, __WCLONE,
2120 cflag ? &ru : NULL);
2122 fprintf(stderr, "strace: clone wait4 "
2123 "failed: %s\n", strerror(errno));
2127 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2131 pid = wait(&status);
2135 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2141 switch (wait_errno) {
2146 * We would like to verify this case
2147 * but sometimes a race in Solbourne's
2148 * version of SunOS sometimes reports
2149 * ECHILD before sending us SIGCHILD.
2154 fprintf(stderr, "strace: proc miscount\n");
2160 perror("strace: wait");
2164 if (pid == popen_pid) {
2165 if (WIFEXITED(status) || WIFSIGNALED(status))
2170 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2172 /* Look up `pid' in our table. */
2173 if ((tcp = pid2tcb(pid)) == NULL) {
2175 if (followfork || followvfork) {
2176 /* This is needed to go with the CLONE_PTRACE
2177 changes in process.c/util.c: we might see
2178 the child's initial trap before we see the
2179 parent return from the clone syscall.
2180 Leave the child suspended until the parent
2181 returns from its system call. Only then
2182 will we have the association of parent and
2183 child so that we know how to do clearbpt
2185 if (nprocs == tcbtabsize &&
2189 tcp = alloctcb(pid);
2191 kill(pid, SIGKILL); /* XXX */
2194 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2197 Process %d attached (waiting for parent)\n",
2201 /* This can happen if a clone call used
2202 CLONE_PTRACE itself. */
2205 fprintf(stderr, "unknown pid: %u\n", pid);
2206 if (WIFSTOPPED(status))
2207 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2211 /* set current output file */
2215 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2216 tcp->stime = ru.ru_stime;
2220 if (tcp->flags & TCB_SUSPENDED) {
2222 * Apparently, doing any ptrace() call on a stopped
2223 * process, provokes the kernel to report the process
2224 * status again on a subsequent wait(), even if the
2225 * process has not been actually restarted.
2226 * Since we have inspected the arguments of suspended
2227 * processes we end up here testing for this case.
2231 if (WIFSIGNALED(status)) {
2233 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2235 tprintf("+++ killed by %s %s+++",
2236 signame(WTERMSIG(status)),
2238 WCOREDUMP(status) ? "(core dumped) " :
2243 #ifdef TCB_GROUP_EXITING
2244 handle_group_exit(tcp, -1);
2250 if (WIFEXITED(status)) {
2252 fprintf(stderr, "pid %u exited\n", pid);
2253 if ((tcp->flags & TCB_ATTACHED)
2254 #ifdef TCB_GROUP_EXITING
2255 && !(tcp->parent && (tcp->parent->flags &
2260 "PANIC: attached pid %u exited\n",
2262 if (tcp == tcp_last) {
2263 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT))
2265 tprintf(" <unfinished ... exit status %d>\n",
2266 WEXITSTATUS(status));
2269 #ifdef TCB_GROUP_EXITING
2270 handle_group_exit(tcp, -1);
2276 if (!WIFSTOPPED(status)) {
2277 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2282 fprintf(stderr, "pid %u stopped, [%s]\n",
2283 pid, signame(WSTOPSIG(status)));
2285 if (tcp->flags & TCB_STARTUP) {
2287 * This flag is there to keep us in sync.
2288 * Next time this process stops it should
2289 * really be entering a system call.
2291 tcp->flags &= ~TCB_STARTUP;
2292 if (tcp->flags & TCB_ATTACHED) {
2294 * Interestingly, the process may stop
2295 * with STOPSIG equal to some other signal
2296 * than SIGSTOP if we happend to attach
2297 * just before the process takes a signal.
2299 if (!WIFSTOPPED(status)) {
2301 "pid %u not stopped\n", pid);
2302 detach(tcp, WSTOPSIG(status));
2308 /* A child of us stopped at exec */
2309 if (WSTOPSIG(status) == SIGTRAP && followvfork)
2313 if (tcp->flags & TCB_BPTSET) {
2314 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2323 if (WSTOPSIG(status) != SIGTRAP) {
2324 if (WSTOPSIG(status) == SIGSTOP &&
2325 (tcp->flags & TCB_SIGTRAPPED)) {
2327 * Trapped attempt to block SIGTRAP
2328 * Hope we are back in control now.
2330 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2331 if (ptrace(PTRACE_SYSCALL,
2332 pid, (char *) 1, 0) < 0) {
2333 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2340 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2341 unsigned long addr = 0, pc = 0;
2342 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP) && defined(PT_GETSIGINFO)
2347 upeek(pid, PT_CR_IPSR, &psr);
2348 upeek(pid, PT_CR_IIP, &pc);
2350 pc += (psr >> PSR_RI) & 0x3;
2351 ptrace(PT_GETSIGINFO, pid, 0, (long) &si);
2352 addr = (unsigned long) si.si_addr;
2353 #elif defined PTRACE_GETSIGINFO
2354 if (WSTOPSIG(status) == SIGSEGV ||
2355 WSTOPSIG(status) == SIGBUS) {
2357 if (ptrace(PTRACE_GETSIGINFO, pid,
2359 addr = (unsigned long)
2364 tprintf("--- %s (%s) @ %lx (%lx) ---",
2365 signame(WSTOPSIG(status)),
2366 strsignal(WSTOPSIG(status)), pc, addr);
2369 if (((tcp->flags & TCB_ATTACHED) ||
2370 tcp->nclone_threads > 0) &&
2371 !sigishandled(tcp, WSTOPSIG(status))) {
2372 #ifdef TCB_GROUP_EXITING
2373 handle_group_exit(tcp, WSTOPSIG(status));
2375 detach(tcp, WSTOPSIG(status));
2379 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
2380 WSTOPSIG(status)) < 0) {
2381 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2385 tcp->flags &= ~TCB_SUSPENDED;
2388 if (trace_syscall(tcp) < 0) {
2389 if (tcp->flags & TCB_ATTACHED)
2393 tcp->pid, (char *) 1, SIGTERM);
2398 if (tcp->flags & TCB_EXITING) {
2399 #ifdef TCB_GROUP_EXITING
2400 if (tcp->flags & TCB_GROUP_EXITING) {
2401 if (handle_group_exit(tcp, 0) < 0)
2406 if (tcp->flags & TCB_ATTACHED)
2408 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
2409 perror("strace: ptrace(PTRACE_CONT, ...)");
2415 if (tcp->flags & TCB_SUSPENDED) {
2417 fprintf(stderr, "Process %u suspended\n", pid);
2421 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
2422 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2430 #endif /* !USE_PROCFS */
2436 #define VA_START(a, b) va_start(a, b)
2438 #include <varargs.h>
2439 #define VA_START(a, b) va_start(a)
2444 tprintf(const char *fmt, ...)
2446 tprintf(fmt, va_alist)
2453 VA_START(args, fmt);
2455 int n = vfprintf(outf, fmt, args);
2456 if (n < 0 && outf != stderr)
2457 perror(outfname == NULL
2458 ? "<writing to pipe>" : outfname);
2470 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
2471 tcp_last->flags |= TCB_REPRINT;
2472 tprintf(" <unfinished ...>\n");
2475 if ((followfork == 1 || pflag_seen > 1) && outfname)
2476 tprintf("%-5d ", tcp->pid);
2477 else if (nprocs > 1 && !outfname)
2478 tprintf("[pid %5u] ", tcp->pid);
2480 char str[sizeof("HH:MM:SS")];
2481 struct timeval tv, dtv;
2482 static struct timeval otv;
2484 gettimeofday(&tv, NULL);
2486 if (otv.tv_sec == 0)
2488 tv_sub(&dtv, &tv, &otv);
2489 tprintf("%6ld.%06ld ",
2490 (long) dtv.tv_sec, (long) dtv.tv_usec);
2493 else if (tflag > 2) {
2494 tprintf("%ld.%06ld ",
2495 (long) tv.tv_sec, (long) tv.tv_usec);
2498 time_t local = tv.tv_sec;
2499 strftime(str, sizeof(str), "%T", localtime(&local));
2501 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2503 tprintf("%s ", str);
2515 tprintf("%*s", col - curcol, "");
2526 #ifdef HAVE_MP_PROCFS
2528 int mp_ioctl (int fd, int cmd, void *arg, int size) {
2530 struct iovec iov[2];
2533 iov[0].iov_base = &cmd;
2534 iov[0].iov_len = sizeof cmd;
2537 iov[1].iov_base = arg;
2538 iov[1].iov_len = size;
2541 return writev (fd, iov, n);
projects / strace / blob