2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
49 #if defined(IA64) && defined(LINUX)
50 # include <asm/ptrace_offsets.h>
58 #include <sys/stropts.h>
66 int debug = 0, followfork = 0, followvfork = 0, interactive = 0;
67 int rflag = 0, tflag = 0, dtime = 0, cflag = 0;
68 int iflag = 0, xflag = 0, qflag = 0;
71 /* Sometimes we want to print only succeeding syscalls. */
72 int not_failing_only = 0;
74 char *username = NULL;
78 int acolumn = DEFAULT_ACOLUMN;
79 int max_strlen = DEFAULT_STRLEN;
80 char *outfname = NULL;
83 unsigned int nprocs, tcbtabsize;
85 extern char **environ;
87 static int trace P((void));
88 static void cleanup P((void));
89 static void interrupt P((int sig));
90 static sigset_t empty_set, blocked_set;
92 #ifdef HAVE_SIG_ATOMIC_T
93 static volatile sig_atomic_t interrupted;
94 #else /* !HAVE_SIG_ATOMIC_T */
96 static volatile int interrupted;
98 static int interrupted;
99 #endif /* !__STDC__ */
100 #endif /* !HAVE_SIG_ATOMIC_T */
104 static struct tcb *pfd2tcb P((int pfd));
105 static void reaper P((int sig));
106 static void rebuild_pollv P((void));
107 static struct pollfd *pollv;
109 #ifndef HAVE_POLLABLE_PROCFS
111 static void proc_poll_open P((void));
112 static void proc_poller P((int pfd));
120 static int poller_pid;
121 static int proc_poll_pipe[2] = { -1, -1 };
123 #endif /* !HAVE_POLLABLE_PROCFS */
125 #ifdef HAVE_MP_PROCFS
126 #define POLLWANT POLLWRNORM
128 #define POLLWANT POLLPRI
130 #endif /* USE_PROCFS */
138 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
139 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
140 [command [arg ...]]\n\
141 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
142 [command [arg ...]]\n\
143 -c -- count time, calls, and errors for each syscall and report summary\n\
144 -f -- follow forks, -ff -- with output into separate files\n\
145 -F -- attempt to follow vforks, -h -- print help message\n\
146 -i -- print instruction pointer at time of syscall\n\
147 -q -- suppress messages about attaching, detaching, etc.\n\
148 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
149 -T -- print time spent in each syscall, -V -- print version\n\
150 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
151 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
152 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
153 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
154 options: trace, abbrev, verbose, raw, signal, read, or write\n\
155 -o file -- send trace output to FILE instead of stderr\n\
156 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
157 -p pid -- trace process with process id PID, may be repeated\n\
158 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
159 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
160 -u username -- run command as username handling setuid and/or setgid\n\
161 -E var=val -- put var=val in the environment for command\n\
162 -E var -- remove var from the environment for command\n\
163 " /* this is broken, so don't document it
164 -z -- print only succeeding syscalls\n\
166 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
190 static char buf[BUFSIZ];
192 /* Allocate the initial tcbtab. */
193 tcbtabsize = argc; /* Surely enough for all -p args. */
194 tcbtab = (struct tcb **) malloc (tcbtabsize * sizeof tcbtab[0]);
195 tcbtab[0] = (struct tcb *) calloc (tcbtabsize, sizeof *tcbtab[0]);
196 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
197 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
202 set_sortby(DEFAULT_SORTBY);
203 set_personality(DEFAULT_PERSONALITY);
204 qualify("trace=all");
205 qualify("abbrev=all");
206 qualify("verbose=all");
207 qualify("signal=all");
208 while ((c = getopt(argc, argv,
209 "+cdfFhiqrtTvVxza:e:o:O:p:s:S:u:E:")) != EOF) {
247 qualify("abbrev=none");
250 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
254 not_failing_only = 1;
257 acolumn = atoi(optarg);
263 outfname = strdup(optarg);
266 set_overhead(atoi(optarg));
269 if ((pid = atoi(optarg)) <= 0) {
270 fprintf(stderr, "%s: Invalid process id: %s\n",
274 if (pid == getpid()) {
275 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
278 if ((tcp = alloctcb(pid)) == NULL) {
279 fprintf(stderr, "%s: out of memory\n",
283 tcp->flags |= TCB_ATTACHED;
287 max_strlen = atoi(optarg);
288 if (max_strlen < 0) {
290 "%s: invalid -s argument: %s\n",
299 username = strdup(optarg);
302 if (putenv(optarg) < 0) {
303 fprintf(stderr, "%s: out of memory\n",
314 if (optind == argc && !pflag_seen)
317 /* See if they want to run as another user. */
318 if (username != NULL) {
321 if (getuid() != 0 || geteuid() != 0) {
323 "%s: you must be root to use the -u option\n",
327 if ((pent = getpwnam(username)) == NULL) {
328 fprintf(stderr, "%s: cannot find user `%s'\n",
332 run_uid = pent->pw_uid;
333 run_gid = pent->pw_gid;
341 setreuid(geteuid(), getuid());
344 /* Check if they want to redirect the output. */
348 /* See if they want to pipe the output. */
349 if (outfname[0] == '|' || outfname[0] == '!') {
351 * We can't do the <outfname>.PID funny business
352 * when using popen, so prohibit it.
354 if (followfork > 1) {
356 %s: piping the output and -ff are mutually exclusive options\n",
361 if ((outf = popen(outfname + 1, "w")) == NULL) {
362 fprintf(stderr, "%s: can't popen '%s': %s\n",
363 progname, outfname + 1,
368 else if ((outf = fopen(outfname, "w")) == NULL) {
369 fprintf(stderr, "%s: can't fopen '%s': %s\n",
370 progname, outfname, strerror(errno));
374 if ((f=fcntl(fileno(outf), F_GETFD)) < 0 ) {
375 perror("failed to get flags for outputfile");
379 if (fcntl(fileno(outf), F_SETFD, f|FD_CLOEXEC) < 0 ) {
380 perror("failed to set flags for outputfile");
386 setreuid(geteuid(), getuid());
389 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
390 setvbuf(outf, buf, _IOLBF, BUFSIZ);
391 if (outfname && optind < argc) {
396 for (c = 0; c < tcbtabsize; c++) {
398 /* Reinitialize the output since it may have changed. */
400 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
403 if (proc_open(tcp, 1) < 0) {
404 fprintf(stderr, "trouble opening proc file\n");
408 #else /* !USE_PROCFS */
410 if (tcp->flags & TCB_CLONE_THREAD)
413 char procdir[MAXPATHLEN];
415 sprintf(procdir, "/proc/%d/task", tcp->pid);
416 dir = opendir(procdir);
418 unsigned int ntid = 0, nerr = 0;
421 while ((de = readdir(dir)) != NULL) {
422 if (de->d_fileno == 0 ||
423 de->d_name[0] == '.')
425 tid = atoi(de->d_name);
429 if (ptrace(PTRACE_ATTACH, tid,
432 else if (tid != tcbtab[c]->pid) {
433 if (nprocs == tcbtabsize &&
439 fprintf(stderr, "%s: out of memory\n",
443 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_CLONE_DETACHED|TCB_FOLLOWFORK;
444 tcbtab[c]->nchildren++;
445 tcbtab[c]->nclone_threads++;
446 tcbtab[c]->nclone_detached++;
447 tcp->parent = tcbtab[c];
452 perror("attach: ptrace(PTRACE_ATTACH, ...)");
460 Process %u attached with %u threads - interrupt to quit\n",
464 Process %u attached - interrupt to quit\n",
471 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
472 perror("attach: ptrace(PTRACE_ATTACH, ...)");
476 #endif /* !USE_PROCFS */
479 "Process %u attached - interrupt to quit\n",
486 char pathname[MAXPATHLEN];
488 filename = argv[optind];
489 if (strchr(filename, '/')) {
490 if (strlen(filename) > sizeof pathname - 1) {
491 errno = ENAMETOOLONG;
492 perror("strace: exec");
495 strcpy(pathname, filename);
497 #ifdef USE_DEBUGGING_EXEC
499 * Debuggers customarily check the current directory
500 * first regardless of the path but doing that gives
501 * security geeks a panic attack.
503 else if (stat(filename, &statbuf) == 0)
504 strcpy(pathname, filename);
505 #endif /* USE_DEBUGGING_EXEC */
510 for (path = getenv("PATH"); path && *path; path += m) {
511 if (strchr(path, ':')) {
512 n = strchr(path, ':') - path;
516 m = n = strlen(path);
518 getcwd(pathname, MAXPATHLEN);
519 len = strlen(pathname);
521 else if (n > sizeof pathname - 1)
524 strncpy(pathname, path, n);
527 if (len && pathname[len - 1] != '/')
528 pathname[len++] = '/';
529 strcpy(pathname + len, filename);
530 if (stat(pathname, &statbuf) == 0 &&
531 /* Accept only regular files
532 with some execute bits set.
533 XXX not perfect, might still fail */
534 S_ISREG(statbuf.st_mode) &&
535 (statbuf.st_mode & 0111))
539 if (stat(pathname, &statbuf) < 0) {
540 fprintf(stderr, "%s: %s: command not found\n",
544 switch (pid = fork()) {
546 perror("strace: fork");
552 if (outf != stderr) close (fileno (outf));
554 /* Kludge for SGI, see proc_open for details. */
555 sa.sa_handler = foobar;
557 sigemptyset(&sa.sa_mask);
558 sigaction(SIGINT, &sa, NULL);
563 kill(getpid(), SIGSTOP); /* stop HERE */
565 #else /* !USE_PROCFS */
567 close(fileno (outf));
569 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
570 perror("strace: ptrace(PTRACE_TRACEME, ...)");
574 kill(getpid(), SIGSTOP);
576 if (username != NULL || geteuid() == 0) {
577 uid_t run_euid = run_uid;
578 gid_t run_egid = run_gid;
580 if (statbuf.st_mode & S_ISUID)
581 run_euid = statbuf.st_uid;
582 if (statbuf.st_mode & S_ISGID)
583 run_egid = statbuf.st_gid;
586 * It is important to set groups before we
587 * lose privileges on setuid.
589 if (username != NULL) {
590 if (initgroups(username, run_gid) < 0) {
591 perror("initgroups");
594 if (setregid(run_gid, run_egid) < 0) {
598 if (setreuid(run_uid, run_euid) < 0) {
605 setreuid(run_uid, run_uid);
608 * Induce an immediate stop so that the parent
609 * will resume us with PTRACE_SYSCALL and display
610 * this execve call normally.
612 kill(getpid(), SIGSTOP);
613 #endif /* !USE_PROCFS */
615 execv(pathname, &argv[optind]);
616 perror("strace: exec");
621 if ((tcp = alloctcb(pid)) == NULL) {
622 fprintf(stderr, "tcb table full\n");
627 if (proc_open(tcp, 0) < 0) {
628 fprintf(stderr, "trouble opening proc file\n");
632 #endif /* USE_PROCFS */
637 sigemptyset(&empty_set);
638 sigemptyset(&blocked_set);
639 sa.sa_handler = SIG_IGN;
640 sigemptyset(&sa.sa_mask);
642 sigaction(SIGTTOU, &sa, NULL);
643 sigaction(SIGTTIN, &sa, NULL);
645 sigaddset(&blocked_set, SIGHUP);
646 sigaddset(&blocked_set, SIGINT);
647 sigaddset(&blocked_set, SIGQUIT);
648 sigaddset(&blocked_set, SIGPIPE);
649 sigaddset(&blocked_set, SIGTERM);
650 sa.sa_handler = interrupt;
652 /* POSIX signals on sunos4.1 are a little broken. */
653 sa.sa_flags = SA_INTERRUPT;
656 sigaction(SIGHUP, &sa, NULL);
657 sigaction(SIGINT, &sa, NULL);
658 sigaction(SIGQUIT, &sa, NULL);
659 sigaction(SIGPIPE, &sa, NULL);
660 sigaction(SIGTERM, &sa, NULL);
662 sa.sa_handler = reaper;
663 sigaction(SIGCHLD, &sa, NULL);
665 /* Make sure SIGCHLD has the default action so that waitpid
666 definitely works without losing track of children. The user
667 should not have given us a bogus state to inherit, but he might
668 have. Arguably we should detect SIG_IGN here and pass it on
669 to children, but probably noone really needs that. */
670 sa.sa_handler = SIG_DFL;
671 sigaction(SIGCHLD, &sa, NULL);
672 #endif /* USE_PROCFS */
684 char name[MAXPATHLEN];
687 if (outfname && followfork > 1) {
688 sprintf(name, "%s.%u", outfname, tcp->pid);
690 setreuid(geteuid(), getuid());
692 fp = fopen(name, "w");
694 setreuid(geteuid(), getuid());
708 /* Allocate some more TCBs and expand the table.
709 We don't want to relocate the TCBs because our
710 callers have pointers and it would be a pain.
711 So tcbtab is a table of pointers. Since we never
712 free the TCBs, we allocate a single chunk of many. */
713 struct tcb **newtab = (struct tcb **)
714 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
715 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
718 if (newtab == NULL || newtcbs == NULL) {
723 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
724 newtab[i] = &newtcbs[i - tcbtabsize];
739 for (i = 0; i < tcbtabsize; i++) {
741 if ((tcp->flags & TCB_INUSE) == 0) {
746 #ifdef TCB_CLONE_THREAD
747 tcp->nclone_threads = tcp->nclone_detached = 0;
748 tcp->nclone_waiting = 0;
750 tcp->flags = TCB_INUSE | TCB_STARTUP;
751 tcp->outf = outf; /* Initialise to current out file */
752 tcp->stime.tv_sec = 0;
753 tcp->stime.tv_usec = 0;
764 proc_open(tcp, attaching)
776 #ifndef HAVE_POLLABLE_PROCFS
780 #ifdef HAVE_MP_PROCFS
781 /* Open the process pseudo-files in /proc. */
782 sprintf(proc, "/proc/%d/ctl", tcp->pid);
783 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
784 perror("strace: open(\"/proc/...\", ...)");
787 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
791 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
795 sprintf(proc, "/proc/%d/status", tcp->pid);
796 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
797 perror("strace: open(\"/proc/...\", ...)");
800 if ((arg = fcntl(tcp->pfd_stat, F_GETFD)) < 0) {
804 if (fcntl(tcp->pfd_stat, F_SETFD, arg|FD_CLOEXEC) < 0) {
808 sprintf(proc, "/proc/%d/as", tcp->pid);
809 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
810 perror("strace: open(\"/proc/...\", ...)");
813 if ((arg = fcntl(tcp->pfd_as, F_GETFD)) < 0) {
817 if (fcntl(tcp->pfd_as, F_SETFD, arg|FD_CLOEXEC) < 0) {
822 /* Open the process pseudo-file in /proc. */
824 sprintf(proc, "/proc/%d", tcp->pid);
825 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
827 sprintf(proc, "/proc/%d/mem", tcp->pid);
828 if ((tcp->pfd = open(proc, O_RDWR)) < 0) {
830 perror("strace: open(\"/proc/...\", ...)");
833 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
837 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
843 sprintf(proc, "/proc/%d/regs", tcp->pid);
844 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
845 perror("strace: open(\"/proc/.../regs\", ...)");
849 sprintf(proc, "/proc/%d/status", tcp->pid);
850 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
851 perror("strace: open(\"/proc/.../status\", ...)");
855 tcp->pfd_status = -1;
860 * Wait for the child to pause. Because of a race
861 * condition we have to poll for the event.
864 if (IOCTL_STATUS (tcp) < 0) {
865 perror("strace: PIOCSTATUS");
868 if (tcp->status.PR_FLAGS & PR_ASLEEP)
873 /* Stop the process so that we own the stop. */
874 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
875 perror("strace: PIOCSTOP");
880 /* Set Run-on-Last-Close. */
882 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
883 perror("PIOCSET PR_RLC");
886 /* Set or Reset Inherit-on-Fork. */
888 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
889 perror("PIOC{SET,RESET} PR_FORK");
894 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
898 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
899 perror("PIOC{S,R}FORK");
903 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
904 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
909 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
914 #endif /* !PIOCSET */
916 /* Enable all syscall entries we care about. */
917 premptyset(&syscalls);
918 for (i = 1; i < MAX_QUALS; ++i) {
919 if (i > (sizeof syscalls) * CHAR_BIT) break;
920 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
922 praddset (&syscalls, SYS_execve);
924 praddset (&syscalls, SYS_fork);
926 praddset (&syscalls, SYS_forkall);
929 praddset (&syscalls, SYS_fork1);
932 praddset (&syscalls, SYS_rfork1);
935 praddset (&syscalls, SYS_rforkall);
938 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
939 perror("PIOCSENTRY");
942 /* Enable the syscall exits. */
943 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
947 /* Enable signals we care about. */
948 premptyset(&signals);
949 for (i = 1; i < MAX_QUALS; ++i) {
950 if (i > (sizeof signals) * CHAR_BIT) break;
951 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
953 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
954 perror("PIOCSTRACE");
957 /* Enable faults we care about */
959 for (i = 1; i < MAX_QUALS; ++i) {
960 if (i > (sizeof faults) * CHAR_BIT) break;
961 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
963 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
964 perror("PIOCSFAULT");
968 /* set events flags. */
969 arg = S_SIG | S_SCE | S_SCX ;
970 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
978 * The SGI PRSABORT doesn't work for pause() so
979 * we send it a caught signal to wake it up.
981 kill(tcp->pid, SIGINT);
984 /* The child is in a pause(), abort it. */
986 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
993 /* wake up the child if it received the SIGSTOP */
994 kill(tcp->pid, SIGCONT);
997 /* Wait for the child to do something. */
998 if (IOCTL_WSTOP (tcp) < 0) {
1002 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1003 tcp->flags &= ~TCB_INSYSCALL;
1005 if (known_scno(tcp) == SYS_execve)
1008 /* Set it running: maybe execve will be next. */
1011 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1013 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1014 #endif /* FREEBSD */
1019 /* handle the case where we "opened" the child before
1020 it did the kill -STOP */
1021 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1022 tcp->status.PR_WHAT == SIGSTOP)
1023 kill(tcp->pid, SIGCONT);
1030 if (attaching < 2) {
1031 /* We are attaching to an already running process.
1032 * Try to figure out the state of the process in syscalls,
1033 * to handle the first event well.
1034 * This is done by having a look at the "wchan" property of the
1035 * process, which tells where it is stopped (if it is). */
1037 char wchan[20]; /* should be enough */
1039 sprintf(proc, "/proc/%d/status", tcp->pid);
1040 status = fopen(proc, "r");
1042 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1043 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1044 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1045 strcmp(wchan, "stopevent")) {
1046 /* The process is asleep in the middle of a syscall.
1047 Fake the syscall entry event */
1048 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1049 tcp->status.PR_WHY = PR_SYSENTRY;
1054 } /* otherwise it's a fork being followed */
1056 #endif /* FREEBSD */
1057 #ifndef HAVE_POLLABLE_PROCFS
1058 if (proc_poll_pipe[0] != -1)
1059 proc_poller(tcp->pfd);
1060 else if (nprocs > 1) {
1062 proc_poller(last_pfd);
1063 proc_poller(tcp->pfd);
1065 last_pfd = tcp->pfd;
1066 #endif /* !HAVE_POLLABLE_PROCFS */
1070 #endif /* USE_PROCFS */
1079 for (i = 0; i < tcbtabsize; i++) {
1081 if (pid && tcp->pid != pid)
1083 if (tcp->flags & TCB_INUSE)
1097 for (i = 0; i < tcbtabsize; i++) {
1098 struct tcb *tcp = tcbtab[i];
1099 if (tcp->pfd != pfd)
1101 if (tcp->flags & TCB_INUSE)
1107 #endif /* USE_PROCFS */
1115 #ifdef TCB_CLONE_THREAD
1116 if (tcp->nclone_threads > 0) {
1117 /* There are other threads left in this process, but this
1118 is the one whose PID represents the whole process.
1119 We need to keep this record around as a zombie until
1120 all the threads die. */
1121 tcp->flags |= TCB_EXITING;
1128 if (tcp->parent != NULL) {
1129 tcp->parent->nchildren--;
1130 #ifdef TCB_CLONE_THREAD
1131 if (tcp->flags & TCB_CLONE_DETACHED)
1132 tcp->parent->nclone_detached--;
1133 if (tcp->flags & TCB_CLONE_THREAD)
1134 tcp->parent->nclone_threads--;
1136 #ifdef TCB_CLONE_DETACHED
1137 if (!(tcp->flags & TCB_CLONE_DETACHED))
1139 tcp->parent->nzombies++;
1144 if (tcp->pfd != -1) {
1148 if (tcp->pfd_reg != -1) {
1149 close(tcp->pfd_reg);
1152 if (tcp->pfd_status != -1) {
1153 close(tcp->pfd_status);
1154 tcp->pfd_status = -1;
1156 #endif /* !FREEBSD */
1158 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1162 if (outfname && followfork > 1 && tcp->outf)
1177 if (!(tcp->flags & TCB_SUSPENDED)) {
1178 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1181 tcp->flags &= ~TCB_SUSPENDED;
1182 #ifdef TCB_CLONE_THREAD
1183 if (tcp->flags & TCB_CLONE_THREAD)
1184 tcp->parent->nclone_waiting--;
1187 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
1188 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
1193 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1197 #endif /* !USE_PROCFS */
1199 /* detach traced process; continue with sig */
1208 int status, resumed;
1209 struct tcb *zombie = NULL;
1211 /* If the group leader is lingering only because of this other
1212 thread now dying, then detach the leader as well. */
1213 if ((tcp->flags & TCB_CLONE_THREAD) &&
1214 tcp->parent->nclone_threads == 1 &&
1215 (tcp->parent->flags & TCB_EXITING))
1216 zombie = tcp->parent;
1219 if (tcp->flags & TCB_BPTSET)
1224 * Linux wrongly insists the child be stopped
1225 * before detaching. Arghh. We go through hoops
1226 * to make a clean break of things.
1229 #undef PTRACE_DETACH
1230 #define PTRACE_DETACH PTRACE_SUNDETACH
1232 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1233 /* On a clear day, you can see forever. */
1235 else if (errno != ESRCH) {
1236 /* Shouldn't happen. */
1237 perror("detach: ptrace(PTRACE_DETACH, ...)");
1239 else if (kill(tcp->pid, 0) < 0) {
1241 perror("detach: checking sanity");
1243 else if (kill(tcp->pid, SIGSTOP) < 0) {
1245 perror("detach: stopping child");
1250 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1251 if (errno == ECHILD) /* Already gone. */
1253 if (errno != EINVAL) {
1254 perror("detach: waiting");
1258 /* No __WALL here. */
1259 if (waitpid(tcp->pid, &status, 0) < 0) {
1260 if (errno != ECHILD) {
1261 perror("detach: waiting");
1265 /* If no processes, try clones. */
1266 if (wait4(tcp->pid, &status, __WCLONE,
1268 if (errno != ECHILD)
1269 perror("detach: waiting");
1272 #endif /* __WCLONE */
1277 if (!WIFSTOPPED(status)) {
1278 /* Au revoir, mon ami. */
1281 if (WSTOPSIG(status) == SIGSTOP) {
1282 if ((error = ptrace(PTRACE_DETACH,
1283 tcp->pid, (char *) 1, sig)) < 0) {
1285 perror("detach: ptrace(PTRACE_DETACH, ...)");
1286 /* I died trying. */
1290 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
1291 WSTOPSIG(status) == SIGTRAP ?
1292 0 : WSTOPSIG(status))) < 0) {
1294 perror("detach: ptrace(PTRACE_CONT, ...)");
1302 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1303 if (sig && kill(tcp->pid, sig) < 0)
1304 perror("detach: kill");
1306 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
1307 perror("detach: ptrace(PTRACE_DETACH, ...)");
1313 /* XXX This won't always be quite right (but it never was).
1314 A waiter with argument 0 or < -1 is waiting for any pid in
1315 a particular pgrp, which this child might or might not be
1316 in. The waiter will only wake up if it's argument is -1
1317 or if it's waiting for tcp->pid's pgrp. It makes a
1318 difference to wake up a waiter when there might be more
1319 traced children, because it could get a false ECHILD
1320 error. OTOH, if this was the last child in the pgrp, then
1321 it ought to wake up and get ECHILD. We would have to
1322 search the system for all pid's in the pgrp to be sure.
1324 && (t->waitpid == -1 ||
1325 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1326 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1330 (tcp->parent->flags & TCB_SUSPENDED) &&
1331 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1332 error = resume(tcp->parent);
1335 #ifdef TCB_CLONE_THREAD
1336 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1337 /* Some other threads of our parent are waiting too. */
1340 /* Resume all the threads that were waiting for this PID. */
1341 for (i = 0; i < tcbtabsize; i++) {
1342 struct tcb *t = tcbtab[i];
1343 if (t->parent == tcp->parent && t != tcp
1344 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1345 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1346 && t->waitpid == tcp->pid) {
1347 error |= resume (t);
1352 /* Noone was waiting for this PID in particular,
1353 so now we might need to resume some wildcarders. */
1354 for (i = 0; i < tcbtabsize; i++) {
1355 struct tcb *t = tcbtab[i];
1356 if (t->parent == tcp->parent && t != tcp
1358 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1359 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1362 error |= resume (t);
1369 #endif /* !USE_PROCFS */
1372 fprintf(stderr, "Process %u detached\n", tcp->pid);
1378 error = detach(zombie) || error;
1393 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1404 #endif /* USE_PROCFS */
1412 for (i = 0; i < tcbtabsize; i++) {
1414 if (!(tcp->flags & TCB_INUSE))
1418 "cleanup: looking at pid %u\n", tcp->pid);
1420 (!outfname || followfork < 2 || tcp_last == tcp)) {
1421 tprintf(" <unfinished ...>\n");
1424 if (tcp->flags & TCB_ATTACHED)
1427 kill(tcp->pid, SIGCONT);
1428 kill(tcp->pid, SIGTERM);
1442 #ifndef HAVE_STRERROR
1444 #if !HAVE_DECL_SYS_ERRLIST
1445 extern int sys_nerr;
1446 extern char *sys_errlist[];
1447 #endif /* HAVE_DECL_SYS_ERRLIST */
1453 static char buf[64];
1455 if (errno < 1 || errno >= sys_nerr) {
1456 sprintf(buf, "Unknown error %d", errno);
1459 return sys_errlist[errno];
1462 #endif /* HAVE_STERRROR */
1464 #ifndef HAVE_STRSIGNAL
1466 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1467 extern char *sys_siglist[];
1469 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1470 extern char *_sys_siglist[];
1477 static char buf[64];
1479 if (sig < 1 || sig >= NSIG) {
1480 sprintf(buf, "Unknown signal %d", sig);
1483 #ifdef HAVE__SYS_SIGLIST
1484 return _sys_siglist[sig];
1486 return sys_siglist[sig];
1490 #endif /* HAVE_STRSIGNAL */
1501 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1502 if (pollv == NULL) {
1503 fprintf(stderr, "%s: out of memory\n", progname);
1507 for (i = j = 0; i < tcbtabsize; i++) {
1508 struct tcb *tcp = tcbtab[i];
1509 if (!(tcp->flags & TCB_INUSE))
1511 pollv[j].fd = tcp->pfd;
1512 pollv[j].events = POLLWANT;
1516 fprintf(stderr, "strace: proc miscount\n");
1521 #ifndef HAVE_POLLABLE_PROCFS
1529 if (pipe(proc_poll_pipe) < 0) {
1533 for (i = 0; i < 2; i++) {
1534 if ((arg = fcntl(proc_poll_pipe[i], F_GETFD)) < 0) {
1538 if (fcntl(proc_poll_pipe[i], F_SETFD, arg|FD_CLOEXEC) < 0) {
1546 proc_poll(pollv, nfds, timeout)
1547 struct pollfd *pollv;
1553 struct proc_pollfd pollinfo;
1555 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1557 if (n != sizeof(struct proc_pollfd)) {
1558 fprintf(stderr, "panic: short read: %d\n", n);
1561 for (i = 0; i < nprocs; i++) {
1562 if (pollv[i].fd == pollinfo.fd)
1563 pollv[i].revents = pollinfo.revents;
1565 pollv[i].revents = 0;
1567 poller_pid = pollinfo.pid;
1581 struct proc_pollfd pollinfo;
1582 struct sigaction sa;
1583 sigset_t blocked_set, empty_set;
1588 struct procfs_status pfs;
1589 #endif /* FREEBSD */
1601 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1603 sigemptyset(&sa.sa_mask);
1604 sigaction(SIGHUP, &sa, NULL);
1605 sigaction(SIGINT, &sa, NULL);
1606 sigaction(SIGQUIT, &sa, NULL);
1607 sigaction(SIGPIPE, &sa, NULL);
1608 sigaction(SIGTERM, &sa, NULL);
1609 sa.sa_handler = wakeup_handler;
1610 sigaction(SIGUSR1, &sa, NULL);
1611 sigemptyset(&blocked_set);
1612 sigaddset(&blocked_set, SIGUSR1);
1613 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1614 sigemptyset(&empty_set);
1616 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1617 perror("getrlimit(RLIMIT_NOFILE, ...)");
1621 for (i = 0; i < n; i++) {
1622 if (i != pfd && i != proc_poll_pipe[1])
1627 pollinfo.pid = getpid();
1630 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1632 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1633 #endif /* FREEBSD */
1639 pollinfo.revents = POLLERR;
1642 pollinfo.revents = POLLHUP;
1645 perror("proc_poller: PIOCWSTOP");
1647 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1650 pollinfo.revents = POLLWANT;
1651 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1652 sigsuspend(&empty_set);
1656 #endif /* !HAVE_POLLABLE_PROCFS */
1666 if (followfork < 2 &&
1667 last < nprocs && (pollv[last].revents & POLLWANT)) {
1669 * The previous process is ready to run again. We'll
1670 * let it do so if it is currently in a syscall. This
1671 * heuristic improves the readability of the trace.
1673 tcp = pfd2tcb(pollv[last].fd);
1674 if (tcp && (tcp->flags & TCB_INSYSCALL))
1675 return pollv[last].fd;
1678 for (i = 0; i < nprocs; i++) {
1679 /* Let competing children run round robin. */
1680 j = (i + last + 1) % nprocs;
1681 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1682 tcp = pfd2tcb(pollv[j].fd);
1684 fprintf(stderr, "strace: lost proc\n");
1690 if (pollv[j].revents & POLLWANT) {
1695 fprintf(stderr, "strace: nothing ready\n");
1703 struct tcb *in_syscall = NULL;
1708 int ioctl_result = 0, ioctl_errno = 0;
1713 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1720 #ifndef HAVE_POLLABLE_PROCFS
1721 if (proc_poll_pipe[0] == -1) {
1730 #ifndef HAVE_POLLABLE_PROCFS
1732 /* fall through ... */
1733 #endif /* !HAVE_POLLABLE_PROCFS */
1735 #ifdef HAVE_POLLABLE_PROCFS
1737 /* On some systems (e.g. UnixWare) we get too much ugly
1738 "unfinished..." stuff when multiple proceses are in
1739 syscalls. Here's a nasty hack */
1746 pv.events = POLLWANT;
1747 if ((what = poll (&pv, 1, 1)) < 0) {
1752 else if (what == 1 && pv.revents & POLLWANT) {
1758 if (poll(pollv, nprocs, INFTIM) < 0) {
1763 #else /* !HAVE_POLLABLE_PROCFS */
1764 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1769 #endif /* !HAVE_POLLABLE_PROCFS */
1776 /* Look up `pfd' in our table. */
1777 if ((tcp = pfd2tcb(pfd)) == NULL) {
1778 fprintf(stderr, "unknown pfd: %u\n", pfd);
1784 /* Get the status of the process. */
1787 ioctl_result = IOCTL_WSTOP (tcp);
1789 /* Thanks to some scheduling mystery, the first poller
1790 sometimes waits for the already processed end of fork
1791 event. Doing a non blocking poll here solves the problem. */
1792 if (proc_poll_pipe[0] != -1)
1793 ioctl_result = IOCTL_STATUS (tcp);
1795 ioctl_result = IOCTL_WSTOP (tcp);
1796 #endif /* FREEBSD */
1797 ioctl_errno = errno;
1798 #ifndef HAVE_POLLABLE_PROCFS
1799 if (proc_poll_pipe[0] != -1) {
1800 if (ioctl_result < 0)
1801 kill(poller_pid, SIGKILL);
1803 kill(poller_pid, SIGUSR1);
1805 #endif /* !HAVE_POLLABLE_PROCFS */
1811 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1813 if (ioctl_result < 0) {
1814 /* Find out what happened if it failed. */
1815 switch (ioctl_errno) {
1826 perror("PIOCWSTOP");
1832 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
1833 /* discard first event for a syscall we never entered */
1834 IOCTL (tcp->pfd, PIOCRUN, 0);
1839 /* clear the just started flag */
1840 tcp->flags &= ~TCB_STARTUP;
1842 /* set current output file */
1846 struct timeval stime;
1851 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
1854 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
1855 &stime.tv_sec, &stime.tv_usec);
1857 stime.tv_sec = stime.tv_usec = 0;
1858 #else /* !FREEBSD */
1859 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1860 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1861 #endif /* !FREEBSD */
1862 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1865 what = tcp->status.PR_WHAT;
1866 switch (tcp->status.PR_WHY) {
1869 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
1870 tcp->status.PR_WHY = PR_SYSENTRY;
1871 if (trace_syscall(tcp) < 0) {
1872 fprintf(stderr, "syscall trouble\n");
1877 #endif /* !FREEBSD */
1883 if (trace_syscall(tcp) < 0) {
1884 fprintf(stderr, "syscall trouble\n");
1889 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1891 tprintf("--- %s (%s) ---",
1892 signame(what), strsignal(what));
1895 if (tcp->status.PR_INFO.si_signo == what) {
1897 tprintf(" siginfo=");
1898 printsiginfo(&tcp->status.PR_INFO, 1);
1905 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1907 tprintf("=== FAULT %d ===", what);
1912 case 0: /* handle case we polled for nothing */
1916 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
1922 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1924 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0) {
1933 #else /* !USE_PROCFS */
1935 #ifdef TCB_GROUP_EXITING
1936 /* Handle an exit detach or death signal that is taking all the
1937 related clone threads with it. This is called in three circumstances:
1938 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
1939 SIG == 0 Continuing TCP will perform an exit_group syscall.
1940 SIG == other Continuing TCP with SIG will kill the process.
1943 handle_group_exit(struct tcb *tcp, int sig)
1945 /* We need to locate our records of all the clone threads
1946 related to TCP, either its children or siblings. */
1947 struct tcb *leader = ((tcp->flags & TCB_CLONE_THREAD)
1949 : tcp->nclone_detached > 0
1953 if (leader != NULL && leader != tcp &&
1954 !(leader->flags & TCB_GROUP_EXITING))
1956 "PANIC: handle_group_exit: %d leader %d\n",
1957 tcp->pid, leader ? leader->pid : -1);
1958 detach(tcp); /* Already died. */
1961 /* Mark that we are taking the process down. */
1962 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
1963 if (tcp->flags & TCB_ATTACHED) {
1964 if (leader != NULL && leader != tcp) {
1965 if (leader->flags & TCB_ATTACHED) {
1966 /* We need to detach the leader so
1967 that the process death will be
1968 reported to its real parent.
1969 But we kill it first to prevent
1970 it doing anything before we kill
1971 the whole process in a moment.
1972 We can use PTRACE_KILL on a
1973 thread that's not already
1974 stopped. Then the value we pass
1975 in PTRACE_DETACH just sets the
1976 death signal reported to the
1978 ptrace(PTRACE_KILL, leader->pid, 0, 0);
1981 " [%d exit %d kills %d]\n",
1982 tcp->pid, sig, leader->pid);
1983 detach(leader, sig);
1986 leader->flags |= TCB_GROUP_EXITING;
1990 else if (ptrace(PTRACE_CONT, tcp->pid, (char *) 1, sig) < 0) {
1991 perror("strace: ptrace(PTRACE_CONT, ...)");
1997 leader->flags |= TCB_GROUP_EXITING;
1998 if (leader != NULL && leader != tcp)
2000 /* The leader will report to us as parent now,
2001 and then we'll get to the SIG==-1 case. */
2020 static int wait4_options = __WALL;
2024 while (nprocs != 0) {
2026 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2029 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2030 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2031 /* this kernel does not support __WALL */
2032 wait4_options &= ~__WALL;
2034 pid = wait4(-1, &status, wait4_options,
2035 cflag ? &ru : NULL);
2037 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2038 /* most likely a "cloned" process */
2039 pid = wait4(-1, &status, __WCLONE,
2040 cflag ? &ru : NULL);
2042 fprintf(stderr, "strace: clone wait4 "
2043 "failed: %s\n", strerror(errno));
2047 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2051 pid = wait(&status);
2055 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2061 switch (wait_errno) {
2066 * We would like to verify this case
2067 * but sometimes a race in Solbourne's
2068 * version of SunOS sometimes reports
2069 * ECHILD before sending us SIGCHILD.
2074 fprintf(stderr, "strace: proc miscount\n");
2080 perror("strace: wait");
2085 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2087 /* Look up `pid' in our table. */
2088 if ((tcp = pid2tcb(pid)) == NULL) {
2090 if (followfork || followvfork) {
2091 /* This is needed to go with the CLONE_PTRACE
2092 changes in process.c/util.c: we might see
2093 the child's initial trap before we see the
2094 parent return from the clone syscall.
2095 Leave the child suspended until the parent
2096 returns from its system call. Only then
2097 will we have the association of parent and
2098 child so that we know how to do clearbpt
2100 if ((tcp = alloctcb(pid)) == NULL) {
2101 fprintf(stderr, " [tcb table full]\n");
2102 kill(pid, SIGKILL); /* XXX */
2105 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2109 Process %d attached (waiting for parent)\n",
2113 /* This can happen if a clone call used
2114 CLONE_PTRACE itself. */
2117 fprintf(stderr, "unknown pid: %u\n", pid);
2118 if (WIFSTOPPED(status))
2119 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2123 /* set current output file */
2127 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2128 tcp->stime = ru.ru_stime;
2132 if (tcp->flags & TCB_SUSPENDED) {
2134 * Apparently, doing any ptrace() call on a stopped
2135 * process, provokes the kernel to report the process
2136 * status again on a subsequent wait(), even if the
2137 * process has not been actually restarted.
2138 * Since we have inspected the arguments of suspended
2139 * processes we end up here testing for this case.
2143 if (WIFSIGNALED(status)) {
2145 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2147 tprintf("+++ killed by %s %s+++",
2148 signame(WTERMSIG(status)),
2150 WCOREDUMP(status) ? "(core dumped) " :
2155 #ifdef TCB_GROUP_EXITING
2156 handle_group_exit(tcp, -1);
2162 if (WIFEXITED(status)) {
2164 fprintf(stderr, "pid %u exited\n", pid);
2165 if ((tcp->flags & TCB_ATTACHED)
2166 #ifdef TCB_GROUP_EXITING
2167 && !(tcp->parent && (tcp->parent->flags &
2172 "PANIC: attached pid %u exited\n",
2174 if (tcp == tcp_last) {
2175 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT))
2177 tprintf(" <unfinished ... exit status %d>\n",
2178 WEXITSTATUS(status));
2181 #ifdef TCB_GROUP_EXITING
2182 handle_group_exit(tcp, -1);
2188 if (!WIFSTOPPED(status)) {
2189 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2194 fprintf(stderr, "pid %u stopped, [%s]\n",
2195 pid, signame(WSTOPSIG(status)));
2197 if (tcp->flags & TCB_STARTUP) {
2199 * This flag is there to keep us in sync.
2200 * Next time this process stops it should
2201 * really be entering a system call.
2203 tcp->flags &= ~TCB_STARTUP;
2204 if (tcp->flags & TCB_ATTACHED) {
2206 * Interestingly, the process may stop
2207 * with STOPSIG equal to some other signal
2208 * than SIGSTOP if we happend to attach
2209 * just before the process takes a signal.
2211 if (!WIFSTOPPED(status)) {
2213 "pid %u not stopped\n", pid);
2214 detach(tcp, WSTOPSIG(status));
2220 /* A child of us stopped at exec */
2221 if (WSTOPSIG(status) == SIGTRAP && followvfork)
2225 if (tcp->flags & TCB_BPTSET) {
2226 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2235 if (WSTOPSIG(status) != SIGTRAP) {
2236 if (WSTOPSIG(status) == SIGSTOP &&
2237 (tcp->flags & TCB_SIGTRAPPED)) {
2239 * Trapped attempt to block SIGTRAP
2240 * Hope we are back in control now.
2242 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2243 if (ptrace(PTRACE_SYSCALL,
2244 pid, (char *) 1, 0) < 0) {
2245 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2252 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2253 unsigned long addr = 0, pc = 0;
2254 #ifdef PT_GETSIGINFO
2259 upeek(pid, PT_CR_IPSR, &psr);
2260 upeek(pid, PT_CR_IIP, &pc);
2262 pc += (psr >> PSR_RI) & 0x3;
2263 ptrace(PT_GETSIGINFO, pid, 0, (long) &si);
2264 addr = (unsigned long) si.si_addr;
2265 #elif defined PTRACE_GETSIGINFO
2266 if (WSTOPSIG(status) == SIGSEGV ||
2267 WSTOPSIG(status) == SIGBUS) {
2269 if (ptrace(PTRACE_GETSIGINFO, pid,
2271 addr = (unsigned long)
2276 tprintf("--- %s (%s) @ %lx (%lx) ---",
2277 signame(WSTOPSIG(status)),
2278 strsignal(WSTOPSIG(status)), pc, addr);
2281 if (((tcp->flags & TCB_ATTACHED) ||
2282 tcp->nclone_threads > 0) &&
2283 !sigishandled(tcp, WSTOPSIG(status))) {
2284 #ifdef TCB_GROUP_EXITING
2285 handle_group_exit(tcp, WSTOPSIG(status));
2287 detach(tcp, WSTOPSIG(status));
2291 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
2292 WSTOPSIG(status)) < 0) {
2293 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2297 tcp->flags &= ~TCB_SUSPENDED;
2300 if (trace_syscall(tcp) < 0) {
2301 if (tcp->flags & TCB_ATTACHED)
2305 tcp->pid, (char *) 1, SIGTERM);
2310 if (tcp->flags & TCB_EXITING) {
2311 #ifdef TCB_GROUP_EXITING
2312 if (tcp->flags & TCB_GROUP_EXITING) {
2313 if (handle_group_exit(tcp, 0) < 0)
2318 if (tcp->flags & TCB_ATTACHED)
2320 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
2321 perror("strace: ptrace(PTRACE_CONT, ...)");
2327 if (tcp->flags & TCB_SUSPENDED) {
2329 fprintf(stderr, "Process %u suspended\n", pid);
2333 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
2334 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2342 #endif /* !USE_PROCFS */
2348 #define VA_START(a, b) va_start(a, b)
2350 #include <varargs.h>
2351 #define VA_START(a, b) va_start(a)
2356 tprintf(const char *fmt, ...)
2358 tprintf(fmt, va_alist)
2365 VA_START(args, fmt);
2367 int n = vfprintf(outf, fmt, args);
2368 if (n < 0 && outf != stderr)
2369 perror(outfname == NULL
2370 ? "<writing to pipe>" : outfname);
2382 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
2383 tcp_last->flags |= TCB_REPRINT;
2384 tprintf(" <unfinished ...>\n");
2387 if ((followfork == 1 || pflag_seen > 1) && outfname)
2388 tprintf("%-5d ", tcp->pid);
2389 else if (nprocs > 1 && !outfname)
2390 tprintf("[pid %5u] ", tcp->pid);
2392 char str[sizeof("HH:MM:SS")];
2393 struct timeval tv, dtv;
2394 static struct timeval otv;
2396 gettimeofday(&tv, NULL);
2398 if (otv.tv_sec == 0)
2400 tv_sub(&dtv, &tv, &otv);
2401 tprintf("%6ld.%06ld ",
2402 (long) dtv.tv_sec, (long) dtv.tv_usec);
2405 else if (tflag > 2) {
2406 tprintf("%ld.%06ld ",
2407 (long) tv.tv_sec, (long) tv.tv_usec);
2410 time_t local = tv.tv_sec;
2411 strftime(str, sizeof(str), "%T", localtime(&local));
2413 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2415 tprintf("%s ", str);
2427 tprintf("%*s", col - curcol, "");
2438 #ifdef HAVE_MP_PROCFS
2440 int mp_ioctl (int fd, int cmd, void *arg, int size) {
2442 struct iovec iov[2];
2445 iov[0].iov_base = &cmd;
2446 iov[0].iov_len = sizeof cmd;
2449 iov[1].iov_base = arg;
2450 iov[1].iov_len = size;
2453 return writev (fd, iov, n);