2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
38 #include <sys/resource.h>
46 #include <sys/stropts.h>
50 int debug = 0, followfork = 0, followvfork = 0, interactive = 0;
51 int rflag = 0, tflag = 0, dtime = 0, cflag = 0;
52 int iflag = 0, xflag = 0, qflag = 0;
55 char *username = NULL;
59 int acolumn = DEFAULT_ACOLUMN;
60 int max_strlen = DEFAULT_STRLEN;
61 char *outfname = NULL;
63 struct tcb tcbtab[MAX_PROCS];
66 extern char version[];
67 extern char **environ;
69 static struct tcb *pid2tcb P((int pid));
70 static int trace P((void));
71 static void cleanup P((void));
72 static void interrupt P((int sig));
73 static sigset_t empty_set, blocked_set;
75 #ifdef HAVE_SIG_ATOMIC_T
76 static volatile sig_atomic_t interrupted;
77 #else /* !HAVE_SIG_ATOMIC_T */
79 static volatile int interrupted;
81 static int interrupted;
82 #endif /* !__STDC__ */
83 #endif /* !HAVE_SIG_ATOMIC_T */
87 static struct tcb *pfd2tcb P((int pfd));
88 static void reaper P((int sig));
89 static void rebuild_pollv P((void));
90 struct pollfd pollv[MAX_PROCS];
92 #ifndef HAVE_POLLABLE_PROCFS
94 static void proc_poll_open P((void));
95 static void proc_poller P((int pfd));
103 static int poller_pid;
104 static int proc_poll_pipe[2] = { -1, -1 };
106 #endif /* !HAVE_POLLABLE_PROCFS */
116 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
117 [-p pid] ... [-s strsize] [-u username] [command [arg ...]]\n\
118 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [command [arg ...]]\n\
119 -c -- count time, calls, and errors for each syscall and report summary\n\
120 -f -- follow forks, -ff -- with output into separate files\n\
121 -F -- attempt to follow vforks, -h -- print help message\n\
122 -i -- print instruction pointer at time of syscall\n\
123 -q -- suppress messages about attaching, detaching, etc.\n\
124 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
125 -T -- print time spent in each syscall, -V -- print version\n\
126 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
127 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
128 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
129 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
130 options: trace, abbrev, verbose, raw, signal, read, or write\n\
131 -o file -- send trace output to FILE instead of stderr\n\
132 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
133 -p pid -- trace process with process id PID, may be repeated\n\
134 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
135 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
136 -u username -- run command as username handling setuid and/or setgid\n\
137 ", DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
161 static char buf[BUFSIZ];
166 qualify("trace=all");
167 qualify("abbrev=all");
168 qualify("verbose=all");
169 qualify("signal=all");
170 set_sortby(DEFAULT_SORTBY);
171 set_personality(DEFAULT_PERSONALITY);
172 while ((c = getopt(argc, argv,
173 "+cdfFhiqrtTvVxa:e:o:O:p:s:S:u:")) != EOF) {
211 qualify("abbrev=none");
214 printf("%s\n", version);
218 acolumn = atoi(optarg);
224 outfname = strdup(optarg);
227 set_overhead(atoi(optarg));
230 if ((pid = atoi(optarg)) == 0) {
231 fprintf(stderr, "%s: Invalid process id: %s\n",
235 if (pid == getpid()) {
236 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.", progname);
239 if ((tcp = alloctcb(pid)) == NULL) {
240 fprintf(stderr, "%s: tcb table full, please recompile strace\n",
244 tcp->flags |= TCB_ATTACHED;
248 max_strlen = atoi(optarg);
254 username = strdup(optarg);
262 /* See if they want to run as another user. */
263 if (username != NULL) {
266 if (getuid() != 0 || geteuid() != 0) {
268 "%s: you must be root to use the -u option\n",
272 if ((pent = getpwnam(username)) == NULL) {
273 fprintf(stderr, "%s: cannot find user `%s'\n",
277 run_uid = pent->pw_uid;
278 run_gid = pent->pw_gid;
286 setreuid(geteuid(), getuid());
289 /* See if they want to pipe the output. */
290 if (outfname && (outfname[0] == '|' || outfname[0] == '!')) {
291 if ((outf = popen(outfname + 1, "w")) == NULL) {
292 fprintf(stderr, "%s: can't popen '%s': %s\n",
293 progname, outfname + 1, strerror(errno));
300 /* Check if they want to redirect the output. */
302 if ((outf = fopen(outfname, "w")) == NULL) {
303 fprintf(stderr, "%s: can't fopen '%s': %s\n",
304 progname, outfname, strerror(errno));
310 setreuid(geteuid(), getuid());
315 setvbuf(outf, buf, _IOLBF, BUFSIZ);
317 else if (optind < argc)
322 for (c = 0, tcp = tcbtab; c < MAX_PROCS; c++, tcp++) {
323 /* Reinitialize the output since it may have changed. */
325 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
328 if (proc_open(tcp, 1) < 0) {
329 fprintf(stderr, "trouble opening proc file\n");
334 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
335 perror("attach: ptrace(PTRACE_ATTACH, ...)");
342 "Process %u attached - interrupt to quit\n",
349 char pathname[MAXPATHLEN];
351 filename = argv[optind];
352 if (strchr(filename, '/'))
353 strcpy(pathname, filename);
354 #ifdef USE_DEBUGGING_EXEC
356 * Debuggers customarily check the current directory
357 * first regardless of the path but doing that gives
358 * security geeks a panic attack.
360 else if (stat(filename, &statbuf) == 0)
361 strcpy(pathname, filename);
362 #endif /* USE_DEBUGGING_EXEC */
367 for (path = getenv("PATH"); path && *path; path += m) {
368 if (strchr(path, ':')) {
369 n = strchr(path, ':') - path;
373 m = n = strlen(path);
375 getcwd(pathname, MAXPATHLEN);
376 len = strlen(pathname);
379 strncpy(pathname, path, n);
382 if (len && pathname[len - 1] != '/')
383 pathname[len++] = '/';
384 strcpy(pathname + len, filename);
385 if (stat(pathname, &statbuf) == 0)
389 if (stat(pathname, &statbuf) < 0) {
390 fprintf(stderr, "%s: %s: command not found\n",
394 switch (pid = fork()) {
396 perror("strace: fork");
402 if (outf != stderr) close (fileno (outf));
404 /* Kludge for SGI, see proc_open for details. */
405 sa.sa_handler = foobar;
407 sigemptyset(&sa.sa_mask);
408 sigaction(SIGINT, &sa, NULL);
412 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
413 perror("strace: ptrace(PTRACE_TRACEME, ...)");
417 kill(getpid(), SIGSTOP);
419 if (username != NULL || geteuid() == 0) {
420 uid_t run_euid = run_uid;
421 gid_t run_egid = run_gid;
423 if (statbuf.st_mode & S_ISUID)
424 run_euid = statbuf.st_uid;
425 if (statbuf.st_mode & S_ISGID)
426 run_egid = statbuf.st_gid;
429 * It is important to set groups before we
430 * lose privileges on setuid.
433 && initgroups(username, run_gid) < 0) {
434 perror("initgroups");
437 if (setregid(run_gid, run_egid) < 0) {
441 if (setreuid(run_uid, run_euid) < 0) {
447 setreuid(run_uid, run_uid);
450 execv(pathname, &argv[optind]);
451 perror("strace: exec");
456 if ((tcp = alloctcb(pid)) == NULL) {
457 fprintf(stderr, "tcb table full\n");
462 if (proc_open(tcp, 0) < 0) {
463 fprintf(stderr, "trouble opening proc file\n");
469 fake_execve(tcp, pathname, &argv[optind], environ);
474 else if (pflag_seen == 0)
477 sigemptyset(&empty_set);
478 sigemptyset(&blocked_set);
479 sa.sa_handler = SIG_IGN;
480 sigemptyset(&sa.sa_mask);
482 sigaction(SIGTTOU, &sa, NULL);
483 sigaction(SIGTTIN, &sa, NULL);
485 sigaddset(&blocked_set, SIGHUP);
486 sigaddset(&blocked_set, SIGINT);
487 sigaddset(&blocked_set, SIGQUIT);
488 sigaddset(&blocked_set, SIGPIPE);
489 sigaddset(&blocked_set, SIGTERM);
490 sa.sa_handler = interrupt;
492 /* POSIX signals on sunos4.1 are a little broken. */
493 sa.sa_flags = SA_INTERRUPT;
496 sigaction(SIGHUP, &sa, NULL);
497 sigaction(SIGINT, &sa, NULL);
498 sigaction(SIGQUIT, &sa, NULL);
499 sigaction(SIGPIPE, &sa, NULL);
500 sigaction(SIGTERM, &sa, NULL);
502 sa.sa_handler = reaper;
503 sigaction(SIGCHLD, &sa, NULL);
516 char name[MAXPATHLEN];
519 if (outfname && followfork > 1) {
520 sprintf(name, "%s.%u", outfname, tcp->pid);
522 setreuid(geteuid(), getuid());
524 fp = fopen(name, "w");
526 setreuid(geteuid(), getuid());
544 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
545 if ((tcp->flags & TCB_INUSE) == 0) {
549 tcp->flags = TCB_INUSE | TCB_STARTUP;
550 tcp->outf = outf; /* Initialise to current out file */
551 tcp->stime.tv_sec = 0;
552 tcp->stime.tv_usec = 0;
564 proc_open(tcp, attaching)
570 sysset_t sc_enter, sc_exit;
576 #ifndef HAVE_POLLABLE_PROCFS
580 /* Open the process pseudo-file in /proc. */
581 sprintf(proc, "/proc/%d", tcp->pid);
582 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
583 perror("strace: open(\"/proc/...\", ...)");
589 * Wait for the child to pause. Because of a race
590 * condition we have to poll for the event.
593 if (ioctl(tcp->pfd, PIOCSTATUS, &tcp->status) < 0) {
594 perror("strace: PIOCSTATUS");
597 if (tcp->status.pr_flags & PR_ASLEEP)
601 /* Stop the process so that we own the stop. */
602 if (ioctl(tcp->pfd, PIOCSTOP, &tcp->status) < 0) {
603 perror("strace: PIOCSTOP");
606 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
610 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
615 /* Set Run-on-Last-Close. */
617 if (ioctl(tcp->pfd, PIOCSET, &arg) < 0) {
618 perror("PIOCSET PR_RLC");
621 /* Set or Reset Inherit-on-Fork. */
623 if (ioctl(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
624 perror("PIOC{SET,RESET} PR_FORK");
628 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
632 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
633 perror("PIOC{S,R}FORK");
636 #endif /* !PIOCSET */
637 /* Enable all syscall entries. */
638 prfillset(&sc_enter);
639 if (ioctl(tcp->pfd, PIOCSENTRY, &sc_enter) < 0) {
640 perror("PIOCSENTRY");
643 /* Enable all syscall exits. */
645 if (ioctl(tcp->pfd, PIOCSEXIT, &sc_exit) < 0) {
649 /* Enable all signals. */
651 if (ioctl(tcp->pfd, PIOCSTRACE, &signals) < 0) {
652 perror("PIOCSTRACE");
655 /* Enable all faults. */
657 if (ioctl(tcp->pfd, PIOCSFAULT, &faults) < 0) {
658 perror("PIOCSFAULT");
664 * The SGI PRSABORT doesn't work for pause() so
665 * we send it a caught signal to wake it up.
667 kill(tcp->pid, SIGINT);
669 /* The child is in a pause(), abort it. */
670 run.pr_flags = PRSABORT;
671 if (ioctl(tcp->pfd, PIOCRUN, &run) < 0) {
677 /* Wait for the child to do something. */
678 if (ioctl(tcp->pfd, PIOCWSTOP, &tcp->status) < 0) {
682 if (tcp->status.pr_why == PR_SYSENTRY) {
683 #ifdef HAVE_PR_SYSCALL
684 int scno = tcp->status.pr_syscall;
685 #else /* !HAVE_PR_SYSCALL */
686 int scno = tcp->status.pr_what;
687 #endif /* !HAVE_PR_SYSCALL */
688 if (scno == SYS_execve)
691 /* Set it running: maybe execve will be next. */
692 if (ioctl(tcp->pfd, PIOCRUN, NULL) < 0) {
698 #ifndef HAVE_POLLABLE_PROCFS
699 if (proc_poll_pipe[0] != -1)
700 proc_poller(tcp->pfd);
701 else if (nprocs > 1) {
703 proc_poller(last_pfd);
704 proc_poller(tcp->pfd);
707 #endif /* !HAVE_POLLABLE_PROCFS */
720 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
721 if (pid && tcp->pid != pid)
723 if (tcp->flags & TCB_INUSE)
738 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
741 if (tcp->flags & TCB_INUSE)
758 if (tcp->pfd != -1) {
765 if (tcp->parent != NULL) {
766 tcp->parent->nchildren--;
770 if (tcp->outf != stderr)
785 if (!(tcp->flags & TCB_SUSPENDED)) {
786 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
789 tcp->flags &= ~TCB_SUSPENDED;
791 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
792 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
797 fprintf(stderr, "Process %u resumed\n", tcp->pid);
803 /* detach traced process; continue with sig */
815 if (tcp->flags & TCB_BPTSET)
820 * Linux wrongly insists the child be stopped
821 * before detaching. Arghh. We go through hoops
822 * to make a clean break of things.
826 #define PTRACE_DETACH PTRACE_SUNDETACH
828 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
829 /* On a clear day, you can see forever. */
831 else if (errno != ESRCH) {
832 /* Shouldn't happen. */
833 perror("detach: ptrace(PTRACE_DETACH, ...)");
835 else if (kill(tcp->pid, 0) < 0) {
837 perror("detach: checking sanity");
839 else if (kill(tcp->pid, SIGSTOP) < 0) {
841 perror("detach: stopping child");
845 if (waitpid(tcp->pid, &status, 0) < 0) {
847 perror("detach: waiting");
850 if (!WIFSTOPPED(status)) {
851 /* Au revoir, mon ami. */
854 if (WSTOPSIG(status) == SIGSTOP) {
855 if ((error = ptrace(PTRACE_DETACH,
856 tcp->pid, (char *) 1, sig)) < 0) {
858 perror("detach: ptrace(PTRACE_DETACH, ...)");
863 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
864 WSTOPSIG(status) == SIGTRAP ?
865 0 : WSTOPSIG(status))) < 0) {
867 perror("detach: ptrace(PTRACE_CONT, ...)");
875 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
876 if (sig && kill(tcp->pid, sig) < 0)
877 perror("detach: kill");
879 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
880 perror("detach: ptrace(PTRACE_DETACH, ...)");
884 if (waiting_parent(tcp))
885 error = resume(tcp->parent);
889 fprintf(stderr, "Process %u detached\n", tcp->pid);
904 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
923 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
924 if (!(tcp->flags & TCB_INUSE))
928 "cleanup: looking at pid %u\n", tcp->pid);
930 (!outfname || followfork < 2 || tcp_last == tcp)) {
931 tprintf(" <unfinished ...>\n");
934 if (tcp->flags & TCB_ATTACHED)
937 kill(tcp->pid, SIGCONT);
938 kill(tcp->pid, SIGTERM);
952 #ifndef HAVE_STRERROR
954 #ifndef SYS_ERRLIST_DECLARED
956 extern char *sys_errlist[];
957 #endif /* SYS_ERRLIST_DECLARED */
965 if (errno < 1 || errno >= sys_nerr) {
966 sprintf(buf, "Unknown error %d", errno);
969 return sys_errlist[errno];
972 #endif /* HAVE_STERRROR */
974 #ifndef HAVE_STRSIGNAL
976 #ifndef SYS_SIGLIST_DECLARED
977 #ifdef HAVE__SYS_SIGLIST
978 extern char *_sys_siglist[];
980 extern char *sys_siglist[];
982 #endif /* SYS_SIGLIST_DECLARED */
990 if (sig < 1 || sig >= NSIG) {
991 sprintf(buf, "Unknown signal %d", sig);
994 #ifdef HAVE__SYS_SIGLIST
995 return _sys_siglist[sig];
997 return sys_siglist[sig];
1001 #endif /* HAVE_STRSIGNAL */
1011 for (i = j = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
1012 if (!(tcp->flags & TCB_INUSE))
1014 pollv[j].fd = tcp->pfd;
1015 pollv[j].events = POLLPRI;
1019 fprintf(stderr, "strace: proc miscount\n");
1024 #ifndef HAVE_POLLABLE_PROCFS
1032 if (pipe(proc_poll_pipe) < 0) {
1036 for (i = 0; i < 2; i++) {
1037 if ((arg = fcntl(proc_poll_pipe[i], F_GETFD)) < 0) {
1041 if (fcntl(proc_poll_pipe[i], F_SETFD, arg|FD_CLOEXEC) < 0) {
1049 proc_poll(pollv, nfds, timeout)
1050 struct pollfd *pollv;
1056 struct proc_pollfd pollinfo;
1058 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1060 if (n != sizeof(struct proc_pollfd)) {
1061 fprintf(stderr, "panic: short read: %d\n", n);
1064 for (i = 0; i < nprocs; i++) {
1065 if (pollv[i].fd == pollinfo.fd)
1066 pollv[i].revents = pollinfo.revents;
1068 pollv[i].revents = 0;
1070 poller_pid = pollinfo.pid;
1084 struct proc_pollfd pollinfo;
1085 struct sigaction sa;
1086 sigset_t blocked_set, empty_set;
1101 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1103 sigemptyset(&sa.sa_mask);
1104 sigaction(SIGHUP, &sa, NULL);
1105 sigaction(SIGINT, &sa, NULL);
1106 sigaction(SIGQUIT, &sa, NULL);
1107 sigaction(SIGPIPE, &sa, NULL);
1108 sigaction(SIGTERM, &sa, NULL);
1109 sa.sa_handler = wakeup_handler;
1110 sigaction(SIGUSR1, &sa, NULL);
1111 sigemptyset(&blocked_set);
1112 sigaddset(&blocked_set, SIGUSR1);
1113 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1114 sigemptyset(&empty_set);
1116 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1117 perror("getrlimit(RLIMIT_NOFILE, ...)");
1121 for (i = 0; i < n; i++) {
1122 if (i != pfd && i != proc_poll_pipe[1])
1127 pollinfo.pid = getpid();
1129 if (ioctl(pfd, PIOCWSTOP, NULL) < 0) {
1134 pollinfo.revents = POLLERR;
1137 pollinfo.revents = POLLHUP;
1140 perror("proc_poller: PIOCWSTOP");
1142 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1145 pollinfo.revents = POLLPRI;
1146 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1147 sigsuspend(&empty_set);
1151 #endif /* !HAVE_POLLABLE_PROCFS */
1161 if (followfork < 2 &&
1162 last < nprocs && (pollv[last].revents & POLLPRI)) {
1164 * The previous process is ready to run again. We'll
1165 * let it do so if it is currently in a syscall. This
1166 * heuristic improves the readability of the trace.
1168 tcp = pfd2tcb(pollv[last].fd);
1169 if (tcp && (tcp->flags & TCB_INSYSCALL))
1170 return pollv[last].fd;
1173 for (i = 0; i < nprocs; i++) {
1174 /* Let competing children run round robin. */
1175 j = (i + last + 1) % nprocs;
1176 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1177 tcp = pfd2tcb(pollv[j].fd);
1179 fprintf(stderr, "strace: lost proc\n");
1185 if (pollv[j].revents & POLLPRI) {
1190 fprintf(stderr, "strace: nothing ready\n");
1200 int ioctl_result = 0, ioctl_errno = 0;
1204 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1211 #ifndef HAVE_POLLABLE_PROCFS
1212 if (proc_poll_pipe[0] == -1) {
1221 #ifndef HAVE_POLLABLE_PROCFS
1223 /* fall through ... */
1224 #endif /* !HAVE_POLLABLE_PROCFS */
1226 #ifdef HAVE_POLLABLE_PROCFS
1227 if (poll(pollv, nprocs, INFTIM) < 0) {
1232 #else /* !HAVE_POLLABLE_PROCFS */
1233 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1238 #endif /* !HAVE_POLLABLE_PROCFS */
1245 /* Look up `pfd' in our table. */
1246 if ((tcp = pfd2tcb(pfd)) == NULL) {
1247 fprintf(stderr, "unknown pfd: %u\n", pfd);
1250 /* Get the status of the process. */
1252 ioctl_result = ioctl(tcp->pfd, PIOCWSTOP,
1254 ioctl_errno = errno;
1255 #ifndef HAVE_POLLABLE_PROCFS
1256 if (proc_poll_pipe[0] != -1) {
1257 if (ioctl_result < 0)
1258 kill(poller_pid, SIGKILL);
1260 kill(poller_pid, SIGUSR1);
1262 #endif /* !HAVE_POLLABLE_PROCFS */
1268 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1270 if (ioctl_result < 0) {
1271 /* Find out what happened if it failed. */
1272 switch (ioctl_errno) {
1280 perror("PIOCWSTOP");
1285 /* clear the just started flag */
1286 tcp->flags &= ~TCB_STARTUP;
1288 /* set current output file */
1292 struct timeval stime;
1294 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1295 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1296 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1300 what = tcp->status.pr_what;
1301 switch (tcp->status.pr_why) {
1303 if (tcp->status.pr_flags & PR_ASLEEP) {
1304 tcp->status.pr_why = PR_SYSENTRY;
1305 if (trace_syscall(tcp) < 0) {
1306 fprintf(stderr, "syscall trouble\n");
1313 if (trace_syscall(tcp) < 0) {
1314 fprintf(stderr, "syscall trouble\n");
1319 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1321 tprintf("--- %s (%s) ---",
1322 signame(what), strsignal(what));
1327 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1329 tprintf("=== FAULT %d ===", what);
1334 fprintf(stderr, "odd stop %d\n", tcp->status.pr_why);
1338 if (ioctl(tcp->pfd, PIOCRUN, NULL) < 0) {
1359 while (nprocs != 0) {
1361 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1363 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
1366 pid = wait(&status);
1370 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1376 switch (wait_errno) {
1381 * We would like to verify this case
1382 * but sometimes a race in Solbourne's
1383 * version of SunOS sometimes reports
1384 * ECHILD before sending us SIGCHILD.
1389 fprintf(stderr, "strace: proc miscount\n");
1395 perror("strace: wait");
1400 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
1402 /* Look up `pid' in our table. */
1403 if ((tcp = pid2tcb(pid)) == NULL) {
1404 fprintf(stderr, "unknown pid: %u\n", pid);
1405 if (WIFSTOPPED(status))
1406 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
1409 /* set current output file */
1413 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
1414 tcp->stime = ru.ru_stime;
1418 if (tcp->flags & TCB_SUSPENDED) {
1420 * Apparently, doing any ptrace() call on a stopped
1421 * process, provokes the kernel to report the process
1422 * status again on a subsequent wait(), even if the
1423 * process has not been actually restarted.
1424 * Since we have inspected the arguments of suspended
1425 * processes we end up here testing for this case.
1429 if (WIFSIGNALED(status)) {
1431 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
1433 tprintf("+++ killed by %s +++",
1434 signame(WTERMSIG(status)));
1440 if (WIFEXITED(status)) {
1442 fprintf(stderr, "pid %u exited\n", pid);
1443 if (tcp->flags & TCB_ATTACHED)
1445 "PANIC: attached pid %u exited\n",
1450 if (!WIFSTOPPED(status)) {
1451 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
1456 fprintf(stderr, "pid %u stopped, [%s]\n",
1457 pid, signame(WSTOPSIG(status)));
1459 if (tcp->flags & TCB_STARTUP) {
1461 * This flag is there to keep us in sync.
1462 * Next time this process stops it should
1463 * really be entering a system call.
1465 tcp->flags &= ~TCB_STARTUP;
1466 if (tcp->flags & TCB_ATTACHED) {
1468 * Interestingly, the process may stop
1469 * with STOPSIG equal to some other signal
1470 * than SIGSTOP if we happend to attach
1471 * just before the process takes a signal.
1473 if (!WIFSTOPPED(status)) {
1475 "pid %u not stopped\n", pid);
1476 detach(tcp, WSTOPSIG(status));
1482 /* A child of us stopped at exec */
1483 if (WSTOPSIG(status) == SIGTRAP && followvfork)
1487 if (tcp->flags & TCB_BPTSET) {
1488 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
1497 if (WSTOPSIG(status) != SIGTRAP) {
1498 if (WSTOPSIG(status) == SIGSTOP &&
1499 (tcp->flags & TCB_SIGTRAPPED)) {
1501 * Trapped attempt to block SIGTRAP
1502 * Hope we are back in control now.
1504 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
1505 if (ptrace(PTRACE_SYSCALL,
1506 pid, (char *) 1, 0) < 0) {
1507 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1514 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
1516 tprintf("--- %s (%s) ---",
1517 signame(WSTOPSIG(status)),
1518 strsignal(WSTOPSIG(status)));
1521 if ((tcp->flags & TCB_ATTACHED) &&
1522 !sigishandled(tcp, WSTOPSIG(status))) {
1523 detach(tcp, WSTOPSIG(status));
1526 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
1527 WSTOPSIG(status)) < 0) {
1528 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1532 tcp->flags &= ~TCB_SUSPENDED;
1535 if (trace_syscall(tcp) < 0) {
1536 if (tcp->flags & TCB_ATTACHED)
1540 tcp->pid, (char *) 1, SIGTERM);
1545 if (tcp->flags & TCB_EXITING) {
1546 if (tcp->flags & TCB_ATTACHED)
1548 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
1549 perror("strace: ptrace(PTRACE_CONT, ...)");
1555 if (tcp->flags & TCB_SUSPENDED) {
1557 fprintf(stderr, "Process %u suspended\n", pid);
1561 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
1562 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1576 #define VA_START(a, b) va_start(a, b)
1578 #include <varargs.h>
1579 #define VA_START(a, b) va_start(a)
1584 tprintf(const char *fmt, ...)
1586 tprintf(fmt, va_alist)
1593 VA_START(args, fmt);
1595 curcol += vfprintf(outf, fmt, args);
1604 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
1605 tcp_last->flags |= TCB_REPRINT;
1606 tprintf(" <unfinished ...>\n");
1609 if ((followfork == 1 || pflag_seen > 1) && outfname)
1610 tprintf("%-5d ", tcp->pid);
1611 else if (nprocs > 1 && !outfname)
1612 tprintf("[pid %5u] ", tcp->pid);
1614 char str[sizeof("HH:MM:SS")];
1615 struct timeval tv, dtv;
1616 static struct timeval otv;
1618 gettimeofday(&tv, NULL);
1620 if (otv.tv_sec == 0)
1622 tv_sub(&dtv, &tv, &otv);
1623 tprintf("%6ld.%06ld ",
1624 (long) dtv.tv_sec, (long) dtv.tv_usec);
1627 else if (tflag > 2) {
1628 tprintf("%ld.%06ld ",
1629 (long) tv.tv_sec, (long) tv.tv_usec);
1632 time_t local = tv.tv_sec;
1633 strftime(str, sizeof(str), "%T", localtime(&local));
1635 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
1637 tprintf("%s ", str);
1649 tprintf("%*s", col - curcol, "");