2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
49 #if defined(IA64) && defined(LINUX)
50 # include <asm/ptrace_offsets.h>
58 #include <sys/stropts.h>
66 int debug = 0, followfork = 0, followvfork = 0;
67 int dtime = 0, cflag = 0, xflag = 0, qflag = 0;
68 static int iflag = 0, interactive = 0, pflag_seen = 0, rflag = 0, tflag = 0;
70 /* Sometimes we want to print only succeeding syscalls. */
71 int not_failing_only = 0;
73 static char *username = NULL;
77 int acolumn = DEFAULT_ACOLUMN;
78 int max_strlen = DEFAULT_STRLEN;
79 static char *outfname = NULL;
82 unsigned int nprocs, tcbtabsize;
84 extern char **environ;
86 static int trace P((void));
87 static void cleanup P((void));
88 static void interrupt P((int sig));
89 static sigset_t empty_set, blocked_set;
91 #ifdef HAVE_SIG_ATOMIC_T
92 static volatile sig_atomic_t interrupted;
93 #else /* !HAVE_SIG_ATOMIC_T */
95 static volatile int interrupted;
97 static int interrupted;
98 #endif /* !__STDC__ */
99 #endif /* !HAVE_SIG_ATOMIC_T */
103 static struct tcb *pfd2tcb P((int pfd));
104 static void reaper P((int sig));
105 static void rebuild_pollv P((void));
106 static struct pollfd *pollv;
108 #ifndef HAVE_POLLABLE_PROCFS
110 static void proc_poll_open P((void));
111 static void proc_poller P((int pfd));
119 static int poller_pid;
120 static int proc_poll_pipe[2] = { -1, -1 };
122 #endif /* !HAVE_POLLABLE_PROCFS */
124 #ifdef HAVE_MP_PROCFS
125 #define POLLWANT POLLWRNORM
127 #define POLLWANT POLLPRI
129 #endif /* USE_PROCFS */
137 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
138 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
139 [command [arg ...]]\n\
140 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
141 [command [arg ...]]\n\
142 -c -- count time, calls, and errors for each syscall and report summary\n\
143 -f -- follow forks, -ff -- with output into separate files\n\
144 -F -- attempt to follow vforks, -h -- print help message\n\
145 -i -- print instruction pointer at time of syscall\n\
146 -q -- suppress messages about attaching, detaching, etc.\n\
147 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
148 -T -- print time spent in each syscall, -V -- print version\n\
149 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
150 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
151 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
152 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
153 options: trace, abbrev, verbose, raw, signal, read, or write\n\
154 -o file -- send trace output to FILE instead of stderr\n\
155 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
156 -p pid -- trace process with process id PID, may be repeated\n\
157 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
158 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
159 -u username -- run command as username handling setuid and/or setgid\n\
160 -E var=val -- put var=val in the environment for command\n\
161 -E var -- remove var from the environment for command\n\
162 " /* this is broken, so don't document it
163 -z -- print only succeeding syscalls\n\
165 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
189 static char buf[BUFSIZ];
191 /* Allocate the initial tcbtab. */
192 tcbtabsize = argc; /* Surely enough for all -p args. */
193 tcbtab = (struct tcb **) malloc (tcbtabsize * sizeof tcbtab[0]);
194 tcbtab[0] = (struct tcb *) calloc (tcbtabsize, sizeof *tcbtab[0]);
195 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
196 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
201 set_sortby(DEFAULT_SORTBY);
202 set_personality(DEFAULT_PERSONALITY);
203 qualify("trace=all");
204 qualify("abbrev=all");
205 qualify("verbose=all");
206 qualify("signal=all");
207 while ((c = getopt(argc, argv,
208 "+cdfFhiqrtTvVxza:e:o:O:p:s:S:u:E:")) != EOF) {
246 qualify("abbrev=none");
249 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
253 not_failing_only = 1;
256 acolumn = atoi(optarg);
262 outfname = strdup(optarg);
265 set_overhead(atoi(optarg));
268 if ((pid = atoi(optarg)) <= 0) {
269 fprintf(stderr, "%s: Invalid process id: %s\n",
273 if (pid == getpid()) {
274 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
277 if ((tcp = alloctcb(pid)) == NULL) {
278 fprintf(stderr, "%s: out of memory\n",
282 tcp->flags |= TCB_ATTACHED;
286 max_strlen = atoi(optarg);
287 if (max_strlen < 0) {
289 "%s: invalid -s argument: %s\n",
298 username = strdup(optarg);
301 if (putenv(optarg) < 0) {
302 fprintf(stderr, "%s: out of memory\n",
313 if ((optind == argc) == !pflag_seen)
316 if (followfork > 1 && cflag) {
318 "%s: -c and -ff are mutually exclusive options\n",
323 /* See if they want to run as another user. */
324 if (username != NULL) {
327 if (getuid() != 0 || geteuid() != 0) {
329 "%s: you must be root to use the -u option\n",
333 if ((pent = getpwnam(username)) == NULL) {
334 fprintf(stderr, "%s: cannot find user `%s'\n",
338 run_uid = pent->pw_uid;
339 run_gid = pent->pw_gid;
347 setreuid(geteuid(), getuid());
350 /* Check if they want to redirect the output. */
354 /* See if they want to pipe the output. */
355 if (outfname[0] == '|' || outfname[0] == '!') {
357 * We can't do the <outfname>.PID funny business
358 * when using popen, so prohibit it.
360 if (followfork > 1) {
362 %s: piping the output and -ff are mutually exclusive options\n",
367 if ((outf = popen(outfname + 1, "w")) == NULL) {
368 fprintf(stderr, "%s: can't popen '%s': %s\n",
369 progname, outfname + 1,
374 else if ((outf = fopen(outfname, "w")) == NULL) {
375 fprintf(stderr, "%s: can't fopen '%s': %s\n",
376 progname, outfname, strerror(errno));
380 if ((f=fcntl(fileno(outf), F_GETFD)) < 0 ) {
381 perror("failed to get flags for outputfile");
385 if (fcntl(fileno(outf), F_SETFD, f|FD_CLOEXEC) < 0 ) {
386 perror("failed to set flags for outputfile");
392 setreuid(geteuid(), getuid());
395 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
396 setvbuf(outf, buf, _IOLBF, BUFSIZ);
397 if (outfname && optind < argc) {
402 for (c = 0; c < tcbtabsize; c++) {
404 /* Reinitialize the output since it may have changed. */
406 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
409 if (proc_open(tcp, 1) < 0) {
410 fprintf(stderr, "trouble opening proc file\n");
414 #else /* !USE_PROCFS */
416 if (tcp->flags & TCB_CLONE_THREAD)
419 char procdir[MAXPATHLEN];
421 sprintf(procdir, "/proc/%d/task", tcp->pid);
422 dir = opendir(procdir);
424 unsigned int ntid = 0, nerr = 0;
427 while ((de = readdir(dir)) != NULL) {
428 if (de->d_fileno == 0 ||
429 de->d_name[0] == '.')
431 tid = atoi(de->d_name);
435 if (ptrace(PTRACE_ATTACH, tid,
438 else if (tid != tcbtab[c]->pid) {
439 if (nprocs == tcbtabsize &&
446 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_CLONE_DETACHED|TCB_FOLLOWFORK;
447 tcbtab[c]->nchildren++;
448 tcbtab[c]->nclone_threads++;
449 tcbtab[c]->nclone_detached++;
450 tcp->parent = tcbtab[c];
455 perror("attach: ptrace(PTRACE_ATTACH, ...)");
463 Process %u attached with %u threads - interrupt to quit\n",
467 Process %u attached - interrupt to quit\n",
474 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
475 perror("attach: ptrace(PTRACE_ATTACH, ...)");
479 #endif /* !USE_PROCFS */
482 "Process %u attached - interrupt to quit\n",
489 char pathname[MAXPATHLEN];
491 filename = argv[optind];
492 if (strchr(filename, '/')) {
493 if (strlen(filename) > sizeof pathname - 1) {
494 errno = ENAMETOOLONG;
495 perror("strace: exec");
498 strcpy(pathname, filename);
500 #ifdef USE_DEBUGGING_EXEC
502 * Debuggers customarily check the current directory
503 * first regardless of the path but doing that gives
504 * security geeks a panic attack.
506 else if (stat(filename, &statbuf) == 0)
507 strcpy(pathname, filename);
508 #endif /* USE_DEBUGGING_EXEC */
513 for (path = getenv("PATH"); path && *path; path += m) {
514 if (strchr(path, ':')) {
515 n = strchr(path, ':') - path;
519 m = n = strlen(path);
521 if (!getcwd(pathname, MAXPATHLEN))
523 len = strlen(pathname);
525 else if (n > sizeof pathname - 1)
528 strncpy(pathname, path, n);
531 if (len && pathname[len - 1] != '/')
532 pathname[len++] = '/';
533 strcpy(pathname + len, filename);
534 if (stat(pathname, &statbuf) == 0 &&
535 /* Accept only regular files
536 with some execute bits set.
537 XXX not perfect, might still fail */
538 S_ISREG(statbuf.st_mode) &&
539 (statbuf.st_mode & 0111))
543 if (stat(pathname, &statbuf) < 0) {
544 fprintf(stderr, "%s: %s: command not found\n",
548 switch (pid = fork()) {
550 perror("strace: fork");
556 if (outf != stderr) close (fileno (outf));
558 /* Kludge for SGI, see proc_open for details. */
559 sa.sa_handler = foobar;
561 sigemptyset(&sa.sa_mask);
562 sigaction(SIGINT, &sa, NULL);
567 kill(getpid(), SIGSTOP); /* stop HERE */
569 #else /* !USE_PROCFS */
571 close(fileno (outf));
573 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
574 perror("strace: ptrace(PTRACE_TRACEME, ...)");
578 kill(getpid(), SIGSTOP);
580 if (username != NULL || geteuid() == 0) {
581 uid_t run_euid = run_uid;
582 gid_t run_egid = run_gid;
584 if (statbuf.st_mode & S_ISUID)
585 run_euid = statbuf.st_uid;
586 if (statbuf.st_mode & S_ISGID)
587 run_egid = statbuf.st_gid;
590 * It is important to set groups before we
591 * lose privileges on setuid.
593 if (username != NULL) {
594 if (initgroups(username, run_gid) < 0) {
595 perror("initgroups");
598 if (setregid(run_gid, run_egid) < 0) {
602 if (setreuid(run_uid, run_euid) < 0) {
609 setreuid(run_uid, run_uid);
612 * Induce an immediate stop so that the parent
613 * will resume us with PTRACE_SYSCALL and display
614 * this execve call normally.
616 kill(getpid(), SIGSTOP);
617 #endif /* !USE_PROCFS */
619 execv(pathname, &argv[optind]);
620 perror("strace: exec");
625 if ((tcp = alloctcb(pid)) == NULL) {
630 if (proc_open(tcp, 0) < 0) {
631 fprintf(stderr, "trouble opening proc file\n");
635 #endif /* USE_PROCFS */
640 sigemptyset(&empty_set);
641 sigemptyset(&blocked_set);
642 sa.sa_handler = SIG_IGN;
643 sigemptyset(&sa.sa_mask);
645 sigaction(SIGTTOU, &sa, NULL);
646 sigaction(SIGTTIN, &sa, NULL);
648 sigaddset(&blocked_set, SIGHUP);
649 sigaddset(&blocked_set, SIGINT);
650 sigaddset(&blocked_set, SIGQUIT);
651 sigaddset(&blocked_set, SIGPIPE);
652 sigaddset(&blocked_set, SIGTERM);
653 sa.sa_handler = interrupt;
655 /* POSIX signals on sunos4.1 are a little broken. */
656 sa.sa_flags = SA_INTERRUPT;
659 sigaction(SIGHUP, &sa, NULL);
660 sigaction(SIGINT, &sa, NULL);
661 sigaction(SIGQUIT, &sa, NULL);
662 sigaction(SIGPIPE, &sa, NULL);
663 sigaction(SIGTERM, &sa, NULL);
665 sa.sa_handler = reaper;
666 sigaction(SIGCHLD, &sa, NULL);
668 /* Make sure SIGCHLD has the default action so that waitpid
669 definitely works without losing track of children. The user
670 should not have given us a bogus state to inherit, but he might
671 have. Arguably we should detect SIG_IGN here and pass it on
672 to children, but probably noone really needs that. */
673 sa.sa_handler = SIG_DFL;
674 sigaction(SIGCHLD, &sa, NULL);
675 #endif /* USE_PROCFS */
687 char name[MAXPATHLEN];
690 if (outfname && followfork > 1) {
691 sprintf(name, "%s.%u", outfname, tcp->pid);
693 setreuid(geteuid(), getuid());
695 fp = fopen(name, "w");
697 setreuid(geteuid(), getuid());
711 /* Allocate some more TCBs and expand the table.
712 We don't want to relocate the TCBs because our
713 callers have pointers and it would be a pain.
714 So tcbtab is a table of pointers. Since we never
715 free the TCBs, we allocate a single chunk of many. */
716 struct tcb **newtab = (struct tcb **)
717 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
718 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
721 if (newtab == NULL || newtcbs == NULL) {
724 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
728 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
729 newtab[i] = &newtcbs[i - tcbtabsize];
744 for (i = 0; i < tcbtabsize; i++) {
746 if ((tcp->flags & TCB_INUSE) == 0) {
751 #ifdef TCB_CLONE_THREAD
752 tcp->nclone_threads = tcp->nclone_detached = 0;
753 tcp->nclone_waiting = 0;
755 tcp->flags = TCB_INUSE | TCB_STARTUP;
756 tcp->outf = outf; /* Initialise to current out file */
757 tcp->stime.tv_sec = 0;
758 tcp->stime.tv_usec = 0;
764 fprintf(stderr, "%s: alloctcb: tcb table full\n", progname);
770 proc_open(tcp, attaching)
782 #ifndef HAVE_POLLABLE_PROCFS
786 #ifdef HAVE_MP_PROCFS
787 /* Open the process pseudo-files in /proc. */
788 sprintf(proc, "/proc/%d/ctl", tcp->pid);
789 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
790 perror("strace: open(\"/proc/...\", ...)");
793 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
797 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
801 sprintf(proc, "/proc/%d/status", tcp->pid);
802 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
803 perror("strace: open(\"/proc/...\", ...)");
806 if ((arg = fcntl(tcp->pfd_stat, F_GETFD)) < 0) {
810 if (fcntl(tcp->pfd_stat, F_SETFD, arg|FD_CLOEXEC) < 0) {
814 sprintf(proc, "/proc/%d/as", tcp->pid);
815 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
816 perror("strace: open(\"/proc/...\", ...)");
819 if ((arg = fcntl(tcp->pfd_as, F_GETFD)) < 0) {
823 if (fcntl(tcp->pfd_as, F_SETFD, arg|FD_CLOEXEC) < 0) {
828 /* Open the process pseudo-file in /proc. */
830 sprintf(proc, "/proc/%d", tcp->pid);
831 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
833 sprintf(proc, "/proc/%d/mem", tcp->pid);
834 if ((tcp->pfd = open(proc, O_RDWR)) < 0) {
836 perror("strace: open(\"/proc/...\", ...)");
839 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
843 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
849 sprintf(proc, "/proc/%d/regs", tcp->pid);
850 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
851 perror("strace: open(\"/proc/.../regs\", ...)");
855 sprintf(proc, "/proc/%d/status", tcp->pid);
856 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
857 perror("strace: open(\"/proc/.../status\", ...)");
861 tcp->pfd_status = -1;
866 * Wait for the child to pause. Because of a race
867 * condition we have to poll for the event.
870 if (IOCTL_STATUS (tcp) < 0) {
871 perror("strace: PIOCSTATUS");
874 if (tcp->status.PR_FLAGS & PR_ASLEEP)
879 /* Stop the process so that we own the stop. */
880 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
881 perror("strace: PIOCSTOP");
886 /* Set Run-on-Last-Close. */
888 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
889 perror("PIOCSET PR_RLC");
892 /* Set or Reset Inherit-on-Fork. */
894 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
895 perror("PIOC{SET,RESET} PR_FORK");
900 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
904 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
905 perror("PIOC{S,R}FORK");
909 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
910 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
915 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
920 #endif /* !PIOCSET */
922 /* Enable all syscall entries we care about. */
923 premptyset(&syscalls);
924 for (i = 1; i < MAX_QUALS; ++i) {
925 if (i > (sizeof syscalls) * CHAR_BIT) break;
926 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
928 praddset (&syscalls, SYS_execve);
930 praddset (&syscalls, SYS_fork);
932 praddset (&syscalls, SYS_forkall);
935 praddset (&syscalls, SYS_fork1);
938 praddset (&syscalls, SYS_rfork1);
941 praddset (&syscalls, SYS_rforkall);
944 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
945 perror("PIOCSENTRY");
948 /* Enable the syscall exits. */
949 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
953 /* Enable signals we care about. */
954 premptyset(&signals);
955 for (i = 1; i < MAX_QUALS; ++i) {
956 if (i > (sizeof signals) * CHAR_BIT) break;
957 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
959 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
960 perror("PIOCSTRACE");
963 /* Enable faults we care about */
965 for (i = 1; i < MAX_QUALS; ++i) {
966 if (i > (sizeof faults) * CHAR_BIT) break;
967 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
969 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
970 perror("PIOCSFAULT");
974 /* set events flags. */
975 arg = S_SIG | S_SCE | S_SCX ;
976 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
984 * The SGI PRSABORT doesn't work for pause() so
985 * we send it a caught signal to wake it up.
987 kill(tcp->pid, SIGINT);
990 /* The child is in a pause(), abort it. */
992 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
999 /* wake up the child if it received the SIGSTOP */
1000 kill(tcp->pid, SIGCONT);
1003 /* Wait for the child to do something. */
1004 if (IOCTL_WSTOP (tcp) < 0) {
1005 perror("PIOCWSTOP");
1008 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1009 tcp->flags &= ~TCB_INSYSCALL;
1011 if (known_scno(tcp) == SYS_execve)
1014 /* Set it running: maybe execve will be next. */
1017 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1019 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1020 #endif /* FREEBSD */
1025 /* handle the case where we "opened" the child before
1026 it did the kill -STOP */
1027 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1028 tcp->status.PR_WHAT == SIGSTOP)
1029 kill(tcp->pid, SIGCONT);
1036 if (attaching < 2) {
1037 /* We are attaching to an already running process.
1038 * Try to figure out the state of the process in syscalls,
1039 * to handle the first event well.
1040 * This is done by having a look at the "wchan" property of the
1041 * process, which tells where it is stopped (if it is). */
1043 char wchan[20]; /* should be enough */
1045 sprintf(proc, "/proc/%d/status", tcp->pid);
1046 status = fopen(proc, "r");
1048 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1049 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1050 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1051 strcmp(wchan, "stopevent")) {
1052 /* The process is asleep in the middle of a syscall.
1053 Fake the syscall entry event */
1054 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1055 tcp->status.PR_WHY = PR_SYSENTRY;
1060 } /* otherwise it's a fork being followed */
1062 #endif /* FREEBSD */
1063 #ifndef HAVE_POLLABLE_PROCFS
1064 if (proc_poll_pipe[0] != -1)
1065 proc_poller(tcp->pfd);
1066 else if (nprocs > 1) {
1068 proc_poller(last_pfd);
1069 proc_poller(tcp->pfd);
1071 last_pfd = tcp->pfd;
1072 #endif /* !HAVE_POLLABLE_PROCFS */
1076 #endif /* USE_PROCFS */
1085 for (i = 0; i < tcbtabsize; i++) {
1087 if (pid && tcp->pid != pid)
1089 if (tcp->flags & TCB_INUSE)
1103 for (i = 0; i < tcbtabsize; i++) {
1104 struct tcb *tcp = tcbtab[i];
1105 if (tcp->pfd != pfd)
1107 if (tcp->flags & TCB_INUSE)
1113 #endif /* USE_PROCFS */
1121 #ifdef TCB_CLONE_THREAD
1122 if (tcp->nclone_threads > 0) {
1123 /* There are other threads left in this process, but this
1124 is the one whose PID represents the whole process.
1125 We need to keep this record around as a zombie until
1126 all the threads die. */
1127 tcp->flags |= TCB_EXITING;
1134 if (tcp->parent != NULL) {
1135 tcp->parent->nchildren--;
1136 #ifdef TCB_CLONE_THREAD
1137 if (tcp->flags & TCB_CLONE_DETACHED)
1138 tcp->parent->nclone_detached--;
1139 if (tcp->flags & TCB_CLONE_THREAD)
1140 tcp->parent->nclone_threads--;
1142 #ifdef TCB_CLONE_DETACHED
1143 if (!(tcp->flags & TCB_CLONE_DETACHED))
1145 tcp->parent->nzombies++;
1150 if (tcp->pfd != -1) {
1154 if (tcp->pfd_reg != -1) {
1155 close(tcp->pfd_reg);
1158 if (tcp->pfd_status != -1) {
1159 close(tcp->pfd_status);
1160 tcp->pfd_status = -1;
1162 #endif /* !FREEBSD */
1164 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1168 if (outfname && followfork > 1 && tcp->outf)
1183 if (!(tcp->flags & TCB_SUSPENDED)) {
1184 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1187 tcp->flags &= ~TCB_SUSPENDED;
1188 #ifdef TCB_CLONE_THREAD
1189 if (tcp->flags & TCB_CLONE_THREAD)
1190 tcp->parent->nclone_waiting--;
1193 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
1194 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
1199 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1203 #endif /* !USE_PROCFS */
1205 /* detach traced process; continue with sig */
1214 int status, resumed;
1215 struct tcb *zombie = NULL;
1217 /* If the group leader is lingering only because of this other
1218 thread now dying, then detach the leader as well. */
1219 if ((tcp->flags & TCB_CLONE_THREAD) &&
1220 tcp->parent->nclone_threads == 1 &&
1221 (tcp->parent->flags & TCB_EXITING))
1222 zombie = tcp->parent;
1225 if (tcp->flags & TCB_BPTSET)
1230 * Linux wrongly insists the child be stopped
1231 * before detaching. Arghh. We go through hoops
1232 * to make a clean break of things.
1235 #undef PTRACE_DETACH
1236 #define PTRACE_DETACH PTRACE_SUNDETACH
1238 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1239 /* On a clear day, you can see forever. */
1241 else if (errno != ESRCH) {
1242 /* Shouldn't happen. */
1243 perror("detach: ptrace(PTRACE_DETACH, ...)");
1245 else if (kill(tcp->pid, 0) < 0) {
1247 perror("detach: checking sanity");
1249 else if (kill(tcp->pid, SIGSTOP) < 0) {
1251 perror("detach: stopping child");
1256 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1257 if (errno == ECHILD) /* Already gone. */
1259 if (errno != EINVAL) {
1260 perror("detach: waiting");
1264 /* No __WALL here. */
1265 if (waitpid(tcp->pid, &status, 0) < 0) {
1266 if (errno != ECHILD) {
1267 perror("detach: waiting");
1271 /* If no processes, try clones. */
1272 if (wait4(tcp->pid, &status, __WCLONE,
1274 if (errno != ECHILD)
1275 perror("detach: waiting");
1278 #endif /* __WCLONE */
1283 if (!WIFSTOPPED(status)) {
1284 /* Au revoir, mon ami. */
1287 if (WSTOPSIG(status) == SIGSTOP) {
1288 if ((error = ptrace(PTRACE_DETACH,
1289 tcp->pid, (char *) 1, sig)) < 0) {
1291 perror("detach: ptrace(PTRACE_DETACH, ...)");
1292 /* I died trying. */
1296 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
1297 WSTOPSIG(status) == SIGTRAP ?
1298 0 : WSTOPSIG(status))) < 0) {
1300 perror("detach: ptrace(PTRACE_CONT, ...)");
1308 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1309 if (sig && kill(tcp->pid, sig) < 0)
1310 perror("detach: kill");
1312 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
1313 perror("detach: ptrace(PTRACE_DETACH, ...)");
1319 /* XXX This won't always be quite right (but it never was).
1320 A waiter with argument 0 or < -1 is waiting for any pid in
1321 a particular pgrp, which this child might or might not be
1322 in. The waiter will only wake up if it's argument is -1
1323 or if it's waiting for tcp->pid's pgrp. It makes a
1324 difference to wake up a waiter when there might be more
1325 traced children, because it could get a false ECHILD
1326 error. OTOH, if this was the last child in the pgrp, then
1327 it ought to wake up and get ECHILD. We would have to
1328 search the system for all pid's in the pgrp to be sure.
1330 && (t->waitpid == -1 ||
1331 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1332 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1336 (tcp->parent->flags & TCB_SUSPENDED) &&
1337 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1338 error = resume(tcp->parent);
1341 #ifdef TCB_CLONE_THREAD
1342 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1343 /* Some other threads of our parent are waiting too. */
1346 /* Resume all the threads that were waiting for this PID. */
1347 for (i = 0; i < tcbtabsize; i++) {
1348 struct tcb *t = tcbtab[i];
1349 if (t->parent == tcp->parent && t != tcp
1350 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1351 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1352 && t->waitpid == tcp->pid) {
1353 error |= resume (t);
1358 /* Noone was waiting for this PID in particular,
1359 so now we might need to resume some wildcarders. */
1360 for (i = 0; i < tcbtabsize; i++) {
1361 struct tcb *t = tcbtab[i];
1362 if (t->parent == tcp->parent && t != tcp
1364 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1365 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1368 error |= resume (t);
1375 #endif /* !USE_PROCFS */
1378 fprintf(stderr, "Process %u detached\n", tcp->pid);
1384 error = detach(zombie) || error;
1399 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1410 #endif /* USE_PROCFS */
1418 for (i = 0; i < tcbtabsize; i++) {
1420 if (!(tcp->flags & TCB_INUSE))
1424 "cleanup: looking at pid %u\n", tcp->pid);
1426 (!outfname || followfork < 2 || tcp_last == tcp)) {
1427 tprintf(" <unfinished ...>\n");
1430 if (tcp->flags & TCB_ATTACHED)
1433 kill(tcp->pid, SIGCONT);
1434 kill(tcp->pid, SIGTERM);
1448 #ifndef HAVE_STRERROR
1450 #if !HAVE_DECL_SYS_ERRLIST
1451 extern int sys_nerr;
1452 extern char *sys_errlist[];
1453 #endif /* HAVE_DECL_SYS_ERRLIST */
1459 static char buf[64];
1461 if (errno < 1 || errno >= sys_nerr) {
1462 sprintf(buf, "Unknown error %d", errno);
1465 return sys_errlist[errno];
1468 #endif /* HAVE_STERRROR */
1470 #ifndef HAVE_STRSIGNAL
1472 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1473 extern char *sys_siglist[];
1475 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1476 extern char *_sys_siglist[];
1483 static char buf[64];
1485 if (sig < 1 || sig >= NSIG) {
1486 sprintf(buf, "Unknown signal %d", sig);
1489 #ifdef HAVE__SYS_SIGLIST
1490 return _sys_siglist[sig];
1492 return sys_siglist[sig];
1496 #endif /* HAVE_STRSIGNAL */
1507 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1508 if (pollv == NULL) {
1509 fprintf(stderr, "%s: out of memory\n", progname);
1513 for (i = j = 0; i < tcbtabsize; i++) {
1514 struct tcb *tcp = tcbtab[i];
1515 if (!(tcp->flags & TCB_INUSE))
1517 pollv[j].fd = tcp->pfd;
1518 pollv[j].events = POLLWANT;
1522 fprintf(stderr, "strace: proc miscount\n");
1527 #ifndef HAVE_POLLABLE_PROCFS
1535 if (pipe(proc_poll_pipe) < 0) {
1539 for (i = 0; i < 2; i++) {
1540 if ((arg = fcntl(proc_poll_pipe[i], F_GETFD)) < 0) {
1544 if (fcntl(proc_poll_pipe[i], F_SETFD, arg|FD_CLOEXEC) < 0) {
1552 proc_poll(pollv, nfds, timeout)
1553 struct pollfd *pollv;
1559 struct proc_pollfd pollinfo;
1561 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1563 if (n != sizeof(struct proc_pollfd)) {
1564 fprintf(stderr, "panic: short read: %d\n", n);
1567 for (i = 0; i < nprocs; i++) {
1568 if (pollv[i].fd == pollinfo.fd)
1569 pollv[i].revents = pollinfo.revents;
1571 pollv[i].revents = 0;
1573 poller_pid = pollinfo.pid;
1587 struct proc_pollfd pollinfo;
1588 struct sigaction sa;
1589 sigset_t blocked_set, empty_set;
1594 struct procfs_status pfs;
1595 #endif /* FREEBSD */
1607 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1609 sigemptyset(&sa.sa_mask);
1610 sigaction(SIGHUP, &sa, NULL);
1611 sigaction(SIGINT, &sa, NULL);
1612 sigaction(SIGQUIT, &sa, NULL);
1613 sigaction(SIGPIPE, &sa, NULL);
1614 sigaction(SIGTERM, &sa, NULL);
1615 sa.sa_handler = wakeup_handler;
1616 sigaction(SIGUSR1, &sa, NULL);
1617 sigemptyset(&blocked_set);
1618 sigaddset(&blocked_set, SIGUSR1);
1619 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1620 sigemptyset(&empty_set);
1622 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1623 perror("getrlimit(RLIMIT_NOFILE, ...)");
1627 for (i = 0; i < n; i++) {
1628 if (i != pfd && i != proc_poll_pipe[1])
1633 pollinfo.pid = getpid();
1636 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1638 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1639 #endif /* FREEBSD */
1645 pollinfo.revents = POLLERR;
1648 pollinfo.revents = POLLHUP;
1651 perror("proc_poller: PIOCWSTOP");
1653 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1656 pollinfo.revents = POLLWANT;
1657 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1658 sigsuspend(&empty_set);
1662 #endif /* !HAVE_POLLABLE_PROCFS */
1672 if (followfork < 2 &&
1673 last < nprocs && (pollv[last].revents & POLLWANT)) {
1675 * The previous process is ready to run again. We'll
1676 * let it do so if it is currently in a syscall. This
1677 * heuristic improves the readability of the trace.
1679 tcp = pfd2tcb(pollv[last].fd);
1680 if (tcp && (tcp->flags & TCB_INSYSCALL))
1681 return pollv[last].fd;
1684 for (i = 0; i < nprocs; i++) {
1685 /* Let competing children run round robin. */
1686 j = (i + last + 1) % nprocs;
1687 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1688 tcp = pfd2tcb(pollv[j].fd);
1690 fprintf(stderr, "strace: lost proc\n");
1696 if (pollv[j].revents & POLLWANT) {
1701 fprintf(stderr, "strace: nothing ready\n");
1709 struct tcb *in_syscall = NULL;
1714 int ioctl_result = 0, ioctl_errno = 0;
1719 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1726 #ifndef HAVE_POLLABLE_PROCFS
1727 if (proc_poll_pipe[0] == -1) {
1736 #ifndef HAVE_POLLABLE_PROCFS
1738 /* fall through ... */
1739 #endif /* !HAVE_POLLABLE_PROCFS */
1741 #ifdef HAVE_POLLABLE_PROCFS
1743 /* On some systems (e.g. UnixWare) we get too much ugly
1744 "unfinished..." stuff when multiple proceses are in
1745 syscalls. Here's a nasty hack */
1752 pv.events = POLLWANT;
1753 if ((what = poll (&pv, 1, 1)) < 0) {
1758 else if (what == 1 && pv.revents & POLLWANT) {
1764 if (poll(pollv, nprocs, INFTIM) < 0) {
1769 #else /* !HAVE_POLLABLE_PROCFS */
1770 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1775 #endif /* !HAVE_POLLABLE_PROCFS */
1782 /* Look up `pfd' in our table. */
1783 if ((tcp = pfd2tcb(pfd)) == NULL) {
1784 fprintf(stderr, "unknown pfd: %u\n", pfd);
1790 /* Get the status of the process. */
1793 ioctl_result = IOCTL_WSTOP (tcp);
1795 /* Thanks to some scheduling mystery, the first poller
1796 sometimes waits for the already processed end of fork
1797 event. Doing a non blocking poll here solves the problem. */
1798 if (proc_poll_pipe[0] != -1)
1799 ioctl_result = IOCTL_STATUS (tcp);
1801 ioctl_result = IOCTL_WSTOP (tcp);
1802 #endif /* FREEBSD */
1803 ioctl_errno = errno;
1804 #ifndef HAVE_POLLABLE_PROCFS
1805 if (proc_poll_pipe[0] != -1) {
1806 if (ioctl_result < 0)
1807 kill(poller_pid, SIGKILL);
1809 kill(poller_pid, SIGUSR1);
1811 #endif /* !HAVE_POLLABLE_PROCFS */
1817 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1819 if (ioctl_result < 0) {
1820 /* Find out what happened if it failed. */
1821 switch (ioctl_errno) {
1832 perror("PIOCWSTOP");
1838 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
1839 /* discard first event for a syscall we never entered */
1840 IOCTL (tcp->pfd, PIOCRUN, 0);
1845 /* clear the just started flag */
1846 tcp->flags &= ~TCB_STARTUP;
1848 /* set current output file */
1852 struct timeval stime;
1857 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
1860 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
1861 &stime.tv_sec, &stime.tv_usec);
1863 stime.tv_sec = stime.tv_usec = 0;
1864 #else /* !FREEBSD */
1865 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1866 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1867 #endif /* !FREEBSD */
1868 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1871 what = tcp->status.PR_WHAT;
1872 switch (tcp->status.PR_WHY) {
1875 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
1876 tcp->status.PR_WHY = PR_SYSENTRY;
1877 if (trace_syscall(tcp) < 0) {
1878 fprintf(stderr, "syscall trouble\n");
1883 #endif /* !FREEBSD */
1889 if (trace_syscall(tcp) < 0) {
1890 fprintf(stderr, "syscall trouble\n");
1895 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1897 tprintf("--- %s (%s) ---",
1898 signame(what), strsignal(what));
1901 if (tcp->status.PR_INFO.si_signo == what) {
1903 tprintf(" siginfo=");
1904 printsiginfo(&tcp->status.PR_INFO, 1);
1911 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1913 tprintf("=== FAULT %d ===", what);
1918 case 0: /* handle case we polled for nothing */
1922 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
1928 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1930 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0) {
1939 #else /* !USE_PROCFS */
1941 #ifdef TCB_GROUP_EXITING
1942 /* Handle an exit detach or death signal that is taking all the
1943 related clone threads with it. This is called in three circumstances:
1944 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
1945 SIG == 0 Continuing TCP will perform an exit_group syscall.
1946 SIG == other Continuing TCP with SIG will kill the process.
1949 handle_group_exit(struct tcb *tcp, int sig)
1951 /* We need to locate our records of all the clone threads
1952 related to TCP, either its children or siblings. */
1953 struct tcb *leader = ((tcp->flags & TCB_CLONE_THREAD)
1955 : tcp->nclone_detached > 0
1959 if (leader != NULL && leader != tcp &&
1960 !(leader->flags & TCB_GROUP_EXITING))
1962 "PANIC: handle_group_exit: %d leader %d\n",
1963 tcp->pid, leader ? leader->pid : -1);
1964 detach(tcp); /* Already died. */
1967 /* Mark that we are taking the process down. */
1968 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
1969 if (tcp->flags & TCB_ATTACHED) {
1970 if (leader != NULL && leader != tcp) {
1971 if (leader->flags & TCB_ATTACHED) {
1972 /* We need to detach the leader so
1973 that the process death will be
1974 reported to its real parent.
1975 But we kill it first to prevent
1976 it doing anything before we kill
1977 the whole process in a moment.
1978 We can use PTRACE_KILL on a
1979 thread that's not already
1980 stopped. Then the value we pass
1981 in PTRACE_DETACH just sets the
1982 death signal reported to the
1984 ptrace(PTRACE_KILL, leader->pid, 0, 0);
1987 " [%d exit %d kills %d]\n",
1988 tcp->pid, sig, leader->pid);
1989 detach(leader, sig);
1992 leader->flags |= TCB_GROUP_EXITING;
1996 else if (ptrace(PTRACE_CONT, tcp->pid, (char *) 1, sig) < 0) {
1997 perror("strace: ptrace(PTRACE_CONT, ...)");
2003 leader->flags |= TCB_GROUP_EXITING;
2004 if (leader != NULL && leader != tcp)
2006 /* The leader will report to us as parent now,
2007 and then we'll get to the SIG==-1 case. */
2026 static int wait4_options = __WALL;
2030 while (nprocs != 0) {
2032 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2035 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2036 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2037 /* this kernel does not support __WALL */
2038 wait4_options &= ~__WALL;
2040 pid = wait4(-1, &status, wait4_options,
2041 cflag ? &ru : NULL);
2043 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2044 /* most likely a "cloned" process */
2045 pid = wait4(-1, &status, __WCLONE,
2046 cflag ? &ru : NULL);
2048 fprintf(stderr, "strace: clone wait4 "
2049 "failed: %s\n", strerror(errno));
2053 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2057 pid = wait(&status);
2061 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2067 switch (wait_errno) {
2072 * We would like to verify this case
2073 * but sometimes a race in Solbourne's
2074 * version of SunOS sometimes reports
2075 * ECHILD before sending us SIGCHILD.
2080 fprintf(stderr, "strace: proc miscount\n");
2086 perror("strace: wait");
2091 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2093 /* Look up `pid' in our table. */
2094 if ((tcp = pid2tcb(pid)) == NULL) {
2096 if (followfork || followvfork) {
2097 /* This is needed to go with the CLONE_PTRACE
2098 changes in process.c/util.c: we might see
2099 the child's initial trap before we see the
2100 parent return from the clone syscall.
2101 Leave the child suspended until the parent
2102 returns from its system call. Only then
2103 will we have the association of parent and
2104 child so that we know how to do clearbpt
2106 if (nprocs == tcbtabsize &&
2110 tcp = alloctcb(pid);
2112 kill(pid, SIGKILL); /* XXX */
2115 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2119 Process %d attached (waiting for parent)\n",
2123 /* This can happen if a clone call used
2124 CLONE_PTRACE itself. */
2127 fprintf(stderr, "unknown pid: %u\n", pid);
2128 if (WIFSTOPPED(status))
2129 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2133 /* set current output file */
2137 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2138 tcp->stime = ru.ru_stime;
2142 if (tcp->flags & TCB_SUSPENDED) {
2144 * Apparently, doing any ptrace() call on a stopped
2145 * process, provokes the kernel to report the process
2146 * status again on a subsequent wait(), even if the
2147 * process has not been actually restarted.
2148 * Since we have inspected the arguments of suspended
2149 * processes we end up here testing for this case.
2153 if (WIFSIGNALED(status)) {
2155 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2157 tprintf("+++ killed by %s %s+++",
2158 signame(WTERMSIG(status)),
2160 WCOREDUMP(status) ? "(core dumped) " :
2165 #ifdef TCB_GROUP_EXITING
2166 handle_group_exit(tcp, -1);
2172 if (WIFEXITED(status)) {
2174 fprintf(stderr, "pid %u exited\n", pid);
2175 if ((tcp->flags & TCB_ATTACHED)
2176 #ifdef TCB_GROUP_EXITING
2177 && !(tcp->parent && (tcp->parent->flags &
2182 "PANIC: attached pid %u exited\n",
2184 if (tcp == tcp_last) {
2185 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT))
2187 tprintf(" <unfinished ... exit status %d>\n",
2188 WEXITSTATUS(status));
2191 #ifdef TCB_GROUP_EXITING
2192 handle_group_exit(tcp, -1);
2198 if (!WIFSTOPPED(status)) {
2199 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2204 fprintf(stderr, "pid %u stopped, [%s]\n",
2205 pid, signame(WSTOPSIG(status)));
2207 if (tcp->flags & TCB_STARTUP) {
2209 * This flag is there to keep us in sync.
2210 * Next time this process stops it should
2211 * really be entering a system call.
2213 tcp->flags &= ~TCB_STARTUP;
2214 if (tcp->flags & TCB_ATTACHED) {
2216 * Interestingly, the process may stop
2217 * with STOPSIG equal to some other signal
2218 * than SIGSTOP if we happend to attach
2219 * just before the process takes a signal.
2221 if (!WIFSTOPPED(status)) {
2223 "pid %u not stopped\n", pid);
2224 detach(tcp, WSTOPSIG(status));
2230 /* A child of us stopped at exec */
2231 if (WSTOPSIG(status) == SIGTRAP && followvfork)
2235 if (tcp->flags & TCB_BPTSET) {
2236 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2245 if (WSTOPSIG(status) != SIGTRAP) {
2246 if (WSTOPSIG(status) == SIGSTOP &&
2247 (tcp->flags & TCB_SIGTRAPPED)) {
2249 * Trapped attempt to block SIGTRAP
2250 * Hope we are back in control now.
2252 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2253 if (ptrace(PTRACE_SYSCALL,
2254 pid, (char *) 1, 0) < 0) {
2255 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2262 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2263 unsigned long addr = 0, pc = 0;
2264 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP) && defined(PT_GETSIGINFO)
2269 upeek(pid, PT_CR_IPSR, &psr);
2270 upeek(pid, PT_CR_IIP, &pc);
2272 pc += (psr >> PSR_RI) & 0x3;
2273 ptrace(PT_GETSIGINFO, pid, 0, (long) &si);
2274 addr = (unsigned long) si.si_addr;
2275 #elif defined PTRACE_GETSIGINFO
2276 if (WSTOPSIG(status) == SIGSEGV ||
2277 WSTOPSIG(status) == SIGBUS) {
2279 if (ptrace(PTRACE_GETSIGINFO, pid,
2281 addr = (unsigned long)
2286 tprintf("--- %s (%s) @ %lx (%lx) ---",
2287 signame(WSTOPSIG(status)),
2288 strsignal(WSTOPSIG(status)), pc, addr);
2291 if (((tcp->flags & TCB_ATTACHED) ||
2292 tcp->nclone_threads > 0) &&
2293 !sigishandled(tcp, WSTOPSIG(status))) {
2294 #ifdef TCB_GROUP_EXITING
2295 handle_group_exit(tcp, WSTOPSIG(status));
2297 detach(tcp, WSTOPSIG(status));
2301 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
2302 WSTOPSIG(status)) < 0) {
2303 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2307 tcp->flags &= ~TCB_SUSPENDED;
2310 if (trace_syscall(tcp) < 0) {
2311 if (tcp->flags & TCB_ATTACHED)
2315 tcp->pid, (char *) 1, SIGTERM);
2320 if (tcp->flags & TCB_EXITING) {
2321 #ifdef TCB_GROUP_EXITING
2322 if (tcp->flags & TCB_GROUP_EXITING) {
2323 if (handle_group_exit(tcp, 0) < 0)
2328 if (tcp->flags & TCB_ATTACHED)
2330 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
2331 perror("strace: ptrace(PTRACE_CONT, ...)");
2337 if (tcp->flags & TCB_SUSPENDED) {
2339 fprintf(stderr, "Process %u suspended\n", pid);
2343 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
2344 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2352 #endif /* !USE_PROCFS */
2358 #define VA_START(a, b) va_start(a, b)
2360 #include <varargs.h>
2361 #define VA_START(a, b) va_start(a)
2366 tprintf(const char *fmt, ...)
2368 tprintf(fmt, va_alist)
2375 VA_START(args, fmt);
2377 int n = vfprintf(outf, fmt, args);
2378 if (n < 0 && outf != stderr)
2379 perror(outfname == NULL
2380 ? "<writing to pipe>" : outfname);
2392 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
2393 tcp_last->flags |= TCB_REPRINT;
2394 tprintf(" <unfinished ...>\n");
2397 if ((followfork == 1 || pflag_seen > 1) && outfname)
2398 tprintf("%-5d ", tcp->pid);
2399 else if (nprocs > 1 && !outfname)
2400 tprintf("[pid %5u] ", tcp->pid);
2402 char str[sizeof("HH:MM:SS")];
2403 struct timeval tv, dtv;
2404 static struct timeval otv;
2406 gettimeofday(&tv, NULL);
2408 if (otv.tv_sec == 0)
2410 tv_sub(&dtv, &tv, &otv);
2411 tprintf("%6ld.%06ld ",
2412 (long) dtv.tv_sec, (long) dtv.tv_usec);
2415 else if (tflag > 2) {
2416 tprintf("%ld.%06ld ",
2417 (long) tv.tv_sec, (long) tv.tv_usec);
2420 time_t local = tv.tv_sec;
2421 strftime(str, sizeof(str), "%T", localtime(&local));
2423 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2425 tprintf("%s ", str);
2437 tprintf("%*s", col - curcol, "");
2448 #ifdef HAVE_MP_PROCFS
2450 int mp_ioctl (int fd, int cmd, void *arg, int size) {
2452 struct iovec iov[2];
2455 iov[0].iov_base = &cmd;
2456 iov[0].iov_len = sizeof cmd;
2459 iov[1].iov_base = arg;
2460 iov[1].iov_len = size;
2463 return writev (fd, iov, n);
projects / strace / blob