2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
52 #include <sys/stropts.h>
58 int debug = 0, followfork = 0, followvfork = 0, interactive = 0;
59 int rflag = 0, tflag = 0, dtime = 0, cflag = 0;
60 int iflag = 0, xflag = 0, qflag = 0;
63 char *username = NULL;
67 int acolumn = DEFAULT_ACOLUMN;
68 int max_strlen = DEFAULT_STRLEN;
69 char *outfname = NULL;
71 struct tcb tcbtab[MAX_PROCS];
74 extern char version[];
75 extern char **environ;
77 static struct tcb *pid2tcb P((int pid));
78 static int trace P((void));
79 static void cleanup P((void));
80 static void interrupt P((int sig));
81 static sigset_t empty_set, blocked_set;
83 #ifdef HAVE_SIG_ATOMIC_T
84 static volatile sig_atomic_t interrupted;
85 #else /* !HAVE_SIG_ATOMIC_T */
87 static volatile int interrupted;
89 static int interrupted;
90 #endif /* !__STDC__ */
91 #endif /* !HAVE_SIG_ATOMIC_T */
95 static struct tcb *pfd2tcb P((int pfd));
96 static void reaper P((int sig));
97 static void rebuild_pollv P((void));
98 struct pollfd pollv[MAX_PROCS];
100 #ifndef HAVE_POLLABLE_PROCFS
102 static void proc_poll_open P((void));
103 static void proc_poller P((int pfd));
111 static int poller_pid;
112 static int proc_poll_pipe[2] = { -1, -1 };
114 #endif /* !HAVE_POLLABLE_PROCFS */
116 #ifdef HAVE_MP_PROCFS
117 #define POLLWANT POLLWRNORM
119 #define POLLWANT POLLPRI
121 #endif /* USE_PROCFS */
129 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
130 [-p pid] ... [-s strsize] [-u username] [command [arg ...]]\n\
131 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [command [arg ...]]\n\
132 -c -- count time, calls, and errors for each syscall and report summary\n\
133 -f -- follow forks, -ff -- with output into separate files\n\
134 -F -- attempt to follow vforks, -h -- print help message\n\
135 -i -- print instruction pointer at time of syscall\n\
136 -q -- suppress messages about attaching, detaching, etc.\n\
137 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
138 -T -- print time spent in each syscall, -V -- print version\n\
139 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
140 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
141 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
142 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
143 options: trace, abbrev, verbose, raw, signal, read, or write\n\
144 -o file -- send trace output to FILE instead of stderr\n\
145 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
146 -p pid -- trace process with process id PID, may be repeated\n\
147 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
148 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
149 -u username -- run command as username handling setuid and/or setgid\n\
150 ", DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
174 static char buf[BUFSIZ];
179 qualify("trace=all");
180 qualify("abbrev=all");
181 qualify("verbose=all");
182 qualify("signal=all");
183 set_sortby(DEFAULT_SORTBY);
184 set_personality(DEFAULT_PERSONALITY);
185 while ((c = getopt(argc, argv,
186 "+cdfFhiqrtTvVxa:e:o:O:p:s:S:u:")) != EOF) {
224 qualify("abbrev=none");
227 printf("%s\n", version);
231 acolumn = atoi(optarg);
237 outfname = strdup(optarg);
240 set_overhead(atoi(optarg));
243 if ((pid = atoi(optarg)) == 0) {
244 fprintf(stderr, "%s: Invalid process id: %s\n",
248 if (pid == getpid()) {
249 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
252 if ((tcp = alloctcb(pid)) == NULL) {
253 fprintf(stderr, "%s: tcb table full, please recompile strace\n",
257 tcp->flags |= TCB_ATTACHED;
261 max_strlen = atoi(optarg);
267 username = strdup(optarg);
275 /* See if they want to run as another user. */
276 if (username != NULL) {
279 if (getuid() != 0 || geteuid() != 0) {
281 "%s: you must be root to use the -u option\n",
285 if ((pent = getpwnam(username)) == NULL) {
286 fprintf(stderr, "%s: cannot find user `%s'\n",
290 run_uid = pent->pw_uid;
291 run_gid = pent->pw_gid;
299 setreuid(geteuid(), getuid());
302 /* See if they want to pipe the output. */
303 if (outfname && (outfname[0] == '|' || outfname[0] == '!')) {
304 if ((outf = popen(outfname + 1, "w")) == NULL) {
305 fprintf(stderr, "%s: can't popen '%s': %s\n",
306 progname, outfname + 1, strerror(errno));
313 /* Check if they want to redirect the output. */
315 if ((outf = fopen(outfname, "w")) == NULL) {
316 fprintf(stderr, "%s: can't fopen '%s': %s\n",
317 progname, outfname, strerror(errno));
323 setreuid(geteuid(), getuid());
328 setvbuf(outf, buf, _IOLBF, BUFSIZ);
330 else if (optind < argc)
335 for (c = 0, tcp = tcbtab; c < MAX_PROCS; c++, tcp++) {
336 /* Reinitialize the output since it may have changed. */
338 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
341 if (proc_open(tcp, 1) < 0) {
342 fprintf(stderr, "trouble opening proc file\n");
346 #else /* !USE_PROCFS */
347 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
348 perror("attach: ptrace(PTRACE_ATTACH, ...)");
352 #endif /* !USE_PROCFS */
355 "Process %u attached - interrupt to quit\n",
362 char pathname[MAXPATHLEN];
364 filename = argv[optind];
365 if (strchr(filename, '/'))
366 strcpy(pathname, filename);
367 #ifdef USE_DEBUGGING_EXEC
369 * Debuggers customarily check the current directory
370 * first regardless of the path but doing that gives
371 * security geeks a panic attack.
373 else if (stat(filename, &statbuf) == 0)
374 strcpy(pathname, filename);
375 #endif /* USE_DEBUGGING_EXEC */
380 for (path = getenv("PATH"); path && *path; path += m) {
381 if (strchr(path, ':')) {
382 n = strchr(path, ':') - path;
386 m = n = strlen(path);
388 getcwd(pathname, MAXPATHLEN);
389 len = strlen(pathname);
392 strncpy(pathname, path, n);
395 if (len && pathname[len - 1] != '/')
396 pathname[len++] = '/';
397 strcpy(pathname + len, filename);
398 if (stat(pathname, &statbuf) == 0)
402 if (stat(pathname, &statbuf) < 0) {
403 fprintf(stderr, "%s: %s: command not found\n",
407 switch (pid = fork()) {
409 perror("strace: fork");
415 if (outf != stderr) close (fileno (outf));
417 /* Kludge for SGI, see proc_open for details. */
418 sa.sa_handler = foobar;
420 sigemptyset(&sa.sa_mask);
421 sigaction(SIGINT, &sa, NULL);
426 kill(getpid(), SIGSTOP); /* stop HERE */
428 #else /* !USE_PROCFS */
430 close(fileno (outf));
432 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
433 perror("strace: ptrace(PTRACE_TRACEME, ...)");
437 kill(getpid(), SIGSTOP);
439 if (username != NULL || geteuid() == 0) {
440 uid_t run_euid = run_uid;
441 gid_t run_egid = run_gid;
443 if (statbuf.st_mode & S_ISUID)
444 run_euid = statbuf.st_uid;
445 if (statbuf.st_mode & S_ISGID)
446 run_egid = statbuf.st_gid;
449 * It is important to set groups before we
450 * lose privileges on setuid.
452 if (username != NULL) {
453 if (initgroups(username, run_gid) < 0) {
454 perror("initgroups");
457 if (setregid(run_gid, run_egid) < 0) {
461 if (setreuid(run_uid, run_euid) < 0) {
468 setreuid(run_uid, run_uid);
469 #endif /* !USE_PROCFS */
471 execv(pathname, &argv[optind]);
472 perror("strace: exec");
477 if ((tcp = alloctcb(pid)) == NULL) {
478 fprintf(stderr, "tcb table full\n");
483 if (proc_open(tcp, 0) < 0) {
484 fprintf(stderr, "trouble opening proc file\n");
488 #endif /* USE_PROCFS */
490 fake_execve(tcp, pathname, &argv[optind], environ);
491 #endif /* !USE_PROCFS */
495 else if (pflag_seen == 0)
498 sigemptyset(&empty_set);
499 sigemptyset(&blocked_set);
500 sa.sa_handler = SIG_IGN;
501 sigemptyset(&sa.sa_mask);
503 sigaction(SIGTTOU, &sa, NULL);
504 sigaction(SIGTTIN, &sa, NULL);
506 sigaddset(&blocked_set, SIGHUP);
507 sigaddset(&blocked_set, SIGINT);
508 sigaddset(&blocked_set, SIGQUIT);
509 sigaddset(&blocked_set, SIGPIPE);
510 sigaddset(&blocked_set, SIGTERM);
511 sa.sa_handler = interrupt;
513 /* POSIX signals on sunos4.1 are a little broken. */
514 sa.sa_flags = SA_INTERRUPT;
517 sigaction(SIGHUP, &sa, NULL);
518 sigaction(SIGINT, &sa, NULL);
519 sigaction(SIGQUIT, &sa, NULL);
520 sigaction(SIGPIPE, &sa, NULL);
521 sigaction(SIGTERM, &sa, NULL);
523 sa.sa_handler = reaper;
524 sigaction(SIGCHLD, &sa, NULL);
525 #endif /* USE_PROCFS */
537 char name[MAXPATHLEN];
540 if (outfname && followfork > 1) {
541 sprintf(name, "%s.%u", outfname, tcp->pid);
543 setreuid(geteuid(), getuid());
545 fp = fopen(name, "w");
547 setreuid(geteuid(), getuid());
565 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
566 if ((tcp->flags & TCB_INUSE) == 0) {
570 tcp->flags = TCB_INUSE | TCB_STARTUP;
571 tcp->outf = outf; /* Initialise to current out file */
572 tcp->stime.tv_sec = 0;
573 tcp->stime.tv_usec = 0;
584 proc_open(tcp, attaching)
591 sysset_t sc_enter, sc_exit;
595 #ifndef HAVE_POLLABLE_PROCFS
599 #ifdef HAVE_MP_PROCFS
600 /* Open the process pseudo-files in /proc. */
601 sprintf(proc, "/proc/%d/ctl", tcp->pid);
602 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
603 perror("strace: open(\"/proc/...\", ...)");
606 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
610 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
614 sprintf(proc, "/proc/%d/status", tcp->pid);
615 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
616 perror("strace: open(\"/proc/...\", ...)");
619 if ((arg = fcntl(tcp->pfd_stat, F_GETFD)) < 0) {
623 if (fcntl(tcp->pfd_stat, F_SETFD, arg|FD_CLOEXEC) < 0) {
627 sprintf(proc, "/proc/%d/as", tcp->pid);
628 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
629 perror("strace: open(\"/proc/...\", ...)");
632 if ((arg = fcntl(tcp->pfd_as, F_GETFD)) < 0) {
636 if (fcntl(tcp->pfd_as, F_SETFD, arg|FD_CLOEXEC) < 0) {
641 /* Open the process pseudo-file in /proc. */
643 sprintf(proc, "/proc/%d", tcp->pid);
644 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
646 sprintf(proc, "/proc/%d/mem", tcp->pid);
647 if ((tcp->pfd = open(proc, O_RDWR)) < 0) {
649 perror("strace: open(\"/proc/...\", ...)");
652 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
656 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
662 sprintf(proc, "/proc/%d/regs", tcp->pid);
663 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
664 perror("strace: open(\"/proc/.../regs\", ...)");
668 sprintf(proc, "/proc/%d/status", tcp->pid);
669 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
670 perror("strace: open(\"/proc/.../status\", ...)");
674 tcp->pfd_status = -1;
679 * Wait for the child to pause. Because of a race
680 * condition we have to poll for the event.
683 if (IOCTL_STATUS (tcp) < 0) {
684 perror("strace: PIOCSTATUS");
687 if (tcp->status.PR_FLAGS & PR_ASLEEP)
692 /* Stop the process so that we own the stop. */
693 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
694 perror("strace: PIOCSTOP");
699 /* Set Run-on-Last-Close. */
701 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
702 perror("PIOCSET PR_RLC");
705 /* Set or Reset Inherit-on-Fork. */
707 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
708 perror("PIOC{SET,RESET} PR_FORK");
713 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
717 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
718 perror("PIOC{S,R}FORK");
722 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
723 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
728 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
733 #endif /* !PIOCSET */
735 /* Enable all syscall entries. */
736 prfillset(&sc_enter);
737 if (IOCTL(tcp->pfd, PIOCSENTRY, &sc_enter) < 0) {
738 perror("PIOCSENTRY");
741 /* Enable all syscall exits. */
743 if (IOCTL(tcp->pfd, PIOCSEXIT, &sc_exit) < 0) {
747 /* Enable all signals. */
749 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
750 perror("PIOCSTRACE");
753 /* Enable all faults. */
755 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
756 perror("PIOCSFAULT");
760 /* set events flags. */
761 arg = S_SIG | S_SCE | S_SCX ;
762 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
770 * The SGI PRSABORT doesn't work for pause() so
771 * we send it a caught signal to wake it up.
773 kill(tcp->pid, SIGINT);
776 /* The child is in a pause(), abort it. */
778 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
785 /* wake up the child if it received the SIGSTOP */
786 kill(tcp->pid, SIGCONT);
789 /* Wait for the child to do something. */
790 if (IOCTL_WSTOP (tcp) < 0) {
794 if (tcp->status.PR_WHY == PR_SYSENTRY) {
795 tcp->flags &= ~TCB_INSYSCALL;
797 if (tcp->scno == SYS_execve)
800 /* Set it running: maybe execve will be next. */
803 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
805 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
811 /* handle the case where we "opened" the child before
812 it did the kill -STOP */
813 if (tcp->status.PR_WHY == PR_SIGNALLED &&
814 tcp->status.PR_WHAT == SIGSTOP)
815 kill(tcp->pid, SIGCONT);
823 /* We are attaching to an already running process.
824 * Try to figure out the state of the process in syscalls,
825 * to handle the first event well.
826 * This is done by having a look at the "wchan" property of the
827 * process, which tells where it is stopped (if it is). */
829 char wchan[20]; /* should be enough */
831 sprintf(proc, "/proc/%d/status", tcp->pid);
832 status = fopen(proc, "r");
834 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
835 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
836 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
837 strcmp(wchan, "stopevent")) {
838 /* The process is asleep in the middle of a syscall.
839 Fake the syscall entry event */
840 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
841 tcp->status.PR_WHY = PR_SYSENTRY;
846 } /* otherwise it's a fork being followed */
849 #ifndef HAVE_POLLABLE_PROCFS
850 if (proc_poll_pipe[0] != -1)
851 proc_poller(tcp->pfd);
852 else if (nprocs > 1) {
854 proc_poller(last_pfd);
855 proc_poller(tcp->pfd);
858 #endif /* !HAVE_POLLABLE_PROCFS */
862 #endif /* USE_PROCFS */
871 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
872 if (pid && tcp->pid != pid)
874 if (tcp->flags & TCB_INUSE)
889 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
892 if (tcp->flags & TCB_INUSE)
898 #endif /* USE_PROCFS */
909 if (tcp->pfd != -1) {
913 if (tcp->pfd_reg != -1) {
917 if (tcp->pfd_status != -1) {
918 close(tcp->pfd_status);
919 tcp->pfd_status = -1;
921 #endif /* !FREEBSD */
926 if (tcp->parent != NULL) {
927 tcp->parent->nchildren--;
931 if (tcp->outf != stderr)
946 if (!(tcp->flags & TCB_SUSPENDED)) {
947 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
950 tcp->flags &= ~TCB_SUSPENDED;
952 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
953 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
958 fprintf(stderr, "Process %u resumed\n", tcp->pid);
962 #endif /* !USE_PROCFS */
964 /* detach traced process; continue with sig */
976 if (tcp->flags & TCB_BPTSET)
981 * Linux wrongly insists the child be stopped
982 * before detaching. Arghh. We go through hoops
983 * to make a clean break of things.
987 #define PTRACE_DETACH PTRACE_SUNDETACH
989 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
990 /* On a clear day, you can see forever. */
992 else if (errno != ESRCH) {
993 /* Shouldn't happen. */
994 perror("detach: ptrace(PTRACE_DETACH, ...)");
996 else if (kill(tcp->pid, 0) < 0) {
998 perror("detach: checking sanity");
1000 else if (kill(tcp->pid, SIGSTOP) < 0) {
1002 perror("detach: stopping child");
1006 if (waitpid(tcp->pid, &status, 0) < 0) {
1007 if (errno != ECHILD)
1008 perror("detach: waiting");
1011 if (!WIFSTOPPED(status)) {
1012 /* Au revoir, mon ami. */
1015 if (WSTOPSIG(status) == SIGSTOP) {
1016 if ((error = ptrace(PTRACE_DETACH,
1017 tcp->pid, (char *) 1, sig)) < 0) {
1019 perror("detach: ptrace(PTRACE_DETACH, ...)");
1020 /* I died trying. */
1024 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
1025 WSTOPSIG(status) == SIGTRAP ?
1026 0 : WSTOPSIG(status))) < 0) {
1028 perror("detach: ptrace(PTRACE_CONT, ...)");
1036 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1037 if (sig && kill(tcp->pid, sig) < 0)
1038 perror("detach: kill");
1040 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
1041 perror("detach: ptrace(PTRACE_DETACH, ...)");
1045 if (waiting_parent(tcp))
1046 error = resume(tcp->parent);
1047 #endif /* !USE_PROCFS */
1050 fprintf(stderr, "Process %u detached\n", tcp->pid);
1065 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1076 #endif /* USE_PROCFS */
1084 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
1085 if (!(tcp->flags & TCB_INUSE))
1089 "cleanup: looking at pid %u\n", tcp->pid);
1091 (!outfname || followfork < 2 || tcp_last == tcp)) {
1092 tprintf(" <unfinished ...>\n");
1095 if (tcp->flags & TCB_ATTACHED)
1098 kill(tcp->pid, SIGCONT);
1099 kill(tcp->pid, SIGTERM);
1113 #ifndef HAVE_STRERROR
1115 #ifndef SYS_ERRLIST_DECLARED
1116 extern int sys_nerr;
1117 extern char *sys_errlist[];
1118 #endif /* SYS_ERRLIST_DECLARED */
1124 static char buf[64];
1126 if (errno < 1 || errno >= sys_nerr) {
1127 sprintf(buf, "Unknown error %d", errno);
1130 return sys_errlist[errno];
1133 #endif /* HAVE_STERRROR */
1135 #ifndef HAVE_STRSIGNAL
1137 #ifndef SYS_SIGLIST_DECLARED
1138 #ifdef HAVE__SYS_SIGLIST
1139 extern char *_sys_siglist[];
1141 extern char *sys_siglist[];
1143 #endif /* SYS_SIGLIST_DECLARED */
1149 static char buf[64];
1151 if (sig < 1 || sig >= NSIG) {
1152 sprintf(buf, "Unknown signal %d", sig);
1155 #ifdef HAVE__SYS_SIGLIST
1156 return _sys_siglist[sig];
1158 return sys_siglist[sig];
1162 #endif /* HAVE_STRSIGNAL */
1172 for (i = j = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
1173 if (!(tcp->flags & TCB_INUSE))
1175 pollv[j].fd = tcp->pfd;
1176 pollv[j].events = POLLWANT;
1180 fprintf(stderr, "strace: proc miscount\n");
1185 #ifndef HAVE_POLLABLE_PROCFS
1193 if (pipe(proc_poll_pipe) < 0) {
1197 for (i = 0; i < 2; i++) {
1198 if ((arg = fcntl(proc_poll_pipe[i], F_GETFD)) < 0) {
1202 if (fcntl(proc_poll_pipe[i], F_SETFD, arg|FD_CLOEXEC) < 0) {
1210 proc_poll(pollv, nfds, timeout)
1211 struct pollfd *pollv;
1217 struct proc_pollfd pollinfo;
1219 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1221 if (n != sizeof(struct proc_pollfd)) {
1222 fprintf(stderr, "panic: short read: %d\n", n);
1225 for (i = 0; i < nprocs; i++) {
1226 if (pollv[i].fd == pollinfo.fd)
1227 pollv[i].revents = pollinfo.revents;
1229 pollv[i].revents = 0;
1231 poller_pid = pollinfo.pid;
1245 struct proc_pollfd pollinfo;
1246 struct sigaction sa;
1247 sigset_t blocked_set, empty_set;
1252 struct procfs_status pfs;
1253 #endif /* FREEBSD */
1265 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1267 sigemptyset(&sa.sa_mask);
1268 sigaction(SIGHUP, &sa, NULL);
1269 sigaction(SIGINT, &sa, NULL);
1270 sigaction(SIGQUIT, &sa, NULL);
1271 sigaction(SIGPIPE, &sa, NULL);
1272 sigaction(SIGTERM, &sa, NULL);
1273 sa.sa_handler = wakeup_handler;
1274 sigaction(SIGUSR1, &sa, NULL);
1275 sigemptyset(&blocked_set);
1276 sigaddset(&blocked_set, SIGUSR1);
1277 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1278 sigemptyset(&empty_set);
1280 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1281 perror("getrlimit(RLIMIT_NOFILE, ...)");
1285 for (i = 0; i < n; i++) {
1286 if (i != pfd && i != proc_poll_pipe[1])
1291 pollinfo.pid = getpid();
1294 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1296 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1297 #endif /* FREEBSD */
1303 pollinfo.revents = POLLERR;
1306 pollinfo.revents = POLLHUP;
1309 perror("proc_poller: PIOCWSTOP");
1311 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1314 pollinfo.revents = POLLWANT;
1315 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1316 sigsuspend(&empty_set);
1320 #endif /* !HAVE_POLLABLE_PROCFS */
1330 if (followfork < 2 &&
1331 last < nprocs && (pollv[last].revents & POLLWANT)) {
1333 * The previous process is ready to run again. We'll
1334 * let it do so if it is currently in a syscall. This
1335 * heuristic improves the readability of the trace.
1337 tcp = pfd2tcb(pollv[last].fd);
1338 if (tcp && (tcp->flags & TCB_INSYSCALL))
1339 return pollv[last].fd;
1342 for (i = 0; i < nprocs; i++) {
1343 /* Let competing children run round robin. */
1344 j = (i + last + 1) % nprocs;
1345 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1346 tcp = pfd2tcb(pollv[j].fd);
1348 fprintf(stderr, "strace: lost proc\n");
1354 if (pollv[j].revents & POLLWANT) {
1359 fprintf(stderr, "strace: nothing ready\n");
1367 struct tcb *in_syscall;
1372 int ioctl_result = 0, ioctl_errno = 0;
1377 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1384 #ifndef HAVE_POLLABLE_PROCFS
1385 if (proc_poll_pipe[0] == -1) {
1394 #ifndef HAVE_POLLABLE_PROCFS
1396 /* fall through ... */
1397 #endif /* !HAVE_POLLABLE_PROCFS */
1399 #ifdef HAVE_POLLABLE_PROCFS
1401 /* On some systems (e.g. UnixWare) we get too much ugly
1402 "unfinished..." stuff when multiple proceses are in
1403 syscalls. Here's a nasty hack */
1410 pv.events = POLLWANT;
1411 if ((what = poll (&pv, 1, 1)) < 0) {
1416 else if (what == 1 && pv.revents & POLLWANT) {
1422 if (poll(pollv, nprocs, INFTIM) < 0) {
1427 #else /* !HAVE_POLLABLE_PROCFS */
1428 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1433 #endif /* !HAVE_POLLABLE_PROCFS */
1440 /* Look up `pfd' in our table. */
1441 if ((tcp = pfd2tcb(pfd)) == NULL) {
1442 fprintf(stderr, "unknown pfd: %u\n", pfd);
1446 /* Get the status of the process. */
1449 ioctl_result = IOCTL_WSTOP (tcp);
1451 /* Thanks to some scheduling mystery, the first poller
1452 sometimes waits for the already processed end of fork
1453 event. Doing a non blocking poll here solves the problem. */
1454 if (proc_poll_pipe[0] != -1)
1455 ioctl_result = IOCTL_STATUS (tcp);
1457 ioctl_result = IOCTL_WSTOP (tcp);
1458 #endif /* FREEBSD */
1459 ioctl_errno = errno;
1460 #ifndef HAVE_POLLABLE_PROCFS
1461 if (proc_poll_pipe[0] != -1) {
1462 if (ioctl_result < 0)
1463 kill(poller_pid, SIGKILL);
1465 kill(poller_pid, SIGUSR1);
1467 #endif /* !HAVE_POLLABLE_PROCFS */
1473 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1475 if (ioctl_result < 0) {
1476 /* Find out what happened if it failed. */
1477 switch (ioctl_errno) {
1488 perror("PIOCWSTOP");
1494 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
1495 /* discard first event for a syscall we never entered */
1496 IOCTL (tcp->pfd, PIOCRUN, 0);
1501 /* clear the just started flag */
1502 tcp->flags &= ~TCB_STARTUP;
1504 /* set current output file */
1508 struct timeval stime;
1513 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
1516 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
1517 &stime.tv_sec, &stime.tv_usec);
1519 stime.tv_sec = stime.tv_usec = 0;
1520 #else /* !FREEBSD */
1521 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1522 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1523 #endif /* !FREEBSD */
1524 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1527 what = tcp->status.PR_WHAT;
1528 switch (tcp->status.PR_WHY) {
1531 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
1532 tcp->status.PR_WHY = PR_SYSENTRY;
1533 if (trace_syscall(tcp) < 0) {
1534 fprintf(stderr, "syscall trouble\n");
1539 #endif /* !FREEBSD */
1545 if (trace_syscall(tcp) < 0) {
1546 fprintf(stderr, "syscall trouble\n");
1551 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1553 tprintf("--- %s (%s) ---",
1554 signame(what), strsignal(what));
1559 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1561 tprintf("=== FAULT %d ===", what);
1566 case 0: /* handle case we polled for nothing */
1570 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
1576 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1578 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0) {
1587 #else /* !USE_PROCFS */
1599 static int wait4_options = __WALL;
1603 while (nprocs != 0) {
1605 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1608 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
1609 if ((wait4_options & __WALL) && errno == EINVAL) {
1610 /* this kernel does not support __WALL */
1611 wait4_options &= ~__WALL;
1613 pid = wait4(-1, &status, wait4_options,
1614 cflag ? &ru : NULL);
1616 if (!(wait4_options & __WALL) && errno == ECHILD) {
1617 /* most likely a "cloned" process */
1618 pid = wait4(-1, &status, __WCLONE,
1619 cflag ? &ru : NULL);
1621 fprintf(stderr, "strace: clone wait4 "
1622 "failed: %s\n", strerror(errno));
1626 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
1630 pid = wait(&status);
1634 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1640 switch (wait_errno) {
1645 * We would like to verify this case
1646 * but sometimes a race in Solbourne's
1647 * version of SunOS sometimes reports
1648 * ECHILD before sending us SIGCHILD.
1653 fprintf(stderr, "strace: proc miscount\n");
1659 perror("strace: wait");
1664 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
1666 /* Look up `pid' in our table. */
1667 if ((tcp = pid2tcb(pid)) == NULL) {
1668 #if 0 /* XXX davidm */ /* WTA: disabled again */
1669 struct tcb *tcpchild;
1671 if ((tcpchild = alloctcb(pid)) == NULL) {
1672 fprintf(stderr, " [tcb table full]\n");
1673 kill(pid, SIGKILL); /* XXX */
1676 tcpchild->flags |= TCB_ATTACHED;
1680 fprintf(stderr, "Process %d attached\n", pid);
1682 fprintf(stderr, "unknown pid: %u\n", pid);
1683 if (WIFSTOPPED(status))
1684 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
1688 /* set current output file */
1692 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
1693 tcp->stime = ru.ru_stime;
1697 if (tcp->flags & TCB_SUSPENDED) {
1699 * Apparently, doing any ptrace() call on a stopped
1700 * process, provokes the kernel to report the process
1701 * status again on a subsequent wait(), even if the
1702 * process has not been actually restarted.
1703 * Since we have inspected the arguments of suspended
1704 * processes we end up here testing for this case.
1708 if (WIFSIGNALED(status)) {
1710 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
1712 tprintf("+++ killed by %s +++",
1713 signame(WTERMSIG(status)));
1719 if (WIFEXITED(status)) {
1721 fprintf(stderr, "pid %u exited\n", pid);
1722 if (tcp->flags & TCB_ATTACHED)
1724 "PANIC: attached pid %u exited\n",
1729 if (!WIFSTOPPED(status)) {
1730 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
1735 fprintf(stderr, "pid %u stopped, [%s]\n",
1736 pid, signame(WSTOPSIG(status)));
1738 if (tcp->flags & TCB_STARTUP) {
1740 * This flag is there to keep us in sync.
1741 * Next time this process stops it should
1742 * really be entering a system call.
1744 tcp->flags &= ~TCB_STARTUP;
1745 if (tcp->flags & TCB_ATTACHED) {
1747 * Interestingly, the process may stop
1748 * with STOPSIG equal to some other signal
1749 * than SIGSTOP if we happend to attach
1750 * just before the process takes a signal.
1752 if (!WIFSTOPPED(status)) {
1754 "pid %u not stopped\n", pid);
1755 detach(tcp, WSTOPSIG(status));
1761 /* A child of us stopped at exec */
1762 if (WSTOPSIG(status) == SIGTRAP && followvfork)
1766 if (tcp->flags & TCB_BPTSET) {
1767 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
1776 if (WSTOPSIG(status) != SIGTRAP) {
1777 if (WSTOPSIG(status) == SIGSTOP &&
1778 (tcp->flags & TCB_SIGTRAPPED)) {
1780 * Trapped attempt to block SIGTRAP
1781 * Hope we are back in control now.
1783 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
1784 if (ptrace(PTRACE_SYSCALL,
1785 pid, (char *) 1, 0) < 0) {
1786 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1793 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
1795 tprintf("--- %s (%s) ---",
1796 signame(WSTOPSIG(status)),
1797 strsignal(WSTOPSIG(status)));
1800 if ((tcp->flags & TCB_ATTACHED) &&
1801 !sigishandled(tcp, WSTOPSIG(status))) {
1802 detach(tcp, WSTOPSIG(status));
1805 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
1806 WSTOPSIG(status)) < 0) {
1807 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1811 tcp->flags &= ~TCB_SUSPENDED;
1814 if (trace_syscall(tcp) < 0) {
1815 if (tcp->flags & TCB_ATTACHED)
1819 tcp->pid, (char *) 1, SIGTERM);
1824 if (tcp->flags & TCB_EXITING) {
1825 if (tcp->flags & TCB_ATTACHED)
1827 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
1828 perror("strace: ptrace(PTRACE_CONT, ...)");
1834 if (tcp->flags & TCB_SUSPENDED) {
1836 fprintf(stderr, "Process %u suspended\n", pid);
1840 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
1841 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1849 #endif /* !USE_PROCFS */
1855 #define VA_START(a, b) va_start(a, b)
1857 #include <varargs.h>
1858 #define VA_START(a, b) va_start(a)
1863 tprintf(const char *fmt, ...)
1865 tprintf(fmt, va_alist)
1872 VA_START(args, fmt);
1874 curcol += vfprintf(outf, fmt, args);
1883 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
1884 tcp_last->flags |= TCB_REPRINT;
1885 tprintf(" <unfinished ...>\n");
1888 if ((followfork == 1 || pflag_seen > 1) && outfname)
1889 tprintf("%-5d ", tcp->pid);
1890 else if (nprocs > 1 && !outfname)
1891 tprintf("[pid %5u] ", tcp->pid);
1893 char str[sizeof("HH:MM:SS")];
1894 struct timeval tv, dtv;
1895 static struct timeval otv;
1897 gettimeofday(&tv, NULL);
1899 if (otv.tv_sec == 0)
1901 tv_sub(&dtv, &tv, &otv);
1902 tprintf("%6ld.%06ld ",
1903 (long) dtv.tv_sec, (long) dtv.tv_usec);
1906 else if (tflag > 2) {
1907 tprintf("%ld.%06ld ",
1908 (long) tv.tv_sec, (long) tv.tv_usec);
1911 time_t local = tv.tv_sec;
1912 strftime(str, sizeof(str), "%T", localtime(&local));
1914 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
1916 tprintf("%s ", str);
1928 tprintf("%*s", col - curcol, "");
1939 #ifdef HAVE_MP_PROCFS
1941 int mp_ioctl (int fd, int cmd, void *arg, int size) {
1943 struct iovec iov[2];
1946 iov[0].iov_base = &cmd;
1947 iov[0].iov_len = sizeof cmd;
1950 iov[1].iov_base = arg;
1951 iov[1].iov_len = size;
1954 return writev (fd, iov, n);