2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/types.h>
38 #include <sys/param.h>
40 #include <sys/resource.h>
49 #if defined(IA64) && defined(LINUX)
50 # include <asm/ptrace_offsets.h>
58 #include <sys/stropts.h>
66 int debug = 0, followfork = 0, followvfork = 0, interactive = 0;
67 int rflag = 0, tflag = 0, dtime = 0, cflag = 0;
68 int iflag = 0, xflag = 0, qflag = 0;
71 /* Sometimes we want to print only succeeding syscalls. */
72 int not_failing_only = 0;
74 char *username = NULL;
78 int acolumn = DEFAULT_ACOLUMN;
79 int max_strlen = DEFAULT_STRLEN;
80 char *outfname = NULL;
83 unsigned int nprocs, tcbtabsize;
85 extern char **environ;
87 static int trace P((void));
88 static void cleanup P((void));
89 static void interrupt P((int sig));
90 static sigset_t empty_set, blocked_set;
92 #ifdef HAVE_SIG_ATOMIC_T
93 static volatile sig_atomic_t interrupted;
94 #else /* !HAVE_SIG_ATOMIC_T */
96 static volatile int interrupted;
98 static int interrupted;
99 #endif /* !__STDC__ */
100 #endif /* !HAVE_SIG_ATOMIC_T */
104 static struct tcb *pfd2tcb P((int pfd));
105 static void reaper P((int sig));
106 static void rebuild_pollv P((void));
107 static struct pollfd *pollv;
109 #ifndef HAVE_POLLABLE_PROCFS
111 static void proc_poll_open P((void));
112 static void proc_poller P((int pfd));
120 static int poller_pid;
121 static int proc_poll_pipe[2] = { -1, -1 };
123 #endif /* !HAVE_POLLABLE_PROCFS */
125 #ifdef HAVE_MP_PROCFS
126 #define POLLWANT POLLWRNORM
128 #define POLLWANT POLLPRI
130 #endif /* USE_PROCFS */
138 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
139 [-p pid] ... [-s strsize] [-u username] [-E var=val] ...\n\
140 [command [arg ...]]\n\
141 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...\n\
142 [command [arg ...]]\n\
143 -c -- count time, calls, and errors for each syscall and report summary\n\
144 -f -- follow forks, -ff -- with output into separate files\n\
145 -F -- attempt to follow vforks, -h -- print help message\n\
146 -i -- print instruction pointer at time of syscall\n\
147 -q -- suppress messages about attaching, detaching, etc.\n\
148 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
149 -T -- print time spent in each syscall, -V -- print version\n\
150 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
151 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
152 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
153 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
154 options: trace, abbrev, verbose, raw, signal, read, or write\n\
155 -o file -- send trace output to FILE instead of stderr\n\
156 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
157 -p pid -- trace process with process id PID, may be repeated\n\
158 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
159 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
160 -u username -- run command as username handling setuid and/or setgid\n\
161 -E var=val -- put var=val in the environment for command\n\
162 -E var -- remove var from the environment for command\n\
163 " /* this is broken, so don't document it
164 -z -- print only succeeding syscalls\n\
166 , DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
190 static char buf[BUFSIZ];
192 /* Allocate the initial tcbtab. */
193 tcbtabsize = argc; /* Surely enough for all -p args. */
194 tcbtab = (struct tcb **) malloc (tcbtabsize * sizeof tcbtab[0]);
195 tcbtab[0] = (struct tcb *) calloc (tcbtabsize, sizeof *tcbtab[0]);
196 for (tcp = tcbtab[0]; tcp < &tcbtab[0][tcbtabsize]; ++tcp)
197 tcbtab[tcp - tcbtab[0]] = &tcbtab[0][tcp - tcbtab[0]];
202 set_sortby(DEFAULT_SORTBY);
203 set_personality(DEFAULT_PERSONALITY);
204 qualify("trace=all");
205 qualify("abbrev=all");
206 qualify("verbose=all");
207 qualify("signal=all");
208 while ((c = getopt(argc, argv,
209 "+cdfFhiqrtTvVxza:e:o:O:p:s:S:u:E:")) != EOF) {
247 qualify("abbrev=none");
250 printf("%s -- version %s\n", PACKAGE_NAME, VERSION);
254 not_failing_only = 1;
257 acolumn = atoi(optarg);
263 outfname = strdup(optarg);
266 set_overhead(atoi(optarg));
269 if ((pid = atoi(optarg)) <= 0) {
270 fprintf(stderr, "%s: Invalid process id: %s\n",
274 if (pid == getpid()) {
275 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.\n", progname);
278 if ((tcp = alloctcb(pid)) == NULL) {
279 fprintf(stderr, "%s: out of memory\n",
283 tcp->flags |= TCB_ATTACHED;
287 max_strlen = atoi(optarg);
288 if (max_strlen < 0) {
290 "%s: invalid -s argument: %s\n",
299 username = strdup(optarg);
302 if (putenv(optarg) < 0) {
303 fprintf(stderr, "%s: out of memory\n",
314 if ((optind == argc) == !pflag_seen)
317 if (followfork > 1 && cflag) {
319 "%s: -c and -ff are mutually exclusive options\n",
324 /* See if they want to run as another user. */
325 if (username != NULL) {
328 if (getuid() != 0 || geteuid() != 0) {
330 "%s: you must be root to use the -u option\n",
334 if ((pent = getpwnam(username)) == NULL) {
335 fprintf(stderr, "%s: cannot find user `%s'\n",
339 run_uid = pent->pw_uid;
340 run_gid = pent->pw_gid;
348 setreuid(geteuid(), getuid());
351 /* Check if they want to redirect the output. */
355 /* See if they want to pipe the output. */
356 if (outfname[0] == '|' || outfname[0] == '!') {
358 * We can't do the <outfname>.PID funny business
359 * when using popen, so prohibit it.
361 if (followfork > 1) {
363 %s: piping the output and -ff are mutually exclusive options\n",
368 if ((outf = popen(outfname + 1, "w")) == NULL) {
369 fprintf(stderr, "%s: can't popen '%s': %s\n",
370 progname, outfname + 1,
375 else if ((outf = fopen(outfname, "w")) == NULL) {
376 fprintf(stderr, "%s: can't fopen '%s': %s\n",
377 progname, outfname, strerror(errno));
381 if ((f=fcntl(fileno(outf), F_GETFD)) < 0 ) {
382 perror("failed to get flags for outputfile");
386 if (fcntl(fileno(outf), F_SETFD, f|FD_CLOEXEC) < 0 ) {
387 perror("failed to set flags for outputfile");
393 setreuid(geteuid(), getuid());
396 if (!outfname || outfname[0] == '|' || outfname[0] == '!')
397 setvbuf(outf, buf, _IOLBF, BUFSIZ);
398 if (outfname && optind < argc) {
403 for (c = 0; c < tcbtabsize; c++) {
405 /* Reinitialize the output since it may have changed. */
407 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
410 if (proc_open(tcp, 1) < 0) {
411 fprintf(stderr, "trouble opening proc file\n");
415 #else /* !USE_PROCFS */
417 if (tcp->flags & TCB_CLONE_THREAD)
420 char procdir[MAXPATHLEN];
422 sprintf(procdir, "/proc/%d/task", tcp->pid);
423 dir = opendir(procdir);
425 unsigned int ntid = 0, nerr = 0;
428 while ((de = readdir(dir)) != NULL) {
429 if (de->d_fileno == 0 ||
430 de->d_name[0] == '.')
432 tid = atoi(de->d_name);
436 if (ptrace(PTRACE_ATTACH, tid,
439 else if (tid != tcbtab[c]->pid) {
440 if (nprocs == tcbtabsize &&
447 tcp->flags |= TCB_ATTACHED|TCB_CLONE_THREAD|TCB_CLONE_DETACHED|TCB_FOLLOWFORK;
448 tcbtab[c]->nchildren++;
449 tcbtab[c]->nclone_threads++;
450 tcbtab[c]->nclone_detached++;
451 tcp->parent = tcbtab[c];
456 perror("attach: ptrace(PTRACE_ATTACH, ...)");
464 Process %u attached with %u threads - interrupt to quit\n",
468 Process %u attached - interrupt to quit\n",
475 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
476 perror("attach: ptrace(PTRACE_ATTACH, ...)");
480 #endif /* !USE_PROCFS */
483 "Process %u attached - interrupt to quit\n",
490 char pathname[MAXPATHLEN];
492 filename = argv[optind];
493 if (strchr(filename, '/')) {
494 if (strlen(filename) > sizeof pathname - 1) {
495 errno = ENAMETOOLONG;
496 perror("strace: exec");
499 strcpy(pathname, filename);
501 #ifdef USE_DEBUGGING_EXEC
503 * Debuggers customarily check the current directory
504 * first regardless of the path but doing that gives
505 * security geeks a panic attack.
507 else if (stat(filename, &statbuf) == 0)
508 strcpy(pathname, filename);
509 #endif /* USE_DEBUGGING_EXEC */
514 for (path = getenv("PATH"); path && *path; path += m) {
515 if (strchr(path, ':')) {
516 n = strchr(path, ':') - path;
520 m = n = strlen(path);
522 if (!getcwd(pathname, MAXPATHLEN))
524 len = strlen(pathname);
526 else if (n > sizeof pathname - 1)
529 strncpy(pathname, path, n);
532 if (len && pathname[len - 1] != '/')
533 pathname[len++] = '/';
534 strcpy(pathname + len, filename);
535 if (stat(pathname, &statbuf) == 0 &&
536 /* Accept only regular files
537 with some execute bits set.
538 XXX not perfect, might still fail */
539 S_ISREG(statbuf.st_mode) &&
540 (statbuf.st_mode & 0111))
544 if (stat(pathname, &statbuf) < 0) {
545 fprintf(stderr, "%s: %s: command not found\n",
549 switch (pid = fork()) {
551 perror("strace: fork");
557 if (outf != stderr) close (fileno (outf));
559 /* Kludge for SGI, see proc_open for details. */
560 sa.sa_handler = foobar;
562 sigemptyset(&sa.sa_mask);
563 sigaction(SIGINT, &sa, NULL);
568 kill(getpid(), SIGSTOP); /* stop HERE */
570 #else /* !USE_PROCFS */
572 close(fileno (outf));
574 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
575 perror("strace: ptrace(PTRACE_TRACEME, ...)");
579 kill(getpid(), SIGSTOP);
581 if (username != NULL || geteuid() == 0) {
582 uid_t run_euid = run_uid;
583 gid_t run_egid = run_gid;
585 if (statbuf.st_mode & S_ISUID)
586 run_euid = statbuf.st_uid;
587 if (statbuf.st_mode & S_ISGID)
588 run_egid = statbuf.st_gid;
591 * It is important to set groups before we
592 * lose privileges on setuid.
594 if (username != NULL) {
595 if (initgroups(username, run_gid) < 0) {
596 perror("initgroups");
599 if (setregid(run_gid, run_egid) < 0) {
603 if (setreuid(run_uid, run_euid) < 0) {
610 setreuid(run_uid, run_uid);
613 * Induce an immediate stop so that the parent
614 * will resume us with PTRACE_SYSCALL and display
615 * this execve call normally.
617 kill(getpid(), SIGSTOP);
618 #endif /* !USE_PROCFS */
620 execv(pathname, &argv[optind]);
621 perror("strace: exec");
626 if ((tcp = alloctcb(pid)) == NULL) {
631 if (proc_open(tcp, 0) < 0) {
632 fprintf(stderr, "trouble opening proc file\n");
636 #endif /* USE_PROCFS */
641 sigemptyset(&empty_set);
642 sigemptyset(&blocked_set);
643 sa.sa_handler = SIG_IGN;
644 sigemptyset(&sa.sa_mask);
646 sigaction(SIGTTOU, &sa, NULL);
647 sigaction(SIGTTIN, &sa, NULL);
649 sigaddset(&blocked_set, SIGHUP);
650 sigaddset(&blocked_set, SIGINT);
651 sigaddset(&blocked_set, SIGQUIT);
652 sigaddset(&blocked_set, SIGPIPE);
653 sigaddset(&blocked_set, SIGTERM);
654 sa.sa_handler = interrupt;
656 /* POSIX signals on sunos4.1 are a little broken. */
657 sa.sa_flags = SA_INTERRUPT;
660 sigaction(SIGHUP, &sa, NULL);
661 sigaction(SIGINT, &sa, NULL);
662 sigaction(SIGQUIT, &sa, NULL);
663 sigaction(SIGPIPE, &sa, NULL);
664 sigaction(SIGTERM, &sa, NULL);
666 sa.sa_handler = reaper;
667 sigaction(SIGCHLD, &sa, NULL);
669 /* Make sure SIGCHLD has the default action so that waitpid
670 definitely works without losing track of children. The user
671 should not have given us a bogus state to inherit, but he might
672 have. Arguably we should detect SIG_IGN here and pass it on
673 to children, but probably noone really needs that. */
674 sa.sa_handler = SIG_DFL;
675 sigaction(SIGCHLD, &sa, NULL);
676 #endif /* USE_PROCFS */
688 char name[MAXPATHLEN];
691 if (outfname && followfork > 1) {
692 sprintf(name, "%s.%u", outfname, tcp->pid);
694 setreuid(geteuid(), getuid());
696 fp = fopen(name, "w");
698 setreuid(geteuid(), getuid());
712 /* Allocate some more TCBs and expand the table.
713 We don't want to relocate the TCBs because our
714 callers have pointers and it would be a pain.
715 So tcbtab is a table of pointers. Since we never
716 free the TCBs, we allocate a single chunk of many. */
717 struct tcb **newtab = (struct tcb **)
718 realloc(tcbtab, 2 * tcbtabsize * sizeof tcbtab[0]);
719 struct tcb *newtcbs = (struct tcb *) calloc(tcbtabsize,
722 if (newtab == NULL || newtcbs == NULL) {
725 fprintf(stderr, "%s: expand_tcbtab: out of memory\n",
729 for (i = tcbtabsize; i < 2 * tcbtabsize; ++i)
730 newtab[i] = &newtcbs[i - tcbtabsize];
745 for (i = 0; i < tcbtabsize; i++) {
747 if ((tcp->flags & TCB_INUSE) == 0) {
752 #ifdef TCB_CLONE_THREAD
753 tcp->nclone_threads = tcp->nclone_detached = 0;
754 tcp->nclone_waiting = 0;
756 tcp->flags = TCB_INUSE | TCB_STARTUP;
757 tcp->outf = outf; /* Initialise to current out file */
758 tcp->stime.tv_sec = 0;
759 tcp->stime.tv_usec = 0;
765 fprintf(stderr, "%s: alloctcb: tcb table full\n", progname);
771 proc_open(tcp, attaching)
783 #ifndef HAVE_POLLABLE_PROCFS
787 #ifdef HAVE_MP_PROCFS
788 /* Open the process pseudo-files in /proc. */
789 sprintf(proc, "/proc/%d/ctl", tcp->pid);
790 if ((tcp->pfd = open(proc, O_WRONLY|O_EXCL)) < 0) {
791 perror("strace: open(\"/proc/...\", ...)");
794 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
798 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
802 sprintf(proc, "/proc/%d/status", tcp->pid);
803 if ((tcp->pfd_stat = open(proc, O_RDONLY|O_EXCL)) < 0) {
804 perror("strace: open(\"/proc/...\", ...)");
807 if ((arg = fcntl(tcp->pfd_stat, F_GETFD)) < 0) {
811 if (fcntl(tcp->pfd_stat, F_SETFD, arg|FD_CLOEXEC) < 0) {
815 sprintf(proc, "/proc/%d/as", tcp->pid);
816 if ((tcp->pfd_as = open(proc, O_RDONLY|O_EXCL)) < 0) {
817 perror("strace: open(\"/proc/...\", ...)");
820 if ((arg = fcntl(tcp->pfd_as, F_GETFD)) < 0) {
824 if (fcntl(tcp->pfd_as, F_SETFD, arg|FD_CLOEXEC) < 0) {
829 /* Open the process pseudo-file in /proc. */
831 sprintf(proc, "/proc/%d", tcp->pid);
832 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
834 sprintf(proc, "/proc/%d/mem", tcp->pid);
835 if ((tcp->pfd = open(proc, O_RDWR)) < 0) {
837 perror("strace: open(\"/proc/...\", ...)");
840 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
844 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
850 sprintf(proc, "/proc/%d/regs", tcp->pid);
851 if ((tcp->pfd_reg = open(proc, O_RDONLY)) < 0) {
852 perror("strace: open(\"/proc/.../regs\", ...)");
856 sprintf(proc, "/proc/%d/status", tcp->pid);
857 if ((tcp->pfd_status = open(proc, O_RDONLY)) < 0) {
858 perror("strace: open(\"/proc/.../status\", ...)");
862 tcp->pfd_status = -1;
867 * Wait for the child to pause. Because of a race
868 * condition we have to poll for the event.
871 if (IOCTL_STATUS (tcp) < 0) {
872 perror("strace: PIOCSTATUS");
875 if (tcp->status.PR_FLAGS & PR_ASLEEP)
880 /* Stop the process so that we own the stop. */
881 if (IOCTL(tcp->pfd, PIOCSTOP, (char *)NULL) < 0) {
882 perror("strace: PIOCSTOP");
887 /* Set Run-on-Last-Close. */
889 if (IOCTL(tcp->pfd, PIOCSET, &arg) < 0) {
890 perror("PIOCSET PR_RLC");
893 /* Set or Reset Inherit-on-Fork. */
895 if (IOCTL(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
896 perror("PIOC{SET,RESET} PR_FORK");
901 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
905 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
906 perror("PIOC{S,R}FORK");
910 /* just unset the PF_LINGER flag for the Run-on-Last-Close. */
911 if (ioctl(tcp->pfd, PIOCGFL, &arg) < 0) {
916 if (ioctl(tcp->pfd, PIOCSFL, arg) < 0) {
921 #endif /* !PIOCSET */
923 /* Enable all syscall entries we care about. */
924 premptyset(&syscalls);
925 for (i = 1; i < MAX_QUALS; ++i) {
926 if (i > (sizeof syscalls) * CHAR_BIT) break;
927 if (qual_flags [i] & QUAL_TRACE) praddset (&syscalls, i);
929 praddset (&syscalls, SYS_execve);
931 praddset (&syscalls, SYS_fork);
933 praddset (&syscalls, SYS_forkall);
936 praddset (&syscalls, SYS_fork1);
939 praddset (&syscalls, SYS_rfork1);
942 praddset (&syscalls, SYS_rforkall);
945 if (IOCTL(tcp->pfd, PIOCSENTRY, &syscalls) < 0) {
946 perror("PIOCSENTRY");
949 /* Enable the syscall exits. */
950 if (IOCTL(tcp->pfd, PIOCSEXIT, &syscalls) < 0) {
954 /* Enable signals we care about. */
955 premptyset(&signals);
956 for (i = 1; i < MAX_QUALS; ++i) {
957 if (i > (sizeof signals) * CHAR_BIT) break;
958 if (qual_flags [i] & QUAL_SIGNAL) praddset (&signals, i);
960 if (IOCTL(tcp->pfd, PIOCSTRACE, &signals) < 0) {
961 perror("PIOCSTRACE");
964 /* Enable faults we care about */
966 for (i = 1; i < MAX_QUALS; ++i) {
967 if (i > (sizeof faults) * CHAR_BIT) break;
968 if (qual_flags [i] & QUAL_FAULT) praddset (&faults, i);
970 if (IOCTL(tcp->pfd, PIOCSFAULT, &faults) < 0) {
971 perror("PIOCSFAULT");
975 /* set events flags. */
976 arg = S_SIG | S_SCE | S_SCX ;
977 if(ioctl(tcp->pfd, PIOCBIS, arg) < 0) {
985 * The SGI PRSABORT doesn't work for pause() so
986 * we send it a caught signal to wake it up.
988 kill(tcp->pid, SIGINT);
991 /* The child is in a pause(), abort it. */
993 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1000 /* wake up the child if it received the SIGSTOP */
1001 kill(tcp->pid, SIGCONT);
1004 /* Wait for the child to do something. */
1005 if (IOCTL_WSTOP (tcp) < 0) {
1006 perror("PIOCWSTOP");
1009 if (tcp->status.PR_WHY == PR_SYSENTRY) {
1010 tcp->flags &= ~TCB_INSYSCALL;
1012 if (known_scno(tcp) == SYS_execve)
1015 /* Set it running: maybe execve will be next. */
1018 if (IOCTL(tcp->pfd, PIOCRUN, &arg) < 0) {
1020 if (IOCTL(tcp->pfd, PIOCRUN, 0) < 0) {
1021 #endif /* FREEBSD */
1026 /* handle the case where we "opened" the child before
1027 it did the kill -STOP */
1028 if (tcp->status.PR_WHY == PR_SIGNALLED &&
1029 tcp->status.PR_WHAT == SIGSTOP)
1030 kill(tcp->pid, SIGCONT);
1037 if (attaching < 2) {
1038 /* We are attaching to an already running process.
1039 * Try to figure out the state of the process in syscalls,
1040 * to handle the first event well.
1041 * This is done by having a look at the "wchan" property of the
1042 * process, which tells where it is stopped (if it is). */
1044 char wchan[20]; /* should be enough */
1046 sprintf(proc, "/proc/%d/status", tcp->pid);
1047 status = fopen(proc, "r");
1049 (fscanf(status, "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d"
1050 "%*d,%*d %*d,%*d %19s", wchan) == 1) &&
1051 strcmp(wchan, "nochan") && strcmp(wchan, "spread") &&
1052 strcmp(wchan, "stopevent")) {
1053 /* The process is asleep in the middle of a syscall.
1054 Fake the syscall entry event */
1055 tcp->flags &= ~(TCB_INSYSCALL|TCB_STARTUP);
1056 tcp->status.PR_WHY = PR_SYSENTRY;
1061 } /* otherwise it's a fork being followed */
1063 #endif /* FREEBSD */
1064 #ifndef HAVE_POLLABLE_PROCFS
1065 if (proc_poll_pipe[0] != -1)
1066 proc_poller(tcp->pfd);
1067 else if (nprocs > 1) {
1069 proc_poller(last_pfd);
1070 proc_poller(tcp->pfd);
1072 last_pfd = tcp->pfd;
1073 #endif /* !HAVE_POLLABLE_PROCFS */
1077 #endif /* USE_PROCFS */
1086 for (i = 0; i < tcbtabsize; i++) {
1088 if (pid && tcp->pid != pid)
1090 if (tcp->flags & TCB_INUSE)
1104 for (i = 0; i < tcbtabsize; i++) {
1105 struct tcb *tcp = tcbtab[i];
1106 if (tcp->pfd != pfd)
1108 if (tcp->flags & TCB_INUSE)
1114 #endif /* USE_PROCFS */
1122 #ifdef TCB_CLONE_THREAD
1123 if (tcp->nclone_threads > 0) {
1124 /* There are other threads left in this process, but this
1125 is the one whose PID represents the whole process.
1126 We need to keep this record around as a zombie until
1127 all the threads die. */
1128 tcp->flags |= TCB_EXITING;
1135 if (tcp->parent != NULL) {
1136 tcp->parent->nchildren--;
1137 #ifdef TCB_CLONE_THREAD
1138 if (tcp->flags & TCB_CLONE_DETACHED)
1139 tcp->parent->nclone_detached--;
1140 if (tcp->flags & TCB_CLONE_THREAD)
1141 tcp->parent->nclone_threads--;
1143 #ifdef TCB_CLONE_DETACHED
1144 if (!(tcp->flags & TCB_CLONE_DETACHED))
1146 tcp->parent->nzombies++;
1151 if (tcp->pfd != -1) {
1155 if (tcp->pfd_reg != -1) {
1156 close(tcp->pfd_reg);
1159 if (tcp->pfd_status != -1) {
1160 close(tcp->pfd_status);
1161 tcp->pfd_status = -1;
1163 #endif /* !FREEBSD */
1165 rebuild_pollv(); /* Note, flags needs to be cleared by now. */
1169 if (outfname && followfork > 1 && tcp->outf)
1184 if (!(tcp->flags & TCB_SUSPENDED)) {
1185 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
1188 tcp->flags &= ~TCB_SUSPENDED;
1189 #ifdef TCB_CLONE_THREAD
1190 if (tcp->flags & TCB_CLONE_THREAD)
1191 tcp->parent->nclone_waiting--;
1194 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
1195 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
1200 fprintf(stderr, "Process %u resumed\n", tcp->pid);
1204 #endif /* !USE_PROCFS */
1206 /* detach traced process; continue with sig */
1215 int status, resumed;
1216 struct tcb *zombie = NULL;
1218 /* If the group leader is lingering only because of this other
1219 thread now dying, then detach the leader as well. */
1220 if ((tcp->flags & TCB_CLONE_THREAD) &&
1221 tcp->parent->nclone_threads == 1 &&
1222 (tcp->parent->flags & TCB_EXITING))
1223 zombie = tcp->parent;
1226 if (tcp->flags & TCB_BPTSET)
1231 * Linux wrongly insists the child be stopped
1232 * before detaching. Arghh. We go through hoops
1233 * to make a clean break of things.
1236 #undef PTRACE_DETACH
1237 #define PTRACE_DETACH PTRACE_SUNDETACH
1239 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
1240 /* On a clear day, you can see forever. */
1242 else if (errno != ESRCH) {
1243 /* Shouldn't happen. */
1244 perror("detach: ptrace(PTRACE_DETACH, ...)");
1246 else if (kill(tcp->pid, 0) < 0) {
1248 perror("detach: checking sanity");
1250 else if (kill(tcp->pid, SIGSTOP) < 0) {
1252 perror("detach: stopping child");
1257 if (wait4(tcp->pid, &status, __WALL, NULL) < 0) {
1258 if (errno == ECHILD) /* Already gone. */
1260 if (errno != EINVAL) {
1261 perror("detach: waiting");
1265 /* No __WALL here. */
1266 if (waitpid(tcp->pid, &status, 0) < 0) {
1267 if (errno != ECHILD) {
1268 perror("detach: waiting");
1272 /* If no processes, try clones. */
1273 if (wait4(tcp->pid, &status, __WCLONE,
1275 if (errno != ECHILD)
1276 perror("detach: waiting");
1279 #endif /* __WCLONE */
1284 if (!WIFSTOPPED(status)) {
1285 /* Au revoir, mon ami. */
1288 if (WSTOPSIG(status) == SIGSTOP) {
1289 if ((error = ptrace(PTRACE_DETACH,
1290 tcp->pid, (char *) 1, sig)) < 0) {
1292 perror("detach: ptrace(PTRACE_DETACH, ...)");
1293 /* I died trying. */
1297 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
1298 WSTOPSIG(status) == SIGTRAP ?
1299 0 : WSTOPSIG(status))) < 0) {
1301 perror("detach: ptrace(PTRACE_CONT, ...)");
1309 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
1310 if (sig && kill(tcp->pid, sig) < 0)
1311 perror("detach: kill");
1313 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
1314 perror("detach: ptrace(PTRACE_DETACH, ...)");
1320 /* XXX This won't always be quite right (but it never was).
1321 A waiter with argument 0 or < -1 is waiting for any pid in
1322 a particular pgrp, which this child might or might not be
1323 in. The waiter will only wake up if it's argument is -1
1324 or if it's waiting for tcp->pid's pgrp. It makes a
1325 difference to wake up a waiter when there might be more
1326 traced children, because it could get a false ECHILD
1327 error. OTOH, if this was the last child in the pgrp, then
1328 it ought to wake up and get ECHILD. We would have to
1329 search the system for all pid's in the pgrp to be sure.
1331 && (t->waitpid == -1 ||
1332 (t->waitpid == 0 && getpgid (tcp->pid) == getpgid (t->pid))
1333 || (t->waitpid < 0 && t->waitpid == -getpid (t->pid)))
1337 (tcp->parent->flags & TCB_SUSPENDED) &&
1338 (tcp->parent->waitpid <= 0 || tcp->parent->waitpid == tcp->pid)) {
1339 error = resume(tcp->parent);
1342 #ifdef TCB_CLONE_THREAD
1343 if (tcp->parent && tcp->parent->nclone_waiting > 0) {
1344 /* Some other threads of our parent are waiting too. */
1347 /* Resume all the threads that were waiting for this PID. */
1348 for (i = 0; i < tcbtabsize; i++) {
1349 struct tcb *t = tcbtab[i];
1350 if (t->parent == tcp->parent && t != tcp
1351 && ((t->flags & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1352 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1353 && t->waitpid == tcp->pid) {
1354 error |= resume (t);
1359 /* Noone was waiting for this PID in particular,
1360 so now we might need to resume some wildcarders. */
1361 for (i = 0; i < tcbtabsize; i++) {
1362 struct tcb *t = tcbtab[i];
1363 if (t->parent == tcp->parent && t != tcp
1365 & (TCB_CLONE_THREAD|TCB_SUSPENDED))
1366 == (TCB_CLONE_THREAD|TCB_SUSPENDED))
1369 error |= resume (t);
1376 #endif /* !USE_PROCFS */
1379 fprintf(stderr, "Process %u detached\n", tcp->pid);
1385 error = detach(zombie) || error;
1400 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
1411 #endif /* USE_PROCFS */
1419 for (i = 0; i < tcbtabsize; i++) {
1421 if (!(tcp->flags & TCB_INUSE))
1425 "cleanup: looking at pid %u\n", tcp->pid);
1427 (!outfname || followfork < 2 || tcp_last == tcp)) {
1428 tprintf(" <unfinished ...>\n");
1431 if (tcp->flags & TCB_ATTACHED)
1434 kill(tcp->pid, SIGCONT);
1435 kill(tcp->pid, SIGTERM);
1449 #ifndef HAVE_STRERROR
1451 #if !HAVE_DECL_SYS_ERRLIST
1452 extern int sys_nerr;
1453 extern char *sys_errlist[];
1454 #endif /* HAVE_DECL_SYS_ERRLIST */
1460 static char buf[64];
1462 if (errno < 1 || errno >= sys_nerr) {
1463 sprintf(buf, "Unknown error %d", errno);
1466 return sys_errlist[errno];
1469 #endif /* HAVE_STERRROR */
1471 #ifndef HAVE_STRSIGNAL
1473 #if defined HAVE_SYS_SIGLIST && !defined HAVE_DECL_SYS_SIGLIST
1474 extern char *sys_siglist[];
1476 #if defined HAVE_SYS__SIGLIST && !defined HAVE_DECL__SYS_SIGLIST
1477 extern char *_sys_siglist[];
1484 static char buf[64];
1486 if (sig < 1 || sig >= NSIG) {
1487 sprintf(buf, "Unknown signal %d", sig);
1490 #ifdef HAVE__SYS_SIGLIST
1491 return _sys_siglist[sig];
1493 return sys_siglist[sig];
1497 #endif /* HAVE_STRSIGNAL */
1508 pollv = (struct pollfd *) malloc(nprocs * sizeof pollv[0]);
1509 if (pollv == NULL) {
1510 fprintf(stderr, "%s: out of memory\n", progname);
1514 for (i = j = 0; i < tcbtabsize; i++) {
1515 struct tcb *tcp = tcbtab[i];
1516 if (!(tcp->flags & TCB_INUSE))
1518 pollv[j].fd = tcp->pfd;
1519 pollv[j].events = POLLWANT;
1523 fprintf(stderr, "strace: proc miscount\n");
1528 #ifndef HAVE_POLLABLE_PROCFS
1536 if (pipe(proc_poll_pipe) < 0) {
1540 for (i = 0; i < 2; i++) {
1541 if ((arg = fcntl(proc_poll_pipe[i], F_GETFD)) < 0) {
1545 if (fcntl(proc_poll_pipe[i], F_SETFD, arg|FD_CLOEXEC) < 0) {
1553 proc_poll(pollv, nfds, timeout)
1554 struct pollfd *pollv;
1560 struct proc_pollfd pollinfo;
1562 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1564 if (n != sizeof(struct proc_pollfd)) {
1565 fprintf(stderr, "panic: short read: %d\n", n);
1568 for (i = 0; i < nprocs; i++) {
1569 if (pollv[i].fd == pollinfo.fd)
1570 pollv[i].revents = pollinfo.revents;
1572 pollv[i].revents = 0;
1574 poller_pid = pollinfo.pid;
1588 struct proc_pollfd pollinfo;
1589 struct sigaction sa;
1590 sigset_t blocked_set, empty_set;
1595 struct procfs_status pfs;
1596 #endif /* FREEBSD */
1608 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1610 sigemptyset(&sa.sa_mask);
1611 sigaction(SIGHUP, &sa, NULL);
1612 sigaction(SIGINT, &sa, NULL);
1613 sigaction(SIGQUIT, &sa, NULL);
1614 sigaction(SIGPIPE, &sa, NULL);
1615 sigaction(SIGTERM, &sa, NULL);
1616 sa.sa_handler = wakeup_handler;
1617 sigaction(SIGUSR1, &sa, NULL);
1618 sigemptyset(&blocked_set);
1619 sigaddset(&blocked_set, SIGUSR1);
1620 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1621 sigemptyset(&empty_set);
1623 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1624 perror("getrlimit(RLIMIT_NOFILE, ...)");
1628 for (i = 0; i < n; i++) {
1629 if (i != pfd && i != proc_poll_pipe[1])
1634 pollinfo.pid = getpid();
1637 if (ioctl(pfd, PIOCWSTOP, NULL) < 0)
1639 if (ioctl(pfd, PIOCWSTOP, &pfs) < 0)
1640 #endif /* FREEBSD */
1646 pollinfo.revents = POLLERR;
1649 pollinfo.revents = POLLHUP;
1652 perror("proc_poller: PIOCWSTOP");
1654 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1657 pollinfo.revents = POLLWANT;
1658 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1659 sigsuspend(&empty_set);
1663 #endif /* !HAVE_POLLABLE_PROCFS */
1673 if (followfork < 2 &&
1674 last < nprocs && (pollv[last].revents & POLLWANT)) {
1676 * The previous process is ready to run again. We'll
1677 * let it do so if it is currently in a syscall. This
1678 * heuristic improves the readability of the trace.
1680 tcp = pfd2tcb(pollv[last].fd);
1681 if (tcp && (tcp->flags & TCB_INSYSCALL))
1682 return pollv[last].fd;
1685 for (i = 0; i < nprocs; i++) {
1686 /* Let competing children run round robin. */
1687 j = (i + last + 1) % nprocs;
1688 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1689 tcp = pfd2tcb(pollv[j].fd);
1691 fprintf(stderr, "strace: lost proc\n");
1697 if (pollv[j].revents & POLLWANT) {
1702 fprintf(stderr, "strace: nothing ready\n");
1710 struct tcb *in_syscall = NULL;
1715 int ioctl_result = 0, ioctl_errno = 0;
1720 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1727 #ifndef HAVE_POLLABLE_PROCFS
1728 if (proc_poll_pipe[0] == -1) {
1737 #ifndef HAVE_POLLABLE_PROCFS
1739 /* fall through ... */
1740 #endif /* !HAVE_POLLABLE_PROCFS */
1742 #ifdef HAVE_POLLABLE_PROCFS
1744 /* On some systems (e.g. UnixWare) we get too much ugly
1745 "unfinished..." stuff when multiple proceses are in
1746 syscalls. Here's a nasty hack */
1753 pv.events = POLLWANT;
1754 if ((what = poll (&pv, 1, 1)) < 0) {
1759 else if (what == 1 && pv.revents & POLLWANT) {
1765 if (poll(pollv, nprocs, INFTIM) < 0) {
1770 #else /* !HAVE_POLLABLE_PROCFS */
1771 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1776 #endif /* !HAVE_POLLABLE_PROCFS */
1783 /* Look up `pfd' in our table. */
1784 if ((tcp = pfd2tcb(pfd)) == NULL) {
1785 fprintf(stderr, "unknown pfd: %u\n", pfd);
1791 /* Get the status of the process. */
1794 ioctl_result = IOCTL_WSTOP (tcp);
1796 /* Thanks to some scheduling mystery, the first poller
1797 sometimes waits for the already processed end of fork
1798 event. Doing a non blocking poll here solves the problem. */
1799 if (proc_poll_pipe[0] != -1)
1800 ioctl_result = IOCTL_STATUS (tcp);
1802 ioctl_result = IOCTL_WSTOP (tcp);
1803 #endif /* FREEBSD */
1804 ioctl_errno = errno;
1805 #ifndef HAVE_POLLABLE_PROCFS
1806 if (proc_poll_pipe[0] != -1) {
1807 if (ioctl_result < 0)
1808 kill(poller_pid, SIGKILL);
1810 kill(poller_pid, SIGUSR1);
1812 #endif /* !HAVE_POLLABLE_PROCFS */
1818 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1820 if (ioctl_result < 0) {
1821 /* Find out what happened if it failed. */
1822 switch (ioctl_errno) {
1833 perror("PIOCWSTOP");
1839 if ((tcp->flags & TCB_STARTUP) && (tcp->status.PR_WHY == PR_SYSEXIT)) {
1840 /* discard first event for a syscall we never entered */
1841 IOCTL (tcp->pfd, PIOCRUN, 0);
1846 /* clear the just started flag */
1847 tcp->flags &= ~TCB_STARTUP;
1849 /* set current output file */
1853 struct timeval stime;
1858 if ((len = pread(tcp->pfd_status, buf, sizeof(buf) - 1, 0)) > 0) {
1861 "%*s %*d %*d %*d %*d %*d,%*d %*s %*d,%*d %*d,%*d %ld,%ld",
1862 &stime.tv_sec, &stime.tv_usec);
1864 stime.tv_sec = stime.tv_usec = 0;
1865 #else /* !FREEBSD */
1866 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1867 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1868 #endif /* !FREEBSD */
1869 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1872 what = tcp->status.PR_WHAT;
1873 switch (tcp->status.PR_WHY) {
1876 if (tcp->status.PR_FLAGS & PR_ASLEEP) {
1877 tcp->status.PR_WHY = PR_SYSENTRY;
1878 if (trace_syscall(tcp) < 0) {
1879 fprintf(stderr, "syscall trouble\n");
1884 #endif /* !FREEBSD */
1890 if (trace_syscall(tcp) < 0) {
1891 fprintf(stderr, "syscall trouble\n");
1896 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1898 tprintf("--- %s (%s) ---",
1899 signame(what), strsignal(what));
1902 if (tcp->status.PR_INFO.si_signo == what) {
1904 tprintf(" siginfo=");
1905 printsiginfo(&tcp->status.PR_INFO, 1);
1912 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1914 tprintf("=== FAULT %d ===", what);
1919 case 0: /* handle case we polled for nothing */
1923 fprintf(stderr, "odd stop %d\n", tcp->status.PR_WHY);
1929 if (IOCTL (tcp->pfd, PIOCRUN, &arg) < 0) {
1931 if (IOCTL (tcp->pfd, PIOCRUN, 0) < 0) {
1940 #else /* !USE_PROCFS */
1942 #ifdef TCB_GROUP_EXITING
1943 /* Handle an exit detach or death signal that is taking all the
1944 related clone threads with it. This is called in three circumstances:
1945 SIG == -1 TCP has already died (TCB_ATTACHED is clear, strace is parent).
1946 SIG == 0 Continuing TCP will perform an exit_group syscall.
1947 SIG == other Continuing TCP with SIG will kill the process.
1950 handle_group_exit(struct tcb *tcp, int sig)
1952 /* We need to locate our records of all the clone threads
1953 related to TCP, either its children or siblings. */
1954 struct tcb *leader = ((tcp->flags & TCB_CLONE_THREAD)
1956 : tcp->nclone_detached > 0
1960 if (leader != NULL && leader != tcp &&
1961 !(leader->flags & TCB_GROUP_EXITING))
1963 "PANIC: handle_group_exit: %d leader %d\n",
1964 tcp->pid, leader ? leader->pid : -1);
1965 detach(tcp); /* Already died. */
1968 /* Mark that we are taking the process down. */
1969 tcp->flags |= TCB_EXITING | TCB_GROUP_EXITING;
1970 if (tcp->flags & TCB_ATTACHED) {
1971 if (leader != NULL && leader != tcp) {
1972 if (leader->flags & TCB_ATTACHED) {
1973 /* We need to detach the leader so
1974 that the process death will be
1975 reported to its real parent.
1976 But we kill it first to prevent
1977 it doing anything before we kill
1978 the whole process in a moment.
1979 We can use PTRACE_KILL on a
1980 thread that's not already
1981 stopped. Then the value we pass
1982 in PTRACE_DETACH just sets the
1983 death signal reported to the
1985 ptrace(PTRACE_KILL, leader->pid, 0, 0);
1988 " [%d exit %d kills %d]\n",
1989 tcp->pid, sig, leader->pid);
1990 detach(leader, sig);
1993 leader->flags |= TCB_GROUP_EXITING;
1997 else if (ptrace(PTRACE_CONT, tcp->pid, (char *) 1, sig) < 0) {
1998 perror("strace: ptrace(PTRACE_CONT, ...)");
2004 leader->flags |= TCB_GROUP_EXITING;
2005 if (leader != NULL && leader != tcp)
2007 /* The leader will report to us as parent now,
2008 and then we'll get to the SIG==-1 case. */
2027 static int wait4_options = __WALL;
2031 while (nprocs != 0) {
2033 sigprocmask(SIG_SETMASK, &empty_set, NULL);
2036 pid = wait4(-1, &status, wait4_options, cflag ? &ru : NULL);
2037 if (pid < 0 && (wait4_options & __WALL) && errno == EINVAL) {
2038 /* this kernel does not support __WALL */
2039 wait4_options &= ~__WALL;
2041 pid = wait4(-1, &status, wait4_options,
2042 cflag ? &ru : NULL);
2044 if (pid < 0 && !(wait4_options & __WALL) && errno == ECHILD) {
2045 /* most likely a "cloned" process */
2046 pid = wait4(-1, &status, __WCLONE,
2047 cflag ? &ru : NULL);
2049 fprintf(stderr, "strace: clone wait4 "
2050 "failed: %s\n", strerror(errno));
2054 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
2058 pid = wait(&status);
2062 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
2068 switch (wait_errno) {
2073 * We would like to verify this case
2074 * but sometimes a race in Solbourne's
2075 * version of SunOS sometimes reports
2076 * ECHILD before sending us SIGCHILD.
2081 fprintf(stderr, "strace: proc miscount\n");
2087 perror("strace: wait");
2092 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
2094 /* Look up `pid' in our table. */
2095 if ((tcp = pid2tcb(pid)) == NULL) {
2097 if (followfork || followvfork) {
2098 /* This is needed to go with the CLONE_PTRACE
2099 changes in process.c/util.c: we might see
2100 the child's initial trap before we see the
2101 parent return from the clone syscall.
2102 Leave the child suspended until the parent
2103 returns from its system call. Only then
2104 will we have the association of parent and
2105 child so that we know how to do clearbpt
2107 if (nprocs == tcbtabsize &&
2111 tcp = alloctcb(pid);
2113 kill(pid, SIGKILL); /* XXX */
2116 tcp->flags |= TCB_ATTACHED | TCB_SUSPENDED;
2120 Process %d attached (waiting for parent)\n",
2124 /* This can happen if a clone call used
2125 CLONE_PTRACE itself. */
2128 fprintf(stderr, "unknown pid: %u\n", pid);
2129 if (WIFSTOPPED(status))
2130 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
2134 /* set current output file */
2138 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
2139 tcp->stime = ru.ru_stime;
2143 if (tcp->flags & TCB_SUSPENDED) {
2145 * Apparently, doing any ptrace() call on a stopped
2146 * process, provokes the kernel to report the process
2147 * status again on a subsequent wait(), even if the
2148 * process has not been actually restarted.
2149 * Since we have inspected the arguments of suspended
2150 * processes we end up here testing for this case.
2154 if (WIFSIGNALED(status)) {
2156 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
2158 tprintf("+++ killed by %s %s+++",
2159 signame(WTERMSIG(status)),
2161 WCOREDUMP(status) ? "(core dumped) " :
2166 #ifdef TCB_GROUP_EXITING
2167 handle_group_exit(tcp, -1);
2173 if (WIFEXITED(status)) {
2175 fprintf(stderr, "pid %u exited\n", pid);
2176 if ((tcp->flags & TCB_ATTACHED)
2177 #ifdef TCB_GROUP_EXITING
2178 && !(tcp->parent && (tcp->parent->flags &
2183 "PANIC: attached pid %u exited\n",
2185 if (tcp == tcp_last) {
2186 if ((tcp->flags & (TCB_INSYSCALL|TCB_REPRINT))
2188 tprintf(" <unfinished ... exit status %d>\n",
2189 WEXITSTATUS(status));
2192 #ifdef TCB_GROUP_EXITING
2193 handle_group_exit(tcp, -1);
2199 if (!WIFSTOPPED(status)) {
2200 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
2205 fprintf(stderr, "pid %u stopped, [%s]\n",
2206 pid, signame(WSTOPSIG(status)));
2208 if (tcp->flags & TCB_STARTUP) {
2210 * This flag is there to keep us in sync.
2211 * Next time this process stops it should
2212 * really be entering a system call.
2214 tcp->flags &= ~TCB_STARTUP;
2215 if (tcp->flags & TCB_ATTACHED) {
2217 * Interestingly, the process may stop
2218 * with STOPSIG equal to some other signal
2219 * than SIGSTOP if we happend to attach
2220 * just before the process takes a signal.
2222 if (!WIFSTOPPED(status)) {
2224 "pid %u not stopped\n", pid);
2225 detach(tcp, WSTOPSIG(status));
2231 /* A child of us stopped at exec */
2232 if (WSTOPSIG(status) == SIGTRAP && followvfork)
2236 if (tcp->flags & TCB_BPTSET) {
2237 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
2246 if (WSTOPSIG(status) != SIGTRAP) {
2247 if (WSTOPSIG(status) == SIGSTOP &&
2248 (tcp->flags & TCB_SIGTRAPPED)) {
2250 * Trapped attempt to block SIGTRAP
2251 * Hope we are back in control now.
2253 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
2254 if (ptrace(PTRACE_SYSCALL,
2255 pid, (char *) 1, 0) < 0) {
2256 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2263 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
2264 unsigned long addr = 0, pc = 0;
2265 #if defined(PT_CR_IPSR) && defined(PT_CR_IIP) && defined(PT_GETSIGINFO)
2270 upeek(pid, PT_CR_IPSR, &psr);
2271 upeek(pid, PT_CR_IIP, &pc);
2273 pc += (psr >> PSR_RI) & 0x3;
2274 ptrace(PT_GETSIGINFO, pid, 0, (long) &si);
2275 addr = (unsigned long) si.si_addr;
2276 #elif defined PTRACE_GETSIGINFO
2277 if (WSTOPSIG(status) == SIGSEGV ||
2278 WSTOPSIG(status) == SIGBUS) {
2280 if (ptrace(PTRACE_GETSIGINFO, pid,
2282 addr = (unsigned long)
2287 tprintf("--- %s (%s) @ %lx (%lx) ---",
2288 signame(WSTOPSIG(status)),
2289 strsignal(WSTOPSIG(status)), pc, addr);
2292 if (((tcp->flags & TCB_ATTACHED) ||
2293 tcp->nclone_threads > 0) &&
2294 !sigishandled(tcp, WSTOPSIG(status))) {
2295 #ifdef TCB_GROUP_EXITING
2296 handle_group_exit(tcp, WSTOPSIG(status));
2298 detach(tcp, WSTOPSIG(status));
2302 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
2303 WSTOPSIG(status)) < 0) {
2304 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2308 tcp->flags &= ~TCB_SUSPENDED;
2311 if (trace_syscall(tcp) < 0) {
2312 if (tcp->flags & TCB_ATTACHED)
2316 tcp->pid, (char *) 1, SIGTERM);
2321 if (tcp->flags & TCB_EXITING) {
2322 #ifdef TCB_GROUP_EXITING
2323 if (tcp->flags & TCB_GROUP_EXITING) {
2324 if (handle_group_exit(tcp, 0) < 0)
2329 if (tcp->flags & TCB_ATTACHED)
2331 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
2332 perror("strace: ptrace(PTRACE_CONT, ...)");
2338 if (tcp->flags & TCB_SUSPENDED) {
2340 fprintf(stderr, "Process %u suspended\n", pid);
2344 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
2345 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
2353 #endif /* !USE_PROCFS */
2359 #define VA_START(a, b) va_start(a, b)
2361 #include <varargs.h>
2362 #define VA_START(a, b) va_start(a)
2367 tprintf(const char *fmt, ...)
2369 tprintf(fmt, va_alist)
2376 VA_START(args, fmt);
2378 int n = vfprintf(outf, fmt, args);
2379 if (n < 0 && outf != stderr)
2380 perror(outfname == NULL
2381 ? "<writing to pipe>" : outfname);
2393 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
2394 tcp_last->flags |= TCB_REPRINT;
2395 tprintf(" <unfinished ...>\n");
2398 if ((followfork == 1 || pflag_seen > 1) && outfname)
2399 tprintf("%-5d ", tcp->pid);
2400 else if (nprocs > 1 && !outfname)
2401 tprintf("[pid %5u] ", tcp->pid);
2403 char str[sizeof("HH:MM:SS")];
2404 struct timeval tv, dtv;
2405 static struct timeval otv;
2407 gettimeofday(&tv, NULL);
2409 if (otv.tv_sec == 0)
2411 tv_sub(&dtv, &tv, &otv);
2412 tprintf("%6ld.%06ld ",
2413 (long) dtv.tv_sec, (long) dtv.tv_usec);
2416 else if (tflag > 2) {
2417 tprintf("%ld.%06ld ",
2418 (long) tv.tv_sec, (long) tv.tv_usec);
2421 time_t local = tv.tv_sec;
2422 strftime(str, sizeof(str), "%T", localtime(&local));
2424 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
2426 tprintf("%s ", str);
2438 tprintf("%*s", col - curcol, "");
2449 #ifdef HAVE_MP_PROCFS
2451 int mp_ioctl (int fd, int cmd, void *arg, int size) {
2453 struct iovec iov[2];
2456 iov[0].iov_base = &cmd;
2457 iov[0].iov_len = sizeof cmd;
2460 iov[1].iov_base = arg;
2461 iov[1].iov_len = size;
2464 return writev (fd, iov, n);
projects / strace / blob