2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
38 #include <sys/resource.h>
46 #include <sys/stropts.h>
50 int debug = 0, followfork = 0, followvfork = 0, interactive = 0;
51 int rflag = 0, tflag = 0, dtime = 0, cflag = 0;
52 int iflag = 0, xflag = 0, qflag = 0;
55 char *username = NULL;
59 int acolumn = DEFAULT_ACOLUMN;
60 int max_strlen = DEFAULT_STRLEN;
61 char *outfname = NULL;
63 struct tcb tcbtab[MAX_PROCS];
66 extern char version[];
67 extern char **environ;
69 static struct tcb *pid2tcb P((int pid));
70 static int trace P((void));
71 static void cleanup P((void));
72 static void interrupt P((int sig));
73 static sigset_t empty_set, blocked_set;
75 #ifdef HAVE_SIG_ATOMIC_T
76 static volatile sig_atomic_t interrupted;
77 #else /* !HAVE_SIG_ATOMIC_T */
79 static volatile int interrupted;
81 static int interrupted;
82 #endif /* !__STDC__ */
83 #endif /* !HAVE_SIG_ATOMIC_T */
87 static struct tcb *pfd2tcb P((int pfd));
88 static void reaper P((int sig));
89 static void rebuild_pollv P((void));
90 struct pollfd pollv[MAX_PROCS];
92 #ifndef HAVE_POLLABLE_PROCFS
94 static void proc_poll_open P((void));
95 static void proc_poller P((int pfd));
103 static int poller_pid;
104 static int proc_poll_pipe[2] = { -1, -1 };
106 #endif /* !HAVE_POLLABLE_PROCFS */
116 usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]\n\
117 [-p pid] ... [-s strsize] [-u username] [command [arg ...]]\n\
118 or: strace -c [-e expr] ... [-O overhead] [-S sortby] [command [arg ...]]\n\
119 -c -- count time, calls, and errors for each syscall and report summary\n\
120 -f -- follow forks, -ff -- with output into separate files\n\
121 -F -- attempt to follow vforks, -h -- print help message\n\
122 -i -- print instruction pointer at time of syscall\n\
123 -q -- suppress messages about attaching, detaching, etc.\n\
124 -r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs\n\
125 -T -- print time spent in each syscall, -V -- print version\n\
126 -v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args\n\
127 -x -- print non-ascii strings in hex, -xx -- print all strings in hex\n\
128 -a column -- alignment COLUMN for printing syscall results (default %d)\n\
129 -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...\n\
130 options: trace, abbrev, verbose, raw, signal, read, or write\n\
131 -o file -- send trace output to FILE instead of stderr\n\
132 -O overhead -- set overhead for tracing syscalls to OVERHEAD usecs\n\
133 -p pid -- trace process with process id PID, may be repeated\n\
134 -s strsize -- limit length of print strings to STRSIZE chars (default %d)\n\
135 -S sortby -- sort syscall counts by: time, calls, name, nothing (default %s)\n\
136 -u username -- run command as username handling setuid and/or setgid\n\
137 ", DEFAULT_ACOLUMN, DEFAULT_STRLEN, DEFAULT_SORTBY);
161 static char buf[BUFSIZ];
166 qualify("trace=all");
167 qualify("abbrev=all");
168 qualify("verbose=all");
169 qualify("signal=all");
170 set_sortby(DEFAULT_SORTBY);
171 set_personality(DEFAULT_PERSONALITY);
172 while ((c = getopt(argc, argv,
173 "+cdfFhiqrtTvVxa:e:o:O:p:s:S:u:")) != EOF) {
211 qualify("abbrev=none");
214 printf("%s\n", version);
218 acolumn = atoi(optarg);
224 outfname = strdup(optarg);
227 set_overhead(atoi(optarg));
230 if ((pid = atoi(optarg)) == 0) {
231 fprintf(stderr, "%s: Invalid process id: %s\n",
235 if (pid == getpid()) {
236 fprintf(stderr, "%s: I'm sorry, I can't let you do that, Dave.", progname);
239 if ((tcp = alloctcb(pid)) == NULL) {
240 fprintf(stderr, "%s: tcb table full, please recompile strace\n",
244 tcp->flags |= TCB_ATTACHED;
248 max_strlen = atoi(optarg);
254 username = strdup(optarg);
262 /* See if they want to run as another user. */
263 if (username != NULL) {
266 if (getuid() != 0 || geteuid() != 0) {
268 "%s: you must be root to use the -u option\n",
272 if ((pent = getpwnam(username)) == NULL) {
273 fprintf(stderr, "%s: cannot find user `%s'\n",
277 run_uid = pent->pw_uid;
278 run_gid = pent->pw_gid;
286 setreuid(geteuid(), getuid());
289 /* See if they want to pipe the output. */
290 if (outfname && (outfname[0] == '|' || outfname[0] == '!')) {
291 if ((outf = popen(outfname + 1, "w")) == NULL) {
292 fprintf(stderr, "%s: can't popen '%s': %s\n",
293 progname, outfname + 1, strerror(errno));
300 /* Check if they want to redirect the output. */
302 if ((outf = fopen(outfname, "w")) == NULL) {
303 fprintf(stderr, "%s: can't fopen '%s': %s\n",
304 progname, outfname, strerror(errno));
310 setreuid(geteuid(), getuid());
315 setvbuf(outf, buf, _IOLBF, BUFSIZ);
317 else if (optind < argc)
322 for (c = 0, tcp = tcbtab; c < MAX_PROCS; c++, tcp++) {
323 /* Reinitialize the output since it may have changed. */
325 if (!(tcp->flags & TCB_INUSE) || !(tcp->flags & TCB_ATTACHED))
328 if (proc_open(tcp, 1) < 0) {
329 fprintf(stderr, "trouble opening proc file\n");
334 if (ptrace(PTRACE_ATTACH, tcp->pid, (char *) 1, 0) < 0) {
335 perror("attach: ptrace(PTRACE_ATTACH, ...)");
342 "Process %u attached - interrupt to quit\n",
349 char pathname[MAXPATHLEN];
351 filename = argv[optind];
352 if (strchr(filename, '/'))
353 strcpy(pathname, filename);
354 #ifdef USE_DEBUGGING_EXEC
356 * Debuggers customarily check the current directory
357 * first regardless of the path but doing that gives
358 * security geeks a panic attack.
360 else if (stat(filename, &statbuf) == 0)
361 strcpy(pathname, filename);
362 #endif /* USE_DEBUGGING_EXEC */
367 for (path = getenv("PATH"); path && *path; path += m) {
368 if (strchr(path, ':')) {
369 n = strchr(path, ':') - path;
373 m = n = strlen(path);
375 getcwd(pathname, MAXPATHLEN);
376 len = strlen(pathname);
379 strncpy(pathname, path, n);
382 if (len && pathname[len - 1] != '/')
383 pathname[len++] = '/';
384 strcpy(pathname + len, filename);
385 if (stat(pathname, &statbuf) == 0)
389 if (stat(pathname, &statbuf) < 0) {
390 fprintf(stderr, "%s: %s: command not found\n",
394 switch (pid = fork()) {
396 perror("strace: fork");
403 /* Kludge for SGI, see proc_open for details. */
404 sa.sa_handler = foobar;
406 sigemptyset(&sa.sa_mask);
407 sigaction(SIGINT, &sa, NULL);
411 if (ptrace(PTRACE_TRACEME, 0, (char *) 1, 0) < 0) {
412 perror("strace: ptrace(PTRACE_TRACEME, ...)");
416 kill(getpid(), SIGSTOP);
418 if (username != NULL || geteuid() == 0) {
419 uid_t run_euid = run_uid;
420 gid_t run_egid = run_gid;
422 if (statbuf.st_mode & S_ISUID)
423 run_euid = statbuf.st_uid;
424 if (statbuf.st_mode & S_ISGID)
425 run_egid = statbuf.st_gid;
428 * It is important to set groups before we
429 * lose privileges on setuid.
432 && initgroups(username, run_gid) < 0) {
433 perror("initgroups");
436 if (setregid(run_gid, run_egid) < 0) {
440 if (setreuid(run_uid, run_euid) < 0) {
446 setreuid(run_uid, run_uid);
449 execv(pathname, &argv[optind]);
450 perror("strace: exec");
455 if ((tcp = alloctcb(pid)) == NULL) {
456 fprintf(stderr, "tcb table full\n");
461 if (proc_open(tcp, 0) < 0) {
462 fprintf(stderr, "trouble opening proc file\n");
468 fake_execve(tcp, pathname, &argv[optind], environ);
473 else if (pflag_seen == 0)
476 sigemptyset(&empty_set);
477 sigemptyset(&blocked_set);
478 sa.sa_handler = SIG_IGN;
479 sigemptyset(&sa.sa_mask);
481 sigaction(SIGTTOU, &sa, NULL);
482 sigaction(SIGTTIN, &sa, NULL);
484 sigaddset(&blocked_set, SIGHUP);
485 sigaddset(&blocked_set, SIGINT);
486 sigaddset(&blocked_set, SIGQUIT);
487 sigaddset(&blocked_set, SIGPIPE);
488 sigaddset(&blocked_set, SIGTERM);
489 sa.sa_handler = interrupt;
491 /* POSIX signals on sunos4.1 are a little broken. */
492 sa.sa_flags = SA_INTERRUPT;
495 sigaction(SIGHUP, &sa, NULL);
496 sigaction(SIGINT, &sa, NULL);
497 sigaction(SIGQUIT, &sa, NULL);
498 sigaction(SIGPIPE, &sa, NULL);
499 sigaction(SIGTERM, &sa, NULL);
501 sa.sa_handler = reaper;
502 sigaction(SIGCHLD, &sa, NULL);
515 char name[MAXPATHLEN];
518 if (outfname && followfork > 1) {
519 sprintf(name, "%s.%u", outfname, tcp->pid);
521 setreuid(geteuid(), getuid());
523 fp = fopen(name, "w");
525 setreuid(geteuid(), getuid());
543 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
544 if ((tcp->flags & TCB_INUSE) == 0) {
548 tcp->flags = TCB_INUSE | TCB_STARTUP;
549 tcp->outf = outf; /* Initialise to current out file */
550 tcp->stime.tv_sec = 0;
551 tcp->stime.tv_usec = 0;
563 proc_open(tcp, attaching)
569 sysset_t sc_enter, sc_exit;
575 #ifndef HAVE_POLLABLE_PROCFS
579 /* Open the process pseudo-file in /proc. */
580 sprintf(proc, "/proc/%d", tcp->pid);
581 if ((tcp->pfd = open(proc, O_RDWR|O_EXCL)) < 0) {
582 perror("strace: open(\"/proc/...\", ...)");
588 * Wait for the child to pause. Because of a race
589 * condition we have to poll for the event.
592 if (ioctl(tcp->pfd, PIOCSTATUS, &tcp->status) < 0) {
593 perror("strace: PIOCSTATUS");
596 if (tcp->status.pr_flags & PR_ASLEEP)
600 /* Stop the process so that we own the stop. */
601 if (ioctl(tcp->pfd, PIOCSTOP, &tcp->status) < 0) {
602 perror("strace: PIOCSTOP");
605 if ((arg = fcntl(tcp->pfd, F_GETFD)) < 0) {
609 if (fcntl(tcp->pfd, F_SETFD, arg|FD_CLOEXEC) < 0) {
614 /* Set Run-on-Last-Close. */
616 if (ioctl(tcp->pfd, PIOCSET, &arg) < 0) {
617 perror("PIOCSET PR_RLC");
620 /* Set or Reset Inherit-on-Fork. */
622 if (ioctl(tcp->pfd, followfork ? PIOCSET : PIOCRESET, &arg) < 0) {
623 perror("PIOC{SET,RESET} PR_FORK");
627 if (ioctl(tcp->pfd, PIOCSRLC) < 0) {
631 if (ioctl(tcp->pfd, followfork ? PIOCSFORK : PIOCRFORK) < 0) {
632 perror("PIOC{S,R}FORK");
635 #endif /* !PIOCSET */
636 /* Enable all syscall entries. */
637 prfillset(&sc_enter);
638 if (ioctl(tcp->pfd, PIOCSENTRY, &sc_enter) < 0) {
639 perror("PIOCSENTRY");
642 /* Enable all syscall exits. */
644 if (ioctl(tcp->pfd, PIOCSEXIT, &sc_exit) < 0) {
648 /* Enable all signals. */
650 if (ioctl(tcp->pfd, PIOCSTRACE, &signals) < 0) {
651 perror("PIOCSTRACE");
654 /* Enable all faults. */
656 if (ioctl(tcp->pfd, PIOCSFAULT, &faults) < 0) {
657 perror("PIOCSFAULT");
663 * The SGI PRSABORT doesn't work for pause() so
664 * we send it a caught signal to wake it up.
666 kill(tcp->pid, SIGINT);
668 /* The child is in a pause(), abort it. */
669 run.pr_flags = PRSABORT;
670 if (ioctl(tcp->pfd, PIOCRUN, &run) < 0) {
676 /* Wait for the child to do something. */
677 if (ioctl(tcp->pfd, PIOCWSTOP, &tcp->status) < 0) {
681 if (tcp->status.pr_why == PR_SYSENTRY) {
682 #ifdef HAVE_PR_SYSCALL
683 int scno = tcp->status.pr_syscall;
684 #else /* !HAVE_PR_SYSCALL */
685 int scno = tcp->status.pr_what;
686 #endif /* !HAVE_PR_SYSCALL */
687 if (scno == SYS_execve)
690 /* Set it running: maybe execve will be next. */
691 if (ioctl(tcp->pfd, PIOCRUN, NULL) < 0) {
697 #ifndef HAVE_POLLABLE_PROCFS
698 if (proc_poll_pipe[0] != -1)
699 proc_poller(tcp->pfd);
700 else if (nprocs > 1) {
702 proc_poller(last_pfd);
703 proc_poller(tcp->pfd);
706 #endif /* !HAVE_POLLABLE_PROCFS */
719 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
720 if (pid && tcp->pid != pid)
722 if (tcp->flags & TCB_INUSE)
737 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
740 if (tcp->flags & TCB_INUSE)
757 if (tcp->pfd != -1) {
764 if (tcp->parent != NULL) {
765 tcp->parent->nchildren--;
769 if (tcp->outf != stderr)
784 if (!(tcp->flags & TCB_SUSPENDED)) {
785 fprintf(stderr, "PANIC: pid %u not suspended\n", tcp->pid);
788 tcp->flags &= ~TCB_SUSPENDED;
790 if (ptrace(PTRACE_SYSCALL, tcp->pid, (char *) 1, 0) < 0) {
791 perror("resume: ptrace(PTRACE_SYSCALL, ...)");
796 fprintf(stderr, "Process %u resumed\n", tcp->pid);
802 /* detach traced process; continue with sig */
814 if (tcp->flags & TCB_BPTSET)
819 * Linux wrongly insists the child be stopped
820 * before detaching. Arghh. We go through hoops
821 * to make a clean break of things.
825 #define PTRACE_DETACH PTRACE_SUNDETACH
827 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) == 0) {
828 /* On a clear day, you can see forever. */
830 else if (errno != ESRCH) {
831 /* Shouldn't happen. */
832 perror("detach: ptrace(PTRACE_DETACH, ...)");
834 else if (kill(tcp->pid, 0) < 0) {
836 perror("detach: checking sanity");
838 else if (kill(tcp->pid, SIGSTOP) < 0) {
840 perror("detach: stopping child");
844 if (waitpid(tcp->pid, &status, 0) < 0) {
846 perror("detach: waiting");
849 if (!WIFSTOPPED(status)) {
850 /* Au revoir, mon ami. */
853 if (WSTOPSIG(status) == SIGSTOP) {
854 if ((error = ptrace(PTRACE_DETACH,
855 tcp->pid, (char *) 1, sig)) < 0) {
857 perror("detach: ptrace(PTRACE_DETACH, ...)");
862 if ((error = ptrace(PTRACE_CONT, tcp->pid, (char *) 1,
863 WSTOPSIG(status) == SIGTRAP ?
864 0 : WSTOPSIG(status))) < 0) {
866 perror("detach: ptrace(PTRACE_CONT, ...)");
874 /* PTRACE_DETACH won't respect `sig' argument, so we post it here. */
875 if (sig && kill(tcp->pid, sig) < 0)
876 perror("detach: kill");
878 if ((error = ptrace(PTRACE_DETACH, tcp->pid, (char *) 1, sig)) < 0)
879 perror("detach: ptrace(PTRACE_DETACH, ...)");
883 if (waiting_parent(tcp))
884 error = resume(tcp->parent);
888 fprintf(stderr, "Process %u detached\n", tcp->pid);
903 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
922 for (i = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
923 if (!(tcp->flags & TCB_INUSE))
927 "cleanup: looking at pid %u\n", tcp->pid);
929 (!outfname || followfork < 2 || tcp_last == tcp)) {
930 tprintf(" <unfinished ...>\n");
933 if (tcp->flags & TCB_ATTACHED)
936 kill(tcp->pid, SIGCONT);
937 kill(tcp->pid, SIGTERM);
951 #ifndef HAVE_STRERROR
953 #ifndef SYS_ERRLIST_DECLARED
955 extern char *sys_errlist[];
956 #endif /* SYS_ERRLIST_DECLARED */
964 if (errno < 1 || errno >= sys_nerr) {
965 sprintf(buf, "Unknown error %d", errno);
968 return sys_errlist[errno];
971 #endif /* HAVE_STERRROR */
973 #ifndef HAVE_STRSIGNAL
975 #ifndef SYS_SIGLIST_DECLARED
976 #ifdef HAVE__SYS_SIGLIST
977 extern char *_sys_siglist[];
979 extern char *sys_siglist[];
981 #endif /* SYS_SIGLIST_DECLARED */
989 if (sig < 1 || sig >= NSIG) {
990 sprintf(buf, "Unknown signal %d", sig);
993 #ifdef HAVE__SYS_SIGLIST
994 return _sys_siglist[sig];
996 return sys_siglist[sig];
1000 #endif /* HAVE_STRSIGNAL */
1010 for (i = j = 0, tcp = tcbtab; i < MAX_PROCS; i++, tcp++) {
1011 if (!(tcp->flags & TCB_INUSE))
1013 pollv[j].fd = tcp->pfd;
1014 pollv[j].events = POLLPRI;
1018 fprintf(stderr, "strace: proc miscount\n");
1023 #ifndef HAVE_POLLABLE_PROCFS
1031 if (pipe(proc_poll_pipe) < 0) {
1035 for (i = 0; i < 2; i++) {
1036 if ((arg = fcntl(proc_poll_pipe[i], F_GETFD)) < 0) {
1040 if (fcntl(proc_poll_pipe[i], F_SETFD, arg|FD_CLOEXEC) < 0) {
1048 proc_poll(pollv, nfds, timeout)
1049 struct pollfd *pollv;
1055 struct proc_pollfd pollinfo;
1057 if ((n = read(proc_poll_pipe[0], &pollinfo, sizeof(pollinfo))) < 0)
1059 if (n != sizeof(struct proc_pollfd)) {
1060 fprintf(stderr, "panic: short read: %d\n", n);
1063 for (i = 0; i < nprocs; i++) {
1064 if (pollv[i].fd == pollinfo.fd)
1065 pollv[i].revents = pollinfo.revents;
1067 pollv[i].revents = 0;
1069 poller_pid = pollinfo.pid;
1083 struct proc_pollfd pollinfo;
1084 struct sigaction sa;
1085 sigset_t blocked_set, empty_set;
1100 sa.sa_handler = interactive ? SIG_DFL : SIG_IGN;
1102 sigemptyset(&sa.sa_mask);
1103 sigaction(SIGHUP, &sa, NULL);
1104 sigaction(SIGINT, &sa, NULL);
1105 sigaction(SIGQUIT, &sa, NULL);
1106 sigaction(SIGPIPE, &sa, NULL);
1107 sigaction(SIGTERM, &sa, NULL);
1108 sa.sa_handler = wakeup_handler;
1109 sigaction(SIGUSR1, &sa, NULL);
1110 sigemptyset(&blocked_set);
1111 sigaddset(&blocked_set, SIGUSR1);
1112 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1113 sigemptyset(&empty_set);
1115 if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
1116 perror("getrlimit(RLIMIT_NOFILE, ...)");
1120 for (i = 0; i < n; i++) {
1121 if (i != pfd && i != proc_poll_pipe[1])
1126 pollinfo.pid = getpid();
1128 if (ioctl(pfd, PIOCWSTOP, NULL) < 0) {
1133 pollinfo.revents = POLLERR;
1136 pollinfo.revents = POLLHUP;
1139 perror("proc_poller: PIOCWSTOP");
1141 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1144 pollinfo.revents = POLLPRI;
1145 write(proc_poll_pipe[1], &pollinfo, sizeof(pollinfo));
1146 sigsuspend(&empty_set);
1150 #endif /* !HAVE_POLLABLE_PROCFS */
1160 if (followfork < 2 &&
1161 last < nprocs && (pollv[last].revents & POLLPRI)) {
1163 * The previous process is ready to run again. We'll
1164 * let it do so if it is currently in a syscall. This
1165 * heuristic improves the readability of the trace.
1167 tcp = pfd2tcb(pollv[last].fd);
1168 if (tcp && (tcp->flags & TCB_INSYSCALL))
1169 return pollv[last].fd;
1172 for (i = 0; i < nprocs; i++) {
1173 /* Let competing children run round robin. */
1174 j = (i + last + 1) % nprocs;
1175 if (pollv[j].revents & (POLLHUP | POLLERR)) {
1176 tcp = pfd2tcb(pollv[j].fd);
1178 fprintf(stderr, "strace: lost proc\n");
1184 if (pollv[j].revents & POLLPRI) {
1189 fprintf(stderr, "strace: nothing ready\n");
1199 int ioctl_result = 0, ioctl_errno = 0;
1203 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1210 #ifndef HAVE_POLLABLE_PROCFS
1211 if (proc_poll_pipe[0] == -1) {
1220 #ifndef HAVE_POLLABLE_PROCFS
1222 /* fall through ... */
1223 #endif /* !HAVE_POLLABLE_PROCFS */
1225 #ifdef HAVE_POLLABLE_PROCFS
1226 if (poll(pollv, nprocs, INFTIM) < 0) {
1231 #else /* !HAVE_POLLABLE_PROCFS */
1232 if (proc_poll(pollv, nprocs, INFTIM) < 0) {
1237 #endif /* !HAVE_POLLABLE_PROCFS */
1244 /* Look up `pfd' in our table. */
1245 if ((tcp = pfd2tcb(pfd)) == NULL) {
1246 fprintf(stderr, "unknown pfd: %u\n", pfd);
1249 /* Get the status of the process. */
1251 ioctl_result = ioctl(tcp->pfd, PIOCWSTOP,
1253 ioctl_errno = errno;
1254 #ifndef HAVE_POLLABLE_PROCFS
1255 if (proc_poll_pipe[0] != -1) {
1256 if (ioctl_result < 0)
1257 kill(poller_pid, SIGKILL);
1259 kill(poller_pid, SIGUSR1);
1261 #endif /* !HAVE_POLLABLE_PROCFS */
1267 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1269 if (ioctl_result < 0) {
1270 /* Find out what happened if it failed. */
1271 switch (ioctl_errno) {
1279 perror("PIOCWSTOP");
1284 /* clear the just started flag */
1285 tcp->flags &= ~TCB_STARTUP;
1287 /* set current output file */
1291 struct timeval stime;
1293 stime.tv_sec = tcp->status.pr_stime.tv_sec;
1294 stime.tv_usec = tcp->status.pr_stime.tv_nsec/1000;
1295 tv_sub(&tcp->dtime, &stime, &tcp->stime);
1299 what = tcp->status.pr_what;
1300 switch (tcp->status.pr_why) {
1302 if (tcp->status.pr_flags & PR_ASLEEP) {
1303 tcp->status.pr_why = PR_SYSENTRY;
1304 if (trace_syscall(tcp) < 0) {
1305 fprintf(stderr, "syscall trouble\n");
1312 if (trace_syscall(tcp) < 0) {
1313 fprintf(stderr, "syscall trouble\n");
1318 if (!cflag && (qual_flags[what] & QUAL_SIGNAL)) {
1320 tprintf("--- %s (%s) ---",
1321 signame(what), strsignal(what));
1326 if (!cflag && (qual_flags[what] & QUAL_FAULT)) {
1328 tprintf("=== FAULT %d ===", what);
1333 fprintf(stderr, "odd stop %d\n", tcp->status.pr_why);
1337 if (ioctl(tcp->pfd, PIOCRUN, NULL) < 0) {
1358 while (nprocs != 0) {
1360 sigprocmask(SIG_SETMASK, &empty_set, NULL);
1362 pid = wait4(-1, &status, 0, cflag ? &ru : NULL);
1365 pid = wait(&status);
1369 sigprocmask(SIG_BLOCK, &blocked_set, NULL);
1375 switch (wait_errno) {
1380 * We would like to verify this case
1381 * but sometimes a race in Solbourne's
1382 * version of SunOS sometimes reports
1383 * ECHILD before sending us SIGCHILD.
1388 fprintf(stderr, "strace: proc miscount\n");
1394 perror("strace: wait");
1399 fprintf(stderr, " [wait(%#x) = %u]\n", status, pid);
1401 /* Look up `pid' in our table. */
1402 if ((tcp = pid2tcb(pid)) == NULL) {
1403 fprintf(stderr, "unknown pid: %u\n", pid);
1404 if (WIFSTOPPED(status))
1405 ptrace(PTRACE_CONT, pid, (char *) 1, 0);
1408 /* set current output file */
1412 tv_sub(&tcp->dtime, &ru.ru_stime, &tcp->stime);
1413 tcp->stime = ru.ru_stime;
1417 if (tcp->flags & TCB_SUSPENDED) {
1419 * Apparently, doing any ptrace() call on a stopped
1420 * process, provokes the kernel to report the process
1421 * status again on a subsequent wait(), even if the
1422 * process has not been actually restarted.
1423 * Since we have inspected the arguments of suspended
1424 * processes we end up here testing for this case.
1428 if (WIFSIGNALED(status)) {
1430 && (qual_flags[WTERMSIG(status)] & QUAL_SIGNAL)) {
1432 tprintf("+++ killed by %s +++",
1433 signame(WTERMSIG(status)));
1439 if (WIFEXITED(status)) {
1441 fprintf(stderr, "pid %u exited\n", pid);
1442 if (tcp->flags & TCB_ATTACHED)
1444 "PANIC: attached pid %u exited\n",
1449 if (!WIFSTOPPED(status)) {
1450 fprintf(stderr, "PANIC: pid %u not stopped\n", pid);
1455 fprintf(stderr, "pid %u stopped, [%s]\n",
1456 pid, signame(WSTOPSIG(status)));
1458 if (tcp->flags & TCB_STARTUP) {
1460 * This flag is there to keep us in sync.
1461 * Next time this process stops it should
1462 * really be entering a system call.
1464 tcp->flags &= ~TCB_STARTUP;
1465 if (tcp->flags & TCB_ATTACHED) {
1467 * Interestingly, the process may stop
1468 * with STOPSIG equal to some other signal
1469 * than SIGSTOP if we happend to attach
1470 * just before the process takes a signal.
1472 if (!WIFSTOPPED(status)) {
1474 "pid %u not stopped\n", pid);
1475 detach(tcp, WSTOPSIG(status));
1481 /* A child of us stopped at exec */
1482 if (WSTOPSIG(status) == SIGTRAP && followvfork)
1486 if (tcp->flags & TCB_BPTSET) {
1487 if (clearbpt(tcp) < 0) /* Pretty fatal */ {
1496 if (WSTOPSIG(status) != SIGTRAP) {
1497 if (WSTOPSIG(status) == SIGSTOP &&
1498 (tcp->flags & TCB_SIGTRAPPED)) {
1500 * Trapped attempt to block SIGTRAP
1501 * Hope we are back in control now.
1503 tcp->flags &= ~(TCB_INSYSCALL | TCB_SIGTRAPPED);
1504 if (ptrace(PTRACE_SYSCALL,
1505 pid, (char *) 1, 0) < 0) {
1506 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1513 && (qual_flags[WSTOPSIG(status)] & QUAL_SIGNAL)) {
1515 tprintf("--- %s (%s) ---",
1516 signame(WSTOPSIG(status)),
1517 strsignal(WSTOPSIG(status)));
1520 if ((tcp->flags & TCB_ATTACHED) &&
1521 !sigishandled(tcp, WSTOPSIG(status))) {
1522 detach(tcp, WSTOPSIG(status));
1525 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1,
1526 WSTOPSIG(status)) < 0) {
1527 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1531 tcp->flags &= ~TCB_SUSPENDED;
1534 if (trace_syscall(tcp) < 0) {
1535 if (tcp->flags & TCB_ATTACHED)
1539 tcp->pid, (char *) 1, SIGTERM);
1544 if (tcp->flags & TCB_EXITING) {
1545 if (tcp->flags & TCB_ATTACHED)
1547 else if (ptrace(PTRACE_CONT, pid, (char *) 1, 0) < 0) {
1548 perror("strace: ptrace(PTRACE_CONT, ...)");
1554 if (tcp->flags & TCB_SUSPENDED) {
1556 fprintf(stderr, "Process %u suspended\n", pid);
1560 if (ptrace(PTRACE_SYSCALL, pid, (char *) 1, 0) < 0) {
1561 perror("trace: ptrace(PTRACE_SYSCALL, ...)");
1575 #define VA_START(a, b) va_start(a, b)
1577 #include <varargs.h>
1578 #define VA_START(a, b) va_start(a)
1583 tprintf(const char *fmt, ...)
1585 tprintf(fmt, va_alist)
1592 VA_START(args, fmt);
1594 curcol += vfprintf(outf, fmt, args);
1603 if (tcp_last && (!outfname || followfork < 2 || tcp_last == tcp)) {
1604 tcp_last->flags |= TCB_REPRINT;
1605 tprintf(" <unfinished ...>\n");
1608 if ((followfork == 1 || pflag_seen > 1) && outfname)
1609 tprintf("%-5d ", tcp->pid);
1610 else if (nprocs > 1 && !outfname)
1611 tprintf("[pid %5u] ", tcp->pid);
1613 char str[sizeof("HH:MM:SS")];
1614 struct timeval tv, dtv;
1615 static struct timeval otv;
1617 gettimeofday(&tv, NULL);
1619 if (otv.tv_sec == 0)
1621 tv_sub(&dtv, &tv, &otv);
1622 tprintf("%6ld.%06ld ",
1623 (long) dtv.tv_sec, (long) dtv.tv_usec);
1626 else if (tflag > 2) {
1627 tprintf("%ld.%06ld ",
1628 (long) tv.tv_sec, (long) tv.tv_usec);
1631 time_t local = tv.tv_sec;
1632 strftime(str, sizeof(str), "%T", localtime(&local));
1634 tprintf("%s.%06ld ", str, (long) tv.tv_usec);
1636 tprintf("%s ", str);
1648 tprintf("%*s", col - curcol, "");