On Wed, 19 May 2010 08:09:50 PDT ron minnich <rminn...@gmail.com> wrote: > > The format arose out of discussions with nemo and others. > > It is a straight text layout of system call params and return. The = > separates the params and return. The format is: > pid textname syscall-name pc [params] = retval errstr > start-nanoseconds end-nanoseconds > > Anything that is a pointer to memory gets printed this way: > pointervalue/"string" > > The string has a '.' printed if isgraph(char) is 0.
One can grok most of this by staring at the syscalltrace output. The small hex value after syscall name -- is it the return pc? Very nice but now some gripes! 0. Name syscalltrace is too long :-) 1. Curiously, an actual errstr is not enclosed in "..". 2. Seems long long values are printed as two numbers (but I haven't checked carefully enough to be sure). 3. Printing . for isgraph(char) loses information. 4. Perhaps buffersize should be settable to deal with args pointing to large areas. 5. Occasional hangs. Not sure what the cause is. What happens if the passed in ptr points to invalid memory? Given 3., in the kernel I would've just copied a binary structure and let the userland worry about any formatting. I "fixed" a few things in syscalltrace (diff below): - strace -c echo boo # extra look up in /bin if needed - strace -c rc -c 'ls /' # allow - args to command - strace -c strace -c echo foo # allow recursive use strace -c rc </dev/null |[2] wc # send trace output to stderr, not stdout. There is still some bug that makes syscalltrace hang, particularly if its output is piped to another process. Trivia: rc makes 192 syscalls, on freebsd $PLAN9/bin/rc makes 157, /bin/sh makes 87, and zsh makes 11259 calls! I can imagine showing syscalls of each traced process on a separate scrolling time line. This will allow one to see timing relationships and call patterns. Zoom to see appropriate scale, click on a call (or select a range) to see call details. Can also show who forks whom, with a connecting line to the new timeline that just popped up for the new process. Color can be used for procs or syscalls. etc. Not sure when/if I will get around to implementing something like this though. -- bakul diff ../syscalltrace/syscalltrace.c ./syscalltrace.c 4a5 > #include <stdio.h> 121c122 < print("%s", s->buf); --- > fprint(2, "%s", s->buf); 151c152 < break; --- > goto done; 155c156 < --- > done: 164a166,170 > if (cmd[0] != '/') { > char* pcmd = malloc(strlen(cmd) + 5); > sprintf(pcmd, "/bin/%s", cmd); > exec(pcmd, args); > }