Date: Tue, 08 Feb 2005 17:25:25 +0000 From: Chris Hodgins <chodgins@cis.strath.ac.uk> To: Dan Nelson <dnelson@allantgroup.com> Cc: FreeBSD Mailing list <freebsd-questions@freebsd.org> Subject: Re: ktrace as a replacement for strace Message-ID: <4208F605.9060402@cis.strath.ac.uk> In-Reply-To: <20050208162429.GA82752@dan.emsphone.com> References: <20050208115928.GE8619@alzatex.com> <20050208162429.GA82752@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Nelson wrote: > In the last episode (Feb 08), Loren M. Lang said: > >>I'm looking for a replacement for the strace program I used to use on >>linux; freebsd has a port of strace, but it just hangs everytime I >>use it. It looks like the bsd version of strace would be >>ktrace/kdump. I was able to get these to print a trace of the >>program I ran, but it doesn't do all the nice substatuting that >>strace was able to do. Mainly, I just want the first argument of open >>to look like a string instead of a 32 bit pointer that I can't read. >>I'm trying to figure out what files this program is trying to read so >>I can edit it's configuration file. > > > The string in the NAMI line immediately after an open() call is the > filename in kdump output. > > strace actually does work, but I think it's losing a race when it > forks the child process. Try suspending and resuming strace: > > (dan@dan.4) /home/dan> strace date > <hangs here, hit ^Z> > ^Z > zsh: 62219 suspended strace date > [1] + suspended strace date > (dan@dan.4) /home/dan> fg > [1] + continued strace date > execve(0xbfbfdef4, [0xbfbfe3b8], [/* 0 vars */]) = 0 > mmap(0, 3920, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) = 0x28071000 > munmap(0x28071000, 3920) = 0 > ... > > strace hasn't been updated in a while, though, and has problems parsing > newer syscalls. Take a look at the truss command in the base system, > which does about the same thing as strace. Ktrace has the advantage > that it's less intrusive; both strace and truss have to stop the > process to print out data, which really slow it down. > Is truss still being fixed to work without procfs or is ktrace a better replacement? Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4208F605.9060402>