Re: ktrace as a replacement for strace

• Previous message: Chad Morland: "Best JDK for performance?"
• In reply to: Dan Nelson: "Re: ktrace as a replacement for strace"
• Next in thread: Dan Nelson: "Re: ktrace as a replacement for strace"
• Reply: Dan Nelson: "Re: ktrace as a replacement for strace"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 08 Feb 2005 17:25:25 +0000
To: Dan Nelson <dnelson@allantgroup.com>

Dan Nelson wrote:
> In the last episode (Feb 08), Loren M. Lang said:
>
>>I'm looking for a replacement for the strace program I used to use on
>>linux; freebsd has a port of strace, but it just hangs everytime I
>>use it. It looks like the bsd version of strace would be
>>ktrace/kdump. I was able to get these to print a trace of the
>>program I ran, but it doesn't do all the nice substatuting that
>>strace was able to do. Mainly, I just want the first argument of open
>>to look like a string instead of a 32 bit pointer that I can't read.
>>I'm trying to figure out what files this program is trying to read so
>>I can edit it's configuration file.
>
>
> The string in the NAMI line immediately after an open() call is the
> filename in kdump output.
>
> strace actually does work, but I think it's losing a race when it
> forks the child process. Try suspending and resuming strace:
>
> (dan@dan.4) /home/dan> strace date
> <hangs here, hit ^Z>
> ^Z
> zsh: 62219 suspended strace date
> [1] + suspended strace date
> (dan@dan.4) /home/dan> fg
> [1] + continued strace date
> execve(0xbfbfdef4, [0xbfbfe3b8], [/* 0 vars */]) = 0
> mmap(0, 3920, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) = 0x28071000
> munmap(0x28071000, 3920) = 0
> ...
>
> strace hasn't been updated in a while, though, and has problems parsing
> newer syscalls. Take a look at the truss command in the base system,
> which does about the same thing as strace. Ktrace has the advantage
> that it's less intrusive; both strace and truss have to stop the
> process to print out data, which really slow it down.
>

Is truss still being fixed to work without procfs or is ktrace a better
replacement?

Chris
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Chad Morland: "Best JDK for performance?"
• In reply to: Dan Nelson: "Re: ktrace as a replacement for strace"
• Next in thread: Dan Nelson: "Re: ktrace as a replacement for strace"
• Reply: Dan Nelson: "Re: ktrace as a replacement for strace"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: /dev/random on linux, openssh 3.2.3p1 ... A simple trace (truss, strace, ktrace, etc.) to see if SSH is reading ... (comp.security.ssh) Re: /dev/random on linux, openssh 3.2.3p1 ... A simple trace (truss, strace, ktrace, etc.) to see if SSH is reading ... (comp.security.ssh) Re: Better ktrace ? ... > Is there anything better than ktrace? ... More like truss or strace? ... > interested in the details of socket calls like connect and send. ... There's strace, I suppose, but although there's a FreeBSD port for it it ... (uk.comp.sys.mac) Re: strace hard lock ... Well, normally, one would use truss or ktrace, since strace isn't ... part of the base system. ... (FreeBSD-Security) Re: CPU model, processor type via C ... > tracking the system calls via truss or strace. ... No truss, and strace on HP-UX is for streams. ... tusc online. ... (comp.sys.hp.hpux)