I was making a few changes in the dhcpagent command and on testing, it sort of fails. Now I know which function is being called in the end before dhcpagent exits. I want to trace the control from dhcpagent to that particular function lets say foo().I am looking for who called foo() and who called that function and so on, like a family tree, from dhcpagent to foo(). How do I do this ? I have very basic knowledge of dtrace, like how to construct a basic script, but no more. Could you suggest a script/resource from where I can learn and write the script myself ?
What I did try:
pid$target::functionname:entry //and the target was dhcpagent from the command line
Thanks
I think the following script can help you:
#!/usr/sbin/dtrace -Fs
pid$target:::entry,
pid$target:::return
{
}
In the above script, it can print how the function is called. But the output maybe awesome large!
If you only cared about dhcpagent module, I think the following script is a better choice:
#!/usr/sbin/dtrace -Fs
pid$target:dhcpagent::entry,
pid$target:dhcpagent::return
{
}
Related
I have a huge project that is creating a lot of files and folders that I want to track them.
In order to debug the code, I would like to replace a system call behavior to check what is going on.
My idea is to hook a new function in the same place where the system call is being used and see the behavior of the application, after it has started. To be more clear, here is an example of what I need:
The application is creating a annoying folder like /tmp/annoying_folder. So I would like to intercept every mkdir system call and check if the it's argument is the annoying_folder and if it is the case, force it to return an error, so I can locate which process is doing this and also know it's stack call.
What I have tried up to now is using LD_PRELOAD, which is not working in the case of this application, because it is doing direct system calls, instead of going through libc.
I'm having trouble using gdb, because I'm not sure which process is doing these calls, because the application is started by a script that calls multiple other processes.
Through strace I'm able to see the mkdir call that I'm looking for, but it doesn't help me much, because I need to also know the stack trace call of the application to figure out where is the code that is generating this.
So one option that thought to be interesting is to use LD_PRELOAD to load a library with a constructor function that would change the hook point of mkdir and redirect it to my custom function. But I need directions on how to do that for Linux system calls.
Do someone knows how to change System calls function pointers at runtime?
I wasn't able to intercept those system calls as I expected, but I've found an interesting workaround with stap utility.
I've created the following script:
#! /bin/stap -g
probe nd_syscall.mkdir.return {
folder_name = user_string(#entry(pointer_arg(1)), "-");
folder_name_prefix = substr(folder_name, 0, 9);
if(folder_name_prefix == "/tmp/test") {
printf("[%d] [%d] [%16s] [%s]\n", uid(), pid(), execname(), folder_name);
raise(%{ SIGSTOP %});
}
Then I was able to send a signal stop to the process and after that connect gdb to analyze the application stack trace.
Assuming that in a project written by C, there is a function named A and a function named B.
How can I verify if the function A could be in the call tree of function B? Just like B->C->D->...->A .
This question came when I was thinking about which libvirt API may invoke the qemu qmp "query-block". Since qmp "query-block" is only called by function qemuMonitorJSONQueryBlock. So this specific question becomes: How can I find which libvirt API may invoke qemuMonitorJSONQueryBlock?
I think dynamic analysis is hard to answer that question because lots of tests are required. It should be a question of static analysis. But I could find proper tools or methods to solve it. At last I summarize the question as the first paragraph.
You can try CppDepend and its code query language to create some advanced queries about the dependencies, In you case you can use a query like this one
from m in Methods
let depth0 = m.DepthOfIsUsedBy("__Globals.B()")
where depth0 >= 0 && m.SimpleName=="A" orderby depth0
select new { m, depth0 }
You can use GNU cflow utility which analyzes a collection of source files written in C programming language and outputs a graph charting dependencies between various functions
I think dynamic analysis is hard to answer that question because lots of tests are required. It should be a question of static analysis. But I could find proper tools or methods to solve it. At last I summarize the question as the first paragraph.
That's true, basically because you can call functions that you have never linked in your program. with the dlopen(3) function and friends, you can dynamically link to your program a completely unknown function and be able to call it. There's no way to check if the pointer to a function is actually storing a valid pointer and to see if, as a result, it will be called or not (or if it is in the call graph of some initial function)
I find cscope can help solve the question. It is a
is a developer's tool for browsing source code. It can get the caller of a function by following:
1. Change to the source code directory, then generate the cscope database file named cscope.out
cd libvirt
cscope -bR
Find the callers of func1 by cscope:
cscope -d -f cscope.out -L3 func1, then 2nd column is the callers of this function. For example:
cscope -d -f./cscope.out -L3 qemuMigrationDstPrepareDirect
The result:
src/qemu/qemu_driver.c ATTRIBUTE_NONNULL 12487 ret = qemuMigrationDstPrepareDirect(driver, dconn,
src/qemu/qemu_driver.c qemuDomainMigratePrepare2 12487 ret = qemuMigrationDstPrepareDirect(driver, dconn,
src/qemu/qemu_driver.c qemuDomainMigratePrepare3 12722 ret = qemuMigrationDstPrepareDirect(driver, dconn,
src/qemu/qemu_driver.c qemuDomainMigratePrepare3Params 12809 ret = qemuMigrationDstPrepareDirect(driver, dconn,
Note that: cscope will mistakenly regard function attribute declarement ATTRIBUTE_* as callers. We should skip them.
Then recursively find the caller of the a function. At last select the target B->...->A call trace.
doxygen can generate call graphs and caller graphs. If you configure it for an unlimited number of calls in a graph, you will be able to get the information you need.
For a class assignment we needed to write a compiler. This includes an optimizer portion. In other words, we take in a file with some "code". An output file is generated. In the second step we take in the outputted code and remove any "dead" code and re-output to a second file. I have some problems with the optimizer portion and would like to use gdb. But I can't get gdb to operate properly with the input and output files arguments. The way we would normally run the optimizer is:
./optimize <tinyL.out> optimized.out
where tinyL.out is the file outputted in the first step and optimized.out is the file I want to output with the new optimized and compiled code.
I have searched Google for the solution and the tips I have found do not seem to work for my situation. Most people seem to want to only accept an input file and not output a separate file as I need to do.
Any help is appreciated (of course)
I'm not exactly sure what you're asking. But since I'm not yet able to comment everywhere, I write this answer with a guess and edit/delete if necessary.
When GDB is started and before you start the program you wish to debug, set the arguments you want to use with set args.
A reference to the documentation.
You just need to do the file redirection within gdb.
gdb ./optimize
(gdb) run < tinyL.out > optimized.out
https://stackoverflow.com/a/2388594/5657035
I have some problems when I do simulation for my Simulink program, it says
_outpw() function not defined
Should i try to find some other function to replace it?
I have put this head source (conio.h) in the Matlab folder, but it doesn't work.
I have some C++ code like this that I'm stepping through with GDB:
void foo(int num) { ... }
void main() {
Baz baz;
foo (baz.get());
}
When I'm in main(), I want to step into foo(), but I want to step over baz.get().
The GDB docs say that "the step command only enters a function if there is line number information for the function", so I'd be happy if I could remove the line number information for baz.get() from my executable. But ideally, I'd be able to tell GDB "never step into any function in the Baz class".
Does anyone know how to do this?
Starting with GDB 7.4, skip can be used.
Run info skip, or check out the manual for details: https://sourceware.org/gdb/onlinedocs/gdb/Skipping-Over-Functions-and-Files.html
Instead of choosing to "step", you can use the "until" command to usually behave in the way that you desire:
(gdb) until foo
I don't know of any way to permanently configure gdb to skip certain symbols (aside from eliding their debugging information).
Edit: actually, the GDB documentation states that you can't use until to jump to locations that aren't in the same frame. I don't think this is true, but in the event that it is, you can use advance for the same purpose:
(gdb) advance foo
Page 85 of the GDB manual defines what can be used as "location" arguments for commands that take them. Just putting "foo" will make it look for a function named foo, so as long as it can find it, you should be fine. Alternatively you're stuck typing things like the filename:linenum for foo, in which case you might just be better off setting a breakpoint on foo and using continue to advance to it.
(I think this might be better suited as a comment rather than an answer, but I don't have enough reputation to add a comment yet.)
So I've also been wanting to ignore STL, Boost, et al (collectively '3rd Party') files when debugging for a while. Yesterday I finally decided to look for a solution and it seems the nearest capability is the 'skip' command in GDB.
I found the 'skip' ability in GDB to be helpful, but it's still a nuisance for me because my program uses a lot of STL and other "3rd Party" template code. In this case I have to mark a bunch of files as skip. After the 2nd time doing so I realized it would be more helpful to be able to skip an entire directory--and most helpful to skip a directory and all subdirectories. That way I can skip, for example, /usr since none of my code lives there and I typically have no interest in debugging through 3rd party code. So I extended the 'skip' command in gdb to support a new type 'dir'. I can now do this in gdb:
skip dir /usr
and then I'm never stopped in any of my 3rd party headers.
Here's a webpage w/ this info + the patch if it helps anyone: info & patch to skip directories in GDB
It appears that this isn't possible in GDB. I've filed a bug.
Meanwhile, gdb has the skip function command. Just execute it when you are inside the uninteresting function and it will not bother you again.
skip file is also very useful to get rid of the STL internals.
As Justin has said, it has been added in gdb 7.4. For more details, take a look at the documentation.