This is the mail archive of the mailing list for the frysk project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: System call number cached with help from SyscallObserver

>>>>> "Mark" == Mark Wielaard <> writes:

Mark> What is precisely the use case? When does a SyscallObserver want to get
Mark> at the syscall number (or arguments) on exit?

Here's one example:

Mark> Can we assume that a
Mark> SyscallObserver will record Enter/Exit pairs themselves? If so then a
Mark> SyscallObserver should probably have saved the syscall number and any
Mark> arguments it is interested in on updateSyscallEnter() so it can use them
Mark> in updateSyscallExit(). Then when updateSyscallExit() is called the only
Mark> "valid" thing to query is the return value.

Speaking as a user of this API... I'm definitely surprised to find out
that this wouldn't work on syscall exit.  Of course, this isn't so bad
if the restrictions are documented, and preferably enforced in the
implementation.  E.g., it wouldn't be too bad to have to call
cacheArgumentData() and then have getArguments() fail if the syscall
exited and this was not called.  (BTW, getArguments is wrongly named
afaics, since it actually fetches a single argument...)

Having the user store the data by hand is certainly possible.
However, there are a few ugly bits.  For instance, currently there's
no public info about the number and types of syscall arguments.

Also in my hacked ftrace I was able to get the appended exception.
>From what I can tell I can't even fetch the Syscall object in the
updateSyscallExit callback.

I got this by tracing bash and running 'ls'; when ls exits I get the

Also once I get this exception the traced process seems to be in a
weird state... I tried tracing this bash again, and the bash becomes
non-responsive (as if the ptrace attach succeeded), but the new ftrace
instance prints nothing.  To see this I think you'd need my ftrace
with '-p' support.


29084.29084 <SYSCALL> sigreturn ()Exception in thread "Thread-1" java.lang.RuntimeException: Negative syscall number: -1
   at frysk.proc.Syscall.syscallByNum(
   at frysk.proc.LinuxIa32Syscall.syscallByNum(
   at frysk.proc.LinuxIa32$1.getSyscall(
   at frysk.ftrace.Ftrace$SyscallObserver.updateSyscallExit(
   at frysk.proc.Task.notifySyscallExit(
   at frysk.proc.TaskState$Running.handleSyscalledEvent(
   at frysk.proc.Task.processSyscalledEvent(
   at frysk.proc.LinuxHost$PollWaitOnSigChld$2.syscallEvent(
   at frysk.sys.Wait.waitAllNoHang(Wait.cxx:230)
   at frysk.proc.LinuxHost$PollWaitOnSigChld.execute(
   at frysk.event.EventLoop.runEventLoop(

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]