Print this page
9842 man page typos and spelling
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1/truss.1
+++ new/usr/src/man/man1/truss.1
1 1 '\" te
2 2 .\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" Copyright 1989 AT&T
4 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 7 .TH TRUSS 1 "Jul 31, 2004"
8 8 .SH NAME
9 9 truss \- trace system calls and signals
10 10 .SH SYNOPSIS
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
11 11 .LP
12 12 .nf
13 13 \fBtruss\fR [\fB-fcaeildDE\fR] [\fB-\fR [tTvx] [!] \fIsyscall\fR ,...]
14 14 [\fB-\fR [sS] [!] \fIsignal\fR ,...] [\fB-\fR [mM] [!] \fIfault\fR ,...]
15 15 [\fB-\fR [rw] [!] \fIfd\fR ,...]
16 16 [\fB-\fR [uU] [!] \fIlib\fR ,... : [:] [!] \fIfunc\fR ,...]
17 17 [\fB-o\fR \fIoutfile\fR] \fIcommand\fR | \fB-p\fR \fIpid\fR[\fI/lwps\fR]...
18 18 .fi
19 19
20 20 .SH DESCRIPTION
21 -.sp
22 21 .LP
23 22 The \fBtruss\fR utility executes the specified command and produces a trace of
24 23 the system calls it performs, the signals it receives, and the machine faults
25 24 it incurs. Each line of the trace output reports either the fault or signal
26 25 name or the system call name with its arguments and return value(s). System
27 26 call arguments are displayed symbolically when possible using defines from
28 27 relevant system headers. For any path name pointer argument, the pointed-to
29 28 string is displayed. Error returns are reported using the error code names
30 29 described in \fBIntro\fR(3). If, in the case of an error, the kernel reports a
31 30 missing privilege, a privilege name as described in \fBprivileges\fR(5) is
32 31 reported in square brackets (\fB[ ]\fR) after the error code name.
33 32 .sp
34 33 .LP
35 34 Optionally (see the \fB-u\fR option), \fBtruss\fR also produce an entry/exit
36 35 trace of user-level function calls executed by the traced process, indented to
37 36 indicate nesting.
38 37 .SH OPTIONS
39 -.sp
40 38 .LP
41 39 For those options that take a list argument, the name \fBall\fR can be used as
42 40 a shorthand to specify all possible members of the list. If the list begins
43 41 with a \fB!\fR, the meaning of the option is negated (for example, exclude
44 42 rather than trace). Multiple occurrences of the same option can be specified.
45 43 For the same name in a list, subsequent options (those to the right) override
46 44 previous ones (those to the left).
47 45 .sp
48 46 .LP
49 47 The following options are supported:
50 48 .sp
51 49 .ne 2
52 50 .na
53 51 \fB\fB-a\fR\fR
54 52 .ad
55 53 .sp .6
56 54 .RS 4n
57 55 Shows the argument strings that are passed in each \fBexec()\fR system call.
58 56 .RE
59 57
60 58 .sp
61 59 .ne 2
62 60 .na
63 61 \fB\fB-c\fR\fR
64 62 .ad
65 63 .sp .6
66 64 .RS 4n
67 65 Counts traced system calls, faults, and signals rather than displaying the
68 66 trace line-by-line. A summary report is produced after the traced command
69 67 terminates or when \fBtruss\fR is interrupted. If \fB-f\fR is also specified,
70 68 the counts include all traced system calls, faults, and signals for child
71 69 processes.
72 70 .RE
73 71
74 72 .sp
75 73 .ne 2
76 74 .na
77 75 \fB\fB-d\fR\fR
78 76 .ad
79 77 .sp .6
80 78 .RS 4n
81 79 Includes a time stamp on each line of trace output. The time stamp appears as a
82 80 field containing \fIseconds\fR\|.\|\fIfraction\fR at the start of the line.
83 81 This represents a time in seconds relative to the beginning of the trace. The
84 82 first line of the trace output shows the base time from which the individual
85 83 time stamps are measured, both as seconds since the epoch (see \fBtime\fR(2))
86 84 and as a date string (see \fBctime\fR(3C) and \fBdate\fR(1)). The times that
87 85 are reported are the times that the event in question occurred. For all system
88 86 calls, the event is the completion of the system call, not the start of the
89 87 system call.
90 88 .RE
91 89
92 90 .sp
93 91 .ne 2
94 92 .na
95 93 \fB\fB-D\fR\fR
96 94 .ad
97 95 .sp .6
98 96 .RS 4n
99 97 Includes a time delta on each line of trace output. The value appears as a
100 98 field containing \fIseconds\fR\|.\|\fIfraction\fR and represents the elapsed
101 99 time for the \fBLWP\fR that incurred the event since the last reported event
102 100 incurred by that \fBLWP.\fR Specifically, for system calls, this is not the
103 101 time spent within the system call.
104 102 .RE
105 103
106 104 .sp
107 105 .ne 2
108 106 .na
109 107 \fB\fB-e\fR\fR
110 108 .ad
111 109 .sp .6
112 110 .RS 4n
113 111 Shows the environment strings that are passed in each \fBexec()\fR system call.
114 112 .RE
115 113
116 114 .sp
117 115 .ne 2
118 116 .na
119 117 \fB\fB-E\fR\fR
120 118 .ad
121 119 .sp .6
122 120 .RS 4n
123 121 Includes a time delta on each line of trace output. The value appears as a
124 122 field containing \fIseconds\fR\fB\&.\fR\fIfraction\fR and represents the
125 123 difference in time elapsed between the beginning and end of a system call.
126 124 .sp
127 125 In contrast to the \fB-D\fR option, this is the amount of time spent within
128 126 the system call.
129 127 .RE
130 128
131 129 .sp
132 130 .ne 2
133 131 .na
134 132 \fB\fB-f\fR\fR
135 133 .ad
136 134 .sp .6
137 135 .RS 4n
138 136 Follows all children created by \fBfork()\fR or \fBvfork()\fR and includes
139 137 their signals, faults, and system calls in the trace output. Normally, only the
140 138 first-level command or process is traced. When \fB-f\fR is specified, the
141 139 process-id is included with each line of trace output to indicate which process
142 140 executed the system call or received the signal.
143 141 .RE
144 142
145 143 .sp
146 144 .ne 2
147 145 .na
148 146 \fB\fB-i\fR\fR
149 147 .ad
150 148 .sp .6
151 149 .RS 4n
152 150 Does not display interruptible sleeping system calls. Certain system calls,
153 151 such as \fBopen()\fR and \fBread()\fR on terminal devices or pipes, can sleep
154 152 for indefinite periods and are interruptible. Normally, \fBtruss\fR reports
155 153 such sleeping system calls if they remain asleep for more than one second. The
156 154 system call is reported again a second time when it completes. The \fB-i\fR
157 155 option causes such system calls to be reported only once, when they complete.
158 156 .RE
159 157
160 158 .sp
161 159 .ne 2
162 160 .na
163 161 \fB\fB-l\fR\fR
164 162 .ad
165 163 .sp .6
166 164 .RS 4n
167 165 Includes the id of the responsible lightweight process (\fILWP\fR) with each
168 166 line of trace output. If \fB-f\fR is also specified, both the process-id and
169 167 the LWP-id are included.
170 168 .RE
171 169
172 170 .sp
173 171 .ne 2
174 172 .na
175 173 \fB\fB-m\fR [\fB!\fR]\fIfault\fR,...\fR
176 174 .ad
177 175 .sp .6
178 176 .RS 4n
179 177 Machine faults to trace or exclude. Those faults specified in the
180 178 comma-separated list are traced. Faults can be specified by name or number (see
181 179 \fB<sys/fault.h>\fR). If the list begins with a \fB!\fR, the specified faults
182 180 are excluded from the trace output. Default is \fB-mall\fR \fB-m\fR
183 181 \fB!fltpage\fR.
184 182 .RE
185 183
186 184 .sp
187 185 .ne 2
188 186 .na
189 187 \fB\fB-M\fR [\fB!\fR]\fIfault\fR,...\fR
190 188 .ad
191 189 .sp .6
192 190 .RS 4n
193 191 Machine faults that stop the process. The specified faults are added to the set
194 192 specified by \fB-m\fR. If one of the specified faults is incurred, \fBtruss\fR
195 193 leaves the process stopped and abandoned (see the \fB-T\fR option). Default is
196 194 \fB\fR\fB-M\fR\fB!all\fR.
197 195 .RE
198 196
199 197 .sp
200 198 .ne 2
201 199 .na
202 200 \fB\fB-o\fR \fIoutfile\fR\fR
203 201 .ad
204 202 .sp .6
205 203 .RS 4n
206 204 File to be used for the trace output. By default, the output goes to standard
207 205 error.
208 206 .RE
209 207
210 208 .sp
211 209 .ne 2
212 210 .na
213 211 \fB\fB-p\fR\fR
214 212 .ad
215 213 .sp .6
216 214 .RS 4n
217 215 Interprets the \fIcommand\fR arguments to \fBtruss\fR as a list of process-ids
218 216 for existing processes (see \fBps\fR(1)) rather than as a command to be
219 217 executed. \fBtruss\fR takes control of each process and begins tracing it
220 218 provided that the userid and groupid of the process match those of the user or
221 219 that the user is a privileged user. Users can trace only selected threads by
222 220 appending \fB/\fR\fIthread-id\fR to the process-id. Mutiple threads can be
223 221 selected using the \fB-\fR and \fB,\fR delimiters. For example \fB/1,2,7-9\fR
224 222 traces threads \fB1\fR, \fB2\fR, \fB7\fR, \fB8\fR, and \fB9\fR. Processes can
225 223 also be specified by their names in the \fB/proc\fR directory, for example,
226 224 \fB/proc/12345\fR.
227 225 .RE
228 226
229 227 .sp
230 228 .ne 2
231 229 .na
232 230 \fB\fB-r\fR [\fB!\fR]\fIfd\fR,...\fR
233 231 .ad
234 232 .sp .6
235 233 .RS 4n
236 234 Shows the full contents of the \fBI/O\fR buffer for each \fBread()\fR on any of
237 235 the specified file descriptors. The output is formatted 32 bytes per line and
238 236 shows each byte as an \fBASCII\fR character (preceded by one blank) or as a
239 237 2-character C language escape sequence for control characters such as
240 238 horizontal tab (\|\e\|t) and newline (\|\e\|n). If \fBASCII\fR interpretation
241 239 is not possible, the byte is shown in 2-character hexadecimal representation.
242 240 (The first 12 bytes of the \fBI/O\fR buffer for each traced \fBprint >read()\fR
243 241 are shown even in the absence of \fB-r\fR.) Default is
244 242 \fB\fR\fB-r\fR\fB!all\fR.
245 243 .RE
246 244
247 245 .sp
248 246 .ne 2
249 247 .na
250 248 \fB\fB-s\fR [\fB!\fR]\fIsignal\fR,...\fR
251 249 .ad
252 250 .sp .6
253 251 .RS 4n
254 252 Signals to trace or exclude. Those signals specified in the comma-separated
255 253 list are traced. The trace output reports the receipt of each specified signal,
256 254 even if the signal is being ignored (not blocked). (Blocked signals are not
257 255 received until they are unblocked.) Signals can be specified by name or number
258 256 (see \fB<sys/signal.h>\fR). If the list begins with a \fB!\fR, the specified
259 257 signals are excluded from the trace output. Default is \fB-sall\fR.
260 258 .RE
261 259
262 260 .sp
263 261 .ne 2
264 262 .na
265 263 \fB\fB-S\fR [\fB!\fR]\fIsignal\fR,...\fR
266 264 .ad
267 265 .sp .6
268 266 .RS 4n
269 267 Signals that stop the process. The specified signals are added to the set
270 268 specified by \fB-s\fR. If one of the specified signals is received, \fBtruss\fR
271 269 leaves the process stopped and abandoned (see the \fB-T\fR option). Default is
272 270 \fB\fR\fB-S\fR\fB!all\fR.
273 271 .RE
274 272
275 273 .sp
276 274 .ne 2
277 275 .na
278 276 \fB\fB-t\fR [\fB!\fR]\fIsyscall\fR,...\fR
279 277 .ad
280 278 .sp .6
281 279 .RS 4n
282 280 System calls to trace or exclude. Those system calls specified in the
283 281 comma-separated list are traced. If the list begins with a \fB!\fR, the
284 282 specified system calls are excluded from the trace output. Default is
285 283 \fB-tall\fR.
286 284 .RE
287 285
288 286 .sp
289 287 .ne 2
290 288 .na
291 289 \fB\fB-T\fR [\fB!\fR]\fIsyscall\fR,...\fR
292 290 .ad
293 291 .sp .6
294 292 .RS 4n
295 293 Specifies system calls that stop the process. The specified system calls are
296 294 added to the set specified by \fB-t\fR. If one of the specified system calls is
297 295 encountered, \fBtruss\fR leaves the process stopped and abandoned. That is,
298 296 \fBtruss\fR releases the process and exits but leaves the process in the
299 297 stopped state at completion of the system call in question. A debugger or other
300 298 process inspection tool (see \fBproc\fR(1)) can then be applied to the stopped
301 299 process. \fBtruss\fR can be reapplied to the stopped process with the same or
302 300 different options to continue tracing. Default is \fB\fR\fB-T\fR\fB!all\fR.
303 301 .sp
304 302 A process left stopped in this manner cannot be restarted by the application of
305 303 \fBkill\fR \fB-CONT\fR because it is stopped on an event of interest via
306 304 \fB/proc\fR, not by the default action of a stopping signal (see
307 305 \fBsignal.h\fR(3HEAD)). The \fBprun\fR(1) command described in \fBproc\fR(1)
308 306 can be used to set the stopped process running again.
309 307 .RE
310 308
311 309 .sp
312 310 .ne 2
313 311 .na
314 312 \fB\fB-u\fR
315 313 [\fB!\fR]\fIlib\fR,...\fB:\fR[\fB:\fR][\fB!\fR]\fIfunc\fR,\|.\|.\|.\fR
316 314 .ad
317 315 .sp .6
318 316 .RS 4n
319 317 User-level function call tracing. \fIlib\fR,\|.\|.\|. is a comma-separated list
320 318 of dynamic library names, excluding the ``\fB\&.so.\fR\fIn\fR'' suffix.
321 319 \fIfunc\fR,\|.\|.\|. is a comma-separated list of function names. In both cases
322 320 the names can include name-matching metacharacters \fB*\fR,\fB?\fR,\fB[]\fR
323 321 with the same meanings as those of \fBsh\fR(1) but as applied to the
324 322 library/function name spaces, not to files. An empty library or function list
325 323 defaults to \fB*\fR, trace all libraries or functions in a library. A leading
326 324 \fB!\fR on either list specifies an exclusion list, names of libraries or
327 325 functions not to be traced. Excluding a library excludes all functions in that
328 326 library; any function list following a library exclusion list is ignored.
329 327 .sp
330 328 A single \fB:\fR separating the library list from the function list means to
331 329 trace calls into the libraries from outside the libraries, but omit calls made
332 330 to functions in a library from other functions in the same library. A double
333 331 \fB:\|:\fR means to trace all calls, regardless of origin.
334 332 .sp
335 333 Library patterns do not match either the executable file or the dynamic linker
336 334 unless there is an exact match (\fBl*\fR does not match \fBld.so.1\fR). To
337 335 trace functions in either of these objects, the names must be specified
338 336 exactly, as in:
339 337 .sp
340 338 .in +2
341 339 .nf
342 340 \fBtruss -u a.out -u ld ...\fR
343 341 .fi
344 342 .in -2
345 343 .sp
346 344
347 345 \fBa.out\fR is the literal name to be used for this purpose; it does not stand
348 346 for the name of the executable file. Tracing \fBa.out\fR function calls implies
349 347 all calls (default is \fB::\fR).
350 348 .sp
351 349 Multiple \fB-u\fR options can be specified and they are honored left-to-right.
352 350 The id of the thread that performed the function call is included in the trace
353 351 output for the call. \fBtruss\fR searches the dynamic symbol table in each
354 352 library to find function names and also searches the standard symbol table if
355 353 it has not been stripped.
356 354 .RE
357 355
358 356 .sp
359 357 .ne 2
360 358 .na
361 359 \fB\fB-U\fR
362 360 [\fB!\fR]\fIlib\fR,\|.\|.\|.\|\fB:\fR[\fB:\fR][\fB!\fR]\fIfunc\fR,\|.\|.\|.\fR
363 361 .ad
364 362 .sp .6
365 363 .RS 4n
366 364 User-level function calls that stop the process. The specified functions are
367 365 added to the set specified by \fB-u\fR. If one of the specified functions is
368 366 called, \fBtruss\fR leaves the process stopped and abandoned (see the \fB-T\fR
369 367 option).
370 368 .RE
371 369
372 370 .sp
373 371 .ne 2
374 372 .na
375 373 \fB\fB-v\fR [\fB!\fR]\fIsyscall\fR,...\fR
376 374 .ad
377 375 .sp .6
378 376 .RS 4n
379 377 Verbose. Displays the contents of any structures passed by address to the
380 378 specified system calls (if traced by \fB-t\fR). Input values as well as values
381 379 returned by the operating system are shown. For any field used as both input
382 380 and output, only the output value is shown. Default is
383 381 \fB\fR\fB-v\fR\fB!all\fR.
384 382 .RE
385 383
386 384 .sp
387 385 .ne 2
388 386 .na
389 387 \fB\fB-w\fR [\fB!\fR]\fIfd\fR,...\fR
390 388 .ad
391 389 .sp .6
392 390 .RS 4n
393 391 Shows the contents of the I/O buffer for each \fBwrite()\fR on any of the
394 392 specified file descriptors (see the \fB-r\fR option). Default is
395 393 \fB\fR\fB-w\fR\fB!all\fR.
396 394 .RE
397 395
398 396 .sp
399 397 .ne 2
400 398 .na
401 399 \fB\fB-x\fR [\fB!\fR]\fIsyscall\fR,...\fR
402 400 .ad
403 401 .sp .6
404 402 .RS 4n
405 403 Displays the arguments to the specified system calls (if traced by \fB-t\fR) in
406 404 raw form, usually hexadecimal, rather than symbolically. This is for unredeemed
407 405 hackers who must see the raw bits to be happy. Default is
408 406 \fB\fR\fB-x\fR\fB!all\fR.
409 407 .RE
410 408
411 409 .sp
412 410 .LP
413 411 See \fIman pages section 2: System Calls\fR for system call names accepted by
414 412 the \fB-t\fR, \fB-T\fR, \fB-v\fR, and \fB-x\fR options. System call numbers are
415 413 also accepted.
416 414 .sp
417 415 .LP
418 416 If \fBtruss\fR is used to initiate and trace a specified command and if the
419 417 \fB-o\fR option is used or if standard error is redirected to a non-terminal
420 418 file, then \fBtruss\fR runs with hangup, interrupt, and quit signals ignored.
421 419 This facilitates tracing of interactive programs that catch interrupt and quit
422 420 signals from the terminal.
423 421 .sp
424 422 .LP
425 423 If the trace output remains directed to the terminal, or if existing processes
426 424 are traced (the \fB-p\fR option), then \fBtruss\fR responds to hangup,
427 425 interrupt, and quit signals by releasing all traced processes and exiting. This
428 426 enables the user to terminate excessive trace output and to release
429 427 previously-existing processes. Released processes continue normally, as though
430 428 they had never been touched.
431 429 .SH EXAMPLES
432 430 .LP
433 431 \fBExample 1 \fRTracing a Command
434 432 .sp
435 433 .LP
436 434 The following example produces a trace of the \fBfind\fR(1) command on the
437 435 terminal:
438 436
439 437 .sp
440 438 .in +2
441 439 .nf
442 440 example$ \fBtruss find . -print >find.out\fR
443 441 .fi
444 442 .in -2
445 443 .sp
446 444
447 445 .LP
448 446 \fBExample 2 \fRTracing Common System Calls
449 447 .sp
450 448 .LP
451 449 The following example shows only a trace of the open, close, read, and write
452 450 system calls:
453 451
454 452 .sp
455 453 .in +2
456 454 .nf
457 455 example$ \fBtruss -t open,close,read,write find . -print >find.out\fR
458 456 .fi
459 457 .in -2
460 458 .sp
461 459
462 460 .LP
463 461 \fBExample 3 \fRTracing a Shell Script
464 462 .sp
465 463 .LP
466 464 The following example produces a trace of the \fBspell\fR(1) command on the
467 465 file \fBtruss.out\fR:
468 466
469 467 .sp
470 468 .in +2
471 469 .nf
472 470 example$ \fBtruss -f -o truss.out spell \fIdocument\fR\fR
473 471 .fi
474 472 .in -2
475 473 .sp
476 474
|
↓ open down ↓ |
427 lines elided |
↑ open up ↑ |
477 475 .sp
478 476 .LP
479 477 \fBspell\fR is a shell script, so the \fB-f\fR flag is needed to trace not only
480 478 the shell but also the processes created by the shell. (The spell script runs a
481 479 pipeline of eight processes.)
482 480
483 481 .LP
484 482 \fBExample 4 \fRAbbreviating Output
485 483 .sp
486 484 .LP
487 -The following example abreviates output:
485 +The following example abbreviates output:
488 486
489 487 .sp
490 488 .in +2
491 489 .nf
492 490 example$ \fBtruss nroff -mm \fIdocument\fR >nroff.out\fR
493 491 .fi
494 492 .in -2
495 493 .sp
496 494
497 495 .sp
498 496 .LP
499 497 because 97% of the output reports \fBlseek()\fR, \fBread()\fR, and
500 498 \fBwrite()\fR system calls. To abbreviate it:
501 499
502 500 .sp
503 501 .in +2
504 502 .nf
505 503 example$ \fBtruss -t !lseek,read,write nroff -mm \fIdocument\fR >nroff.out\fR
506 504 .fi
507 505 .in -2
508 506 .sp
509 507
510 508 .LP
511 509 \fBExample 5 \fRTracing Library Calls From Outside the C Library
512 510 .sp
513 511 .LP
514 512 The following example traces all user-level calls made to any function in the C
515 513 library from outside the C library:
516 514
517 515 .sp
518 516 .in +2
519 517 .nf
520 518 example$ \fBtruss -u libc ...\fR
521 519 .fi
522 520 .in -2
523 521 .sp
524 522
525 523 .LP
526 524 \fBExample 6 \fRTracing library calls from within the C library
527 525 .sp
528 526 .LP
529 527 The following example includes calls made to functions in the C library from
530 528 within the C library itself:
531 529
532 530 .sp
533 531 .in +2
534 532 .nf
535 533 example$ \fBtruss -u libc:: ...\fR
536 534 .fi
537 535 .in -2
538 536 .sp
539 537
540 538 .LP
541 539 \fBExample 7 \fRTracing Library Calls Other Than the C Library
542 540 .sp
543 541 .LP
544 542 The following example traces all user-level calls made to any library other
545 543 than the C library:
546 544
547 545 .sp
548 546 .in +2
549 547 .nf
550 548 example$ \fBtruss -u '*' -u !libc ...\fR
551 549 .fi
552 550 .in -2
553 551 .sp
554 552
555 553 .LP
556 554 \fBExample 8 \fRTracing \fBprintf\fR and \fBscanf\fR Function Calls
557 555 .sp
558 556 .LP
559 557 The following example traces all user-level calls to functions in the printf
560 558 and scanf family contained in the C library:
561 559
562 560 .sp
563 561 .in +2
564 562 .nf
565 563 example$ \fBtruss -u 'libc:*printf,*scanf' ...\fR
566 564 .fi
567 565 .in -2
568 566 .sp
569 567
570 568 .LP
571 569 \fBExample 9 \fRTracing Every User-level Function Call
572 570 .sp
573 571 .LP
574 572 The following example traces every user-level function call from anywhere to
575 573 anywhere:
576 574
577 575 .sp
578 576 .in +2
579 577 .nf
580 578 example$ \fBtruss -u a.out -u ld:: -u :: ...\fR
581 579 .fi
582 580 .in -2
583 581 .sp
584 582
585 583 .LP
586 584 \fBExample 10 \fRTracing a System Call Verbosely
587 585 .sp
588 586 .LP
589 587 The following example verbosely traces the system call activity of process #1,
590 588 \fBinit\fR(1M) (if you are a privileged user):
591 589
592 590 .sp
593 591 .in +2
594 592 .nf
|
↓ open down ↓ |
97 lines elided |
↑ open up ↑ |
595 593 example# \fBtruss -p -v all 1\fR
596 594 .fi
597 595 .in -2
598 596 .sp
599 597
600 598 .sp
601 599 .LP
602 600 Interrupting \fBtruss\fR returns \fBinit\fR to normal operation.
603 601
604 602 .SH FILES
605 -.sp
606 603 .ne 2
607 604 .na
608 605 \fB\fB/proc/*\fR\fR
609 606 .ad
610 607 .RS 11n
611 608 Process files
612 609 .RE
613 610
614 611 .SH SEE ALSO
615 -.sp
616 612 .LP
617 613 \fBdate\fR(1), \fBfind\fR(1), \fBproc\fR(1), \fBps\fR(1), \fBsh\fR(1),
618 614 \fBspell\fR(1), \fBinit\fR(1M), \fBIntro\fR(3), \fBexec\fR(2), \fBfork\fR(2),
619 615 \fBlseek\fR(2), \fBopen\fR(2), \fBread\fR(2), \fBtime\fR(2), \fBvfork\fR(2),
620 616 \fBwrite\fR(2), \fBctime\fR(3C), \fBsignal.h\fR(3HEAD), \fBproc\fR(4),
621 617 \fBattributes\fR(5), \fBprivileges\fR(5), \fBthreads\fR(5)
622 618 .sp
623 619 .LP
624 620 \fIman pages section 2: System Calls\fR
625 621 .SH NOTES
626 -.sp
627 622 .LP
628 623 Some of the system calls described in \fIman pages section 2: System Calls\fR
629 624 differ from the actual operating system interfaces. Do not be surprised by
630 625 minor deviations of the trace output from the descriptions in that document.
631 626 .sp
632 627 .LP
633 628 Every machine fault (except a page fault) results in the posting of a signal to
634 629 the \fBLWP\fR that incurred the fault. A report of a received signal
635 630 immediately follows each report of a machine fault (except a page fault) unless
636 631 that signal is being blocked.
637 632 .sp
638 633 .LP
639 634 The operating system enforces certain security restrictions on the tracing of
640 635 processes. In particular, any command whose object file (\fBa.out\fR) cannot be
641 636 read by a user cannot be traced by that user; set-uid and set-gid commands can
642 637 be traced only by a privileged user. Unless it is run by a privileged user,
643 638 \fBtruss\fR loses control of any process that performs an \fBexec()\fR of a
644 639 set-id or unreadable object file; such processes continue normally, though
645 640 independently of \fBtruss\fR, from the point of the \fBexec()\fR.
646 641 .sp
647 642 .LP
648 643 To avoid collisions with other controlling processes, \fBtruss\fR does not
649 644 trace a process that it detects is being controlled by another process via the
650 645 \fB/proc\fR interface. This allows \fBtruss\fR to be applied to
651 646 \fBproc\fR(4)-based debuggers as well as to another instance of itself.
652 647 .sp
653 648 .LP
654 649 The trace output contains tab characters under the assumption that standard tab
655 650 stops are set (every eight positions).
656 651 .sp
657 652 .LP
658 653 The trace output for multiple processes or for a multithreaded process (one
659 654 that contains more than one \fBLWP)\fR is not produced in strict time order.
660 655 For example, a \fBread()\fR on a pipe can be reported before the corresponding
661 656 \fBwrite()\fR. For any one \fBLWP\fR (a traditional process contains only one),
662 657 the output is strictly time-ordered.
663 658 .sp
664 659 .LP
665 660 When tracing more than one process, \fBtruss\fR runs as one controlling process
666 661 for each process being traced. For the example of the \fBspell\fR command shown
667 662 above, \fBspell\fR itself uses 9 process slots, one for the shell and 8 for the
668 663 8-member pipeline, while \fBtruss\fR adds another 9 processes, for a total of
669 664 18.
670 665 .sp
671 666 .LP
672 667 Not all possible structures passed in all possible system calls are displayed
673 668 under the \fB-v\fR option.
|
↓ open down ↓ |
37 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX