> On Oct 23, 2014, at 6:11 AM, Nan Xiao via dtrace-discuss
> <dtrace-discuss@lists.dtrace.org> wrote:
>
> I am using DTrace to debug a signal related 32-bit program on Solaris
> 10(64-bit).
>
> The source code of program is:
>
> #include <stdio.h>
> #include <signal.h>
>
> struct sigaction act;
> void handler(int a, siginfo_t *b, void *c)
> {
> }
> int main(void)
> {
> act.sa_flags = 1;
> act.sa_sigaction = handler;
> sigemptyset(&act.sa_mask);
> sigaction(SIGINT, &act, NULL);
> printf("The address is 0x%x, sizeof(struct sigaction)
> is %d\n", &act, sizeof(struct sigaction));
> return 0;
> }
>
> The DTrace script is :
>
> #!/usr/sbin/dtrace -Cs -32
>
> #include <signal.h>
>
> sigaction:entry
> /pid == $target/
> {
> this->sig = (struct sigaction *)copyin(arg1,
> sizeof(struct sigaction));
> printf("pid is %d: arg0 is %d, arg1 is 0x%x, sa_flags
> is %d, sa_sigaction is 0x%x\n",
> pid,
> arg0,
> arg1,
>
> (int)(this->sig->sa_flags),
>
> (int)(this->sig->sa_sigaction));
> printf("0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
> *((char*)this->sig),
> *(((char*)this->sig) + 1), *(((char*)this->sig) + 2), *(((char*)this->sig) +
> 3),
> *(((char*)this->sig) +
> 4), *(((char*)this->sig) + 5), *(((char*)this->sig) + 6),
> *(((char*)this->sig) + 7));
> printf("0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
> *(((char*)this->sig) +
> 8), *(((char*)this->sig) + 9), *(((char*)this->sig) + 10),
> *(((char*)this->sig) + 11),
> *(((char*)this->sig) +
> 12), *(((char*)this->sig) + 13), *(((char*)this->sig) + 14),
> *(((char*)this->sig) + 15));
> printf("0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
> *(((char*)this->sig) +
> 16), *(((char*)this->sig) + 17), *(((char*)this->sig) + 18),
> *(((char*)this->sig) + 19),
> *(((char*)this->sig) +
> 20), *(((char*)this->sig) + 21), *(((char*)this->sig) + 22),
> *(((char*)this->sig) + 23));
> printf("0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
> *(((char*)this->sig) +
> 24), *(((char*)this->sig) + 25), *(((char*)this->sig) + 26),
> *(((char*)this->sig) + 27),
> *(((char*)this->sig) +
> 28), *(((char*)this->sig) + 29), *(((char*)this->sig) + 30),
> *(((char*)this->sig) + 31));
> ustack();
> }
>
> The execute the command: "./trace.d -c ./a", and the output is:
> bash-3.2# ./trace.d -c ./a
> dtrace: script './trace.d' matched 6 probes
> The address is 0x8060ea0, sizeof(struct sigaction) is 32
> dtrace: pid 23721 has exited
> CPU ID FUNCTION:NAME
> 2 58241 sigaction:entry pid is 23721: arg0 is 2,
> arg1 is 0x8047760, sa_flags is 1, sa_sigaction is 0xffbffeff
> 0x1 0x0 0x0 0x0 0x4 0xe9 0xed 0xfe
> 0xff 0xfe 0xbf 0xff 0xff 0xff 0x0 0x0
> 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
> 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
>
> libc.so.1`__sigaction+0x15
> a`main+0x51
> a`_start+0x80
>
> The C program output the address of act is 0x8060ea0, but DTrace
> outputs the address of act is 0x8047760. Furthermore, the data in 0x8047760
> isn't same as C program has set.
>
> Could anyone give any help or clues on this issue? Thanks very much in
> advance!
>
The reason the addresses do not line up is because the probes (you
have 6 probes that match, I just have 2) are at the syscall/kernel
level and by that point the sigaction structure has been copied.
rpz@oi2:~/tmp$ sudo dtrace -ln '::sigaction:entry'
ID PROVIDER MODULE FUNCTION NAME
12148 syscall sigaction entry
33973 fbt genunix sigaction entry
Here is the libc side of sigaction copying the sigaction struct:
https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libc/port/threads/sigaction.c#L383
Then it is copied again in the syscall:
https://github.com/illumos/illumos-gate/blob/master/usr/src/uts/common/syscall/sigaction.c#L63
If you want to trace the libc sigaction then you need to use the pid
provider (http://dtrace.org/guide/chapter30.html). In fact, this
entire DTrace script can be greatly simplified to the following:
#!/usr/sbin/dtrace -s
pid$target::sigaction:entry
{
this->act = ((struct sigaction *)copyin(arg1, sizeof(struct
sigaction)));
printf("act addr: 0x%p, flags: %d, sigaction: 0x%p\n",
arg1,
this->act->sa_flags,
this->act->_funcptr._sigaction);
trace(*this->act);
print(*this->act);
}
The 'trace' function does what you were doing by hand, printing out
the bytes of the data structure. I added the 'print' function for fun
to show how awesome it is, it has knowledge of the types and prints
them out in a human friendly way. Since you are on Solaris I'm pretty
sure you don't have the print function but hopefully you have trace.
I ran my example on Illumos/OI 151a8.
rpz@oi2:~/tmp$ sudo ./contents.d -c './test'
dtrace: script './contents.d' matched 1 probe
The address is 0x4114c0, sizeof(struct sigaction) is 32
dtrace: pid 4317 has exited
CPU ID FUNCTION:NAME
7 74205 sigaction:entry act addr: 0x4114c0, flags: 1,
sigaction: 0x400f98
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 01 00 00 00 00 00 00 00 98 0f 40 00 00 00 00 00
..........@.....
10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
struct sigaction {
int sa_flags = 0x1
union _funcptr = {
int (*)() _handler = 0x400f98
int (*)() _sigaction = 0x400f98
}
sigset_t sa_mask = {
unsigned [4] __sigbits = [ 0, 0, 0, 0 ]
}
}
-Z
-------------------------------------------
dtrace-discuss
Archives: https://www.listbox.com/member/archive/184261/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184261/25769126-e243886f
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769126&id_secret=25769126-8d47a7b2
Powered by Listbox: http://www.listbox.com
