Since you're using the fbt provider rather than the pid provider you're
seeing the calls to strcpy() in the kernel as a result of the program
dumping core.
As for why you're seeing the old program counter, the D program effectively
executes after the other effects of the instruction have been processed, but
before the program counter has advanced. This is by design so that tracing the
program counter or stack trace matches the location at which the probe was
placed.
Adam
On Wed, Mar 26, 2008 at 09:49:21AM -0700, bryan wrote:
> This is interesting, when i run this script:
>
> fbt::strcpy:entry
>
> / pid == $1 /
> {
> self->eip = uregs[R_EIP];
> printf("EIP=%x", self->ebp);
> }
>
> fbt::strcpy:return
>
> / pid == $1 /
> {
> printf("saved EIP=%x return EIP=%x", self->eip, uregs[R_EIP]);
> }
>
> produces this output:
>
> dtrace: script './registers.d' matched 2 probes
> CPU ID FUNCTION:NAME
> 1 22690 strcpy:entry EIP=fedc5b35
> 1 22691 strcpy:return saved EIP=fedc5b35 return
> EIP=fedc5b35
> 0 22690 strcpy:entry EIP=41414141
> 0 22691 strcpy:return saved EIP=41414141 return
> EIP=41414141
> 0 22690 strcpy:entry EIP=41414141
> 0 22691 strcpy:return saved EIP=41414141 return
> EIP=41414141
> 0 22690 strcpy:entry EIP=41414141
> 0 22691 strcpy:return saved EIP=41414141 return
> EIP=41414141
> 0 22690 strcpy:entry EIP=41414141
> 0 22691 strcpy:return saved EIP=41414141 return
> EIP=41414141
>
> the strcpy commnad is only called once in the program but is entered
> according to dtrace multiple times. Can anyone explain what is going on here?
>
>
> --
> This message posted from opensolaris.org
> _______________________________________________
> dtrace-discuss mailing list
> [email protected]
--
Adam Leventhal, Fishworks http://blogs.sun.com/ahl
_______________________________________________
dtrace-discuss mailing list
[email protected]
