Re: [dtrace-discuss] Question on function tracing using pid provider on stripped programs

Thu, 08 Oct 2009 10:50:24 -0700 

Ling wrote:

Hello,
I tried this script: http://www.brendangregg.com/DTrace/dappprof (using pid provider to construct call graph by tracing function entries/returns), on an ELF binary with symbol table (.symtab) stripped away. The Dtrace script was still able to generates the call 
graph with symbolic function names and addresses, for example:

....
874/1: 450 . . -> ld.so.1:stravl_insert(0xD17C2679, 0x0, 0x0) 874/1: 450 . . -> ld.so.1:pnavl_create(0x18, 0x0, 0x0) 874/1: 450 . . -> ld.so.1:malloc(0x14, 0x0, 0x0) 874/1: 450 . . -> ld.so.1:split(0xD17FEB78, 0x18, 0x0) 874/1: 450 0 0 <- ld.so.1:split = 79 
  874/1:       450       0      0             <- ld.so.1:malloc = 212
874/1: 450 . . -> ld.so.1:avl_create(0xD17FEB88, 0xD17D2EC0, 0x18) 874/1: 450 0 0 <- ld.so.1:avl_create = 32 
  874/1:       450       0      0           <- ld.so.1:pnavl_create = 66
874/1: 450 . . -> ld.so.1:strlen(0xD17C2679, 0x0, 0x0) 874/1: 450 0 0 <- ld.so.1:strlen = 85 
....
I am really curious and interested to know how the pid provider can figure out the symbolic information of the called functions from a stripped program. Could someone help me 
demystify the mechanism?

Thanks in advance.





   If I'm reading this correctly, DTrace is reporting on symbols found
in the runtime linker (ld.so.1), which is not stripped. Stripping your
object has no effect on the other system objects it is linked to, so it's
not surprising that this works.

However, you will find that Solaris can figure out most symbols of interest
in your stripped object as well. As Adam points out, this comes from the dynamic
symbol table, and the related SUNW_ldynsym symbol table, neither of which
can be stripped. If the .symbtab is gone, the system is able to use these
instead, and will be able to resolve all functions, as well as global data.

Here are some things from my blog that you might help you understand
more about the underpinnings:

    http://blogs.sun.com/ali/entry/inside_elf_symbol_tables
    http://blogs.sun.com/ali/entry/what_is_sunw_ldynsym
    http://blogs.sun.com/ali/entry/which_solaris_files_are_stripped

I don't think you should strip your objects though --- there's little
or any benefit, and it does hurt observability.

Ali
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org

Reply via email to