[aru-ufmg] FW: Exploring processes with Truss: Part 1

  • From: fabior@xxxxxxx
  • To: aru-ufmg@xxxxxxxxxxxxx
  • Date: Thu, 10 Apr 2003 13:58:52 +0200 (MEST)

Como ver as "system calls" de um processo no Unix:

Exploring processes with Truss: Part 1
By Sandra Henry-Stocker

The ps command can tell you quite a few things about each process
running on your system.  These include the process owner, memory use,
accumulated time, the process status (e.g., waiting on resources) and
many other things as well. But one thing that ps cannot tell you is what
a process is doing - what files it is using, what ports it has opened,
what libraries it is using and what system calls it is making. If you
can't look at source code to determine how a program works, you can tell
a lot about it by using a procedure called "tracing". When you trace a
process (e.g., truss date), you get verbose commentary on the process'
actions. For example, you will see a line like this each time the
program opens a file:

open("/usr/lib/libc.so.1", O_RDONLY) = 4

The text on the left side of the equals sign clearly indicates what is
happening.  The program is trying to open the file /usr/lib/libc.so.1
and it's trying to open it in read-only mode (as you would expect, given
that this is a system library).  The right side is not nearly as
self-evident.  We have just the number 4.

Open is not a Unix command, of course, but a system call.  That means
that you can only use the command within a program.  Due to the nature
of Unix, however, system calls are documented in man pages just like ls
and pwd.

To determine what this number represents, you can skip down in this
column or you can read the man page.  If you elect to read the man page,
you will undoubtedly read a line that tells you that the open() function
returns a file descriptor for the named file. In other words, the
number, 4 in our example, is the number of the file descriptor referred
to in this open call.  If the process that you are tracing opens a
number of files, you will see a sequence of open calls.  With other
activity removed, the list might look something like this:

open("/dev/zero", O_RDONLY)                     = 3
open("/var/ld/ld.config", O_RDONLY)             Err#2 ENOENT
open("/usr/lib/libc.so.1", O_RDONLY)            = 4
open("/usr/lib/libdl.so.1", O_RDONLY)           = 4
open64("./../", O_RDONLY|O_NDELAY)              = 3
open64("./../../", O_RDONLY|O_NDELAY)           = 3
open("/etc/mnttab", O_RDONLY)                   = 4

Notice that the first file handle is 3 and that file handles 3 and 4 are
used repeatedly.  The initial file handle is always 3.  This indicates
that it is the first file handle following those that are the same for
every process that you will run -  0, 1 and 2.  These represent standard
in, standard out and standard error.

The file handles shown in the example truss output above are repeated
only because the associated files are subsequently closed.  When a file
is closed, the file handle that was used to access it can be used again.
 The close commands include only the file handle, since the location of
the file is known.  A close command would, therefore, be something like
close(3).

One of the lines shown above displays a different response - Err#2
ENOENT.  This "error" (the word is put in quotes because this does not
necessarily indicate that the process is defective in any way) indicates
that the file the open call is attempting to open does not exist.  Read
"ENOENT" as "No such file".

Some open calls place multiple restrictions on the way that a file is
opened.  The open64 calls in the example output above, for example,
specify both O_RDONLY and O_NDELAY.  Again, reading the man page will
help you to understand what each of these specifications means and will
present with a list of other options as well.

As you might expect, open is only one of many system calls that you will
see when you run the truss command.  Next week we will look at some
additional system calls and determine what they are doing.

[]s

Fabio Rodrigues
fabior@xxxxxxx


-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

*******************************************************************
Subscribe List:
mailto:aru-ufmg-request@xxxxxxxxxxxxx?subject=subscribe
Unsubscribe List:
mailto:aru-ufmg-request@xxxxxxxxxxxxx?subject=unsubscribe
Archives:
http://www.freelists.org/archives/aru-ufmg/

Other related posts:

  • » [aru-ufmg] FW: Exploring processes with Truss: Part 1