/picotrace

picotrace - system call process tracer

Primary LanguageC

PICOTRACE(1)                General Commands Manual               PICOTRACE(1)

NAME
     picotrace - system call process tracer

SYNOPSIS
     picotrace [-i] [-o OUTPUT] [-p PID | <command> [<arg ...>]]

DESCRIPTION
     picotrace enables syscall trace logging for the specified processes.
     Trace data is logged to the file OUTPUT, otherwise if not specified to
     stdout.  The operations that are traced include system call entry and
     exit, signal delivery, forking, vforking, LWP creation, LWP exiting and
     process exiting.  Additionally picotrace logs arguments passed to a
     program, environment variables and ELF auxiliary vector values.

     Once tracing is enabled on a process, trace data will be logged until
     either the process exits or the trace point is cleared.  A traced process
     can generate large amounts of log data quickly.

     The trace output is in plain text, human readable.

     The options are as follows:

     -i      Inherit; pass the trace flags to all future children of the
             designated processes.

     -o OUTPUT
             Log trace records to outfile.  Without this option picotrace will
             print its output to standard output.

     -p PID  Enable (disable) tracing on the indicated process id (only one -p
             flag is permitted).

     command
             Execute command with the specified trace flags.

     The -p and command options are mutually exclusive.

OUTPUT FORMAT
     The output is grouped into 5 columns:

     pid     Traced process id.

     lwp     Traced process LWP that caused an event.  The 0 value is a
             special case for whole-process events.

     exename
             Traced process program basename.

     event   Recorded event:

             ARGV    Field in the argv[] vector.

             ENV     Field in the env[] vector.

             AUXV    Field in the auxv[] vector.

             SCE     System call entry.

             SCX     System call exit.

             CONTINUED
                     The process has been continued with SIGCONT.

             SIGNALED
                     The process has received non-stoppable signal.

             EXITED  The process has exited.

             EXEC    The process has replaced its process image with a new
                     process image.

             FORKED  The process has forked.

             VFORKED
                     The process has vforked.

             VFORK_DONE
                     The process has resumed after vfork(2).

             LWP_CREATED
                     The process has created a thread.

             LWP_EXITED
                     The process has exited a thread.

             CRASHED
                     The process has crashed.

             STOPPED
                     The process has stopped

     additional information
             If available, extra pieces of information.

EXAMPLES
     # trace the events of process id 34
           $ picotrace -p 34

     # spawn and trace process sh(1) with all of its children and log the
     record to "trace.txt"
           $ picotrace -o trace.txt -i sh

IMPLEMENTATION NOTES
     The tracer uses the ptrace(2) system call to perform the tracing process.

     The picotrace program has been designed to ship bare functionality only,
     without pretty printing of data structures and interpreting passed
     arguments to syscalls.

     picotrace is designed to be a framework for other more advanced tracers
     and illustration of the canonical usage of the ptrace system call.  New
     features are not expected unless they present a new feature in the NetBSD
     kernel.

SEE ALSO
     ktruss(1), ptrace(2)

HISTORY
     picotrace is inspired by truss from FreeBSD and strace from Linux.

     Tn picotrace command was designed for NetBSD 9.

AUTHORS
     Kamil Rytarowski <kamil@NetBSD.org>

NetBSD 8.99.38                    May 6, 2019                   NetBSD 8.99.38