dtrace:不会捕获任何写系统调用 [英] dtrace: doesn't catch any write sys call

问题描述

我是dtrace的新手，正在尝试编写一些基本的dtrace脚本.我找到了一个在单独的终端上捕获read(2)和write(2)系统调用的示例，

I'm new to dtrace and trying to write some a basic dtrace scripting. I found a example to catch read(2) and write(2) syscall on seperate terminal as following,

 syscall::read:entry,
 syscall::write:entry
 /pid==4217/
 {

 }

指定的pid编号来自另一个终端的pid ID.当我看到示例时，如果我使用dtrace运行此脚本，它应该显示一些读写syscall.但是我只观察到读syscall而不是写syscall.

The specified pid number is from the other terminal's pid id. When I saw the example, it supposed to show some read and write syscall if I run this script with dtrace. But I only observed read syscall but not write syscall.

因此，如果我理解正确，则在终端上观察到(pid 4217)，如果我在该终端上键入内容，内核将读取其字符，因此假设发生了syscall读取.如果我键入"ls"之类的命令并按回车键，内核将读取并执行该命令，并将一些输出写入终端，因此写syscall假定为被调用.但是我看不到以任何方式写任何系统调用.为什么呢?

So if I understand correctly, on the terminal I observe (pid 4217), if I type something on that terminal, kernel will read its character so read syscall suppose to be occurred. If I type something like "ls" and hit enter, kernel will read and execute it, and write some output to the terminal, thus write syscall suppose to be called. But I don't see any write syscall somehow. Why is that?

推荐答案

我同意@PaulFox，这可能是错误的pid值.如果在按Enter键之前终端已暂停，则该终端位于read syscall的中间.但是，当它显示终端提示时(按Enter键并运行ls之后)，它会通过执行write syscall来做到这一点.请注意，ls的输出不是write syscall的来源！ pid是正在运行的ls命令的进程ID.

I agree with @PaulFox, this is probably a mistaken pid value. When the terminal is paused before you press enter, the terminal is in the middle of a read syscall. However, when it prints the terminal prompt (after you press enter and ls runs), it does that by making a write syscall. Note that the output from ls is NOT where the write syscall is coming from! That pid would be the process id of the running ls command.

要测试write syscall是否确实正常运行，请运行以下命令:

To test that the write syscall actually is working, run this:

# dtrace -n 'syscall::write:entry {printf("hello")}'

然后尝试使用终端(将"bash"替换为您正在使用的任何内容)作为目标:

Then try it with your terminal (replace 'bash' with whatever you're using) as the target:

# dtrace -n 'syscall::write:entry /pid==$target/ {printf("hello")}' -c 'bash'

如果在向终端输入内容时其中之一未能显示任何写操作，请发回邮件.

And post back if one of those fails to show any writes while you type stuff into your terminal.

还要注意，您的外壳可能正在使用多个版本的write syscall(尽管如果使用的不是普通的write，我会感到惊讶):

Also note there are several versions of the write syscall that your shell might be using (although I would be surprised if it used something other than the ordinary write):

# dtrace -ln 'syscall::*write*:entry'
   ID   PROVIDER            MODULE                          FUNCTION NAME
  147    syscall                                               write entry
  381    syscall                                              writev entry
  447    syscall                                              pwrite entry
  777    syscall                                           aio_write entry
  933    syscall                                      write_nocancel entry
  963    syscall                                     writev_nocancel entry
  969    syscall                                     pwrite_nocancel entry

这篇关于dtrace:不会捕获任何写系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！