Re: rethinking syscall tapset

[Hien Nguyen <hien at us dot ibm dot com>]

Hi Martin,

Looking good. I like the tracestr and returnp idea. The tracestr , we 
could build a string similar to strace if want too. Do you have any 
thought about dealing with different kernel version?

Thanks,  Hien.

Martin Hunt wrote:

> [....]
> probe syscall.read = kernel.function("sys_read") {
>      name = "read"
>      fd = $fd
>      buf_uaddr = $buf
>      count = $count
>      tracestr = "read ".string(fd)." ".string(count)
> }
> probe syscall.read.return = kernel.function("sys_read").return {
>      name = "read"
>      returnp = 1
> }
>
> --------
> probe syscall.open, syscall.read,
> 	syscall.open.return, syscall.read.return {
>
> 	if (pid() == target()) {
> 		if (returnp)
> 			printf("%s returned %d\n", name, returnval())
> 		else
> 			log(tracestr)
> 	}
> }
>
> Note that I've replaced "kernel.syscall" with just "syscall".
>
> I've created a string "tracestr" that each syscall returns with the name
> and formatted arguments. I've been debating if I want to include the
> name or just the args. So in my example I would do
> printf("%s: %s\n", name, argstr)
>
> I've created another variable all return probes set called "returnp".

> We could get the same thing calling is_return() in context.stp, but that
> is a bit slower.
>
> What do you think?
>
> Martin
>
>
>
>
>
>