strace 到底输出什么?
精确是我在这里关注的......
mmap(0x37aa74d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14d000) = 0x37aa74d000
所有人都说strace返回所有使用的系统调用,但我grep entry.S并且只有sys_mmap< /code> 不只是 mmap,这意味着 mmap 不是系统调用,应该是 sys_mmap。
那么 strace 输出到底是什么?
另一个问题是我认为= 0x37aa74d000表示返回值,对吗?但是如果函数没有返回类型怎么办?(void)?
Exact is what I'm focusing on here...
mmap(0x37aa74d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14d000) = 0x37aa74d000
All are saying that strace returns all syscalls used,but I grep entry.S and there's only sys_mmap not simply mmap,which means mmap is not syscall,should be sys_mmap.
So what exactly is strace outputing??
Another question is that I think = 0x37aa74d000 means the return value,right?But what if the function doesn't have return type?(void)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
Strace 正在打印系统调用,而
mmap不在其中,请检查男人映射:以下是其定义:
最后一个数字是返回值:
对于每个系统调用,您可以查看其手册页。要了解有关
strace输出本身的更多信息,请查看man strace。Strace is printing syscalls, and
mmapis out of them, checkman mmap:Here is its definition:
and the last number is the return value:
For each syscall you can check their
manpages. To learn more aboutstraceoutput it-self, checkman strace.strace从用户空间的角度生成系统调用的名称:sommap,open,read、write等。这与 libc 包装器执行比仅捕获操作系统更复杂的操作时编码的函数调用不同。例如,如果您在代码中调用sigaction,strace将显示对rt_sigaction的调用,因为多年来,rt_sigaction是用于设置信号操作的最通用的系统调用,因此 GNU libc 根据该原语实现了所有信号设置函数。 (在这种情况下,您无法直接调用 rt_sigaction ,因为 glibc 没有公开它的包装器 - 我不知道为什么会这样。)sys_mmap 是 Linux 内核中函数的名称,该函数恰好是 mmap 系统调用的入口点。 Linus 可以为系统调用入口点选择他想要的任何命名约定 -
mmap、mach_mmap、ZwMmap等等 - 这是一个实现细节,与用户空间无关。所以strace不会向您显示这些名称。只有返回类型为
void的系统调用才是终止进程的调用,例如exit_group。 (从编程语言设计的角度来看,更准确的说法是它们没有返回类型,因为它们不返回。)strace像这样打印:所有其他系统调用都返回某些东西,因为至少在理论上,它们都可能失败,并且它们必须告诉您它们是否失败了。如果除了成功/失败指示之外没有其他值可供返回,则它们返回一个
int,成功时为零,失败时为-1,并且 strace 逐字打印该内容。 [Soapbox:这是 Unix 中长期存在的设计错误,至少可以追溯到 NFS 的第一个实现。资源释放原语(close、munmap等)应该不可能失败,并且它们的返回类型应该是void来指示那。我完全打算一拿到时间机器就解决这个问题。]straceproduces the names of the system calls from user space's perspective: sommap,open,read,write, etc. This will be different from the function call that was coded when the libc wrapper does something more complicated than just trap into the OS. For instance, if you callsigactionin your code,stracewill show you a call tort_sigaction, because for many years now,rt_sigactionhas been the most general system call for setting signal actions, so GNU libc implements all of the signal-setting functions in terms of that primitive. (In this case, it happens that you cannot callrt_sigactiondirectly, because glibc doesn't expose a wrapper for it -- I don't know why that is.)sys_mmapis the name of a function inside the Linux kernel that happens to be the entry point for themmapsystem call. Linus could have chosen any naming convention he wanted for system call entry points --mmap,mach_mmap,ZwMmap, whatever -- it's an implementation detail, irrelevant to user space. Sostracedoes not show you those names.The only system calls whose return type is
voidare the ones that terminate the process, such asexit_group. (From a programming-language-design perspective, it would be more accurate to say that they don't have a return type, because they don't return.)straceprints those like so:All other system calls return something, because all of them can, at least theoretically, fail, and they have to tell you if they did. If there's no value for them to return besides a success/failure indication, then they return an
intwhich is zero for success or-1for failure, andstraceprints that verbatim. [Soapbox: This is a long-standing design error in Unix, going back at least as far as the first implementation of NFS. It should be impossible for resource deallocation primitives --close,munmap, etc -- to fail, and their return type should bevoidto indicate that. I fully intend to fix this as soon as I get a time machine.]mmap(2) 是系统调用sys_mmap的 libc 包装器。如果您想分析库调用,请使用ltrace。mmap的返回类型是void*,它是一个无类型指针,这是映射成功后返回的内容。mmap(2) is a libc wrapper around the system callsys_mmap. Useltraceif you want to analyse library calls.mmap's return type isvoid*, which is a non-typed pointer, which is what it returns upon successful mapping.除了这里已经给出的优秀答案之外,值得强调的是,人们经常混淆系统调用(直接向内核发出的请求)和库调用(通常指对 GlibC 函数的调用)。
许多 GlibC 调用与系统调用具有相同的名称(例如读、写、打开等),并且只是它们调用的系统调用的包装器。其他的则不是那么简单,例如 GlibC 函数的 exec 系列都使用“execve”系统调用来执行程序,因此它们都将在 strace 中显示为对 execve 的调用。
通常,当人们谈论系统调用时,他们实际上指的是库调用,并且他们正在使用的函数在 strace 输出中会有所不同。
In addition to the excellent answers already given here, it is worth stressing that people often confuse system calls (which are requests made directly to the kernel) and library calls (which generally refer to calls to GlibC functions).
Many GlibC calls have the same name as system calls (eg read, write, open etc) and are simply wrappers for the system call they invoke. Others are not quite so simple, for example the exec family of GlibC functions all use the 'execve' system call to execute a program so all of them will show up as a call to execve in strace.
Often when people talk about system calls they really mean library calls and the function they are using will differ in the strace output.