1LATRACE(1)                      [FIXME: manual]                     LATRACE(1)
2
3
4

NAME

6       latrace - LD_AUDIT 2.4+ libc frontend
7

SYNOPSIS

9       latrace [-ltfsbcCpADaoyIiBdvTFELVh] command [arg ... ]
10

DESCRIPTION

12       latrace is able to run a command and display its dynamic library calls
13       using a LD_AUDIT libc feature (available from libc version 2.4 onward -
14       see the section called “DISCUSSION” ). It is also capable to measure
15       and display various statistics of dynamic calls.
16
17       If the config file is provided, latrace will display symbol’s arguments
18       with detailed output for structures. The config file syntax is similar
19       to the C language, with several exceptions (see the section called
20       “CONFIG”).
21
22       The latrace by default fully operates inside of the traced program.
23       However another pipe mode is available, to move the main work to the
24       latrace binary (see the section called “PIPE mode”).
25
26       Its use is very similar to strace(1) and ltrace(1).
27

OPTIONS

29       -l, --libs lib1[,lib2,...]
30           audit from and to lib1, lib2 ...
31
32       -t, --libs-to lib1[,lib2,...]
33           audit to lib1, lib2 ...
34
35       -f, --libs-from lib1[,lib2,...]
36           audit from lib1, lib2 ...
37
38       -s, --sym sym1[,sym2,...]
39           audit symbols sym1, sym2 ...
40
41       -S, --timestamp
42           display timestamp for each symbol
43
44       -b, --flow-below sym1[,sym2,...]
45           display flow for sym1, sym2 ...
46
47       -c, --counts
48           display statistics counts of symbols - implies pipe mode (see the
49           section called “PIPE mode”) an no symbol output is displayed
50
51       -C, --sort-counts stat
52           implies -c, plus sort the statistics by stat with following values:
53           time,per,call,ucall,lib,sym (default is call)
54
55       -p, --pipe
56           use pipe to latrace process to send audit data (see the section
57           called “PIPE mode”)
58
59       -o, --output file
60           store output to file
61
62       -A, --enable-args
63           enable arguments output (definitions from /etc/latrace.conf)
64
65       -D, --detail-args
66           display struct arguments in more detail
67
68       -a, --args file
69           specify arguments definition file, implies -A (without the default
70           definition file of course)
71
72       -y, --framesize number
73           framesize for storing the stack before pltexit (default 100)
74
75       -I, --no-indent-sym
76           do no indent symbols based on the their stack depth
77
78       -i, --indent-sym indent_size
79           indent size specification in indent_size
80
81       -B, --braces
82           allways display { } for the around the symbol body
83
84       -d, --demangle
85           C++ demangle symbols on the output
86
87       -v, --verbose
88           verbose output
89
90       -T, --hide-tid
91           dont display thread id
92
93       -F, --not-follow-fork
94           dont follow fork calls (childs). This is just supressing the
95           latrace output from new childs. The nature of the LD_AUDIT feature
96           prevents to disable it completely.
97
98       -E, --not-follow-exec
99           dont follow exec calls
100
101       -R, --ctl-config
102           controled config feature
103
104       -q, --disable
105           run with disabled auditing (enabled -R)
106

EXAMPLES

108       ·   The simplest way to run latrace is like this:
109
110           ·   latrace cat**
111
112       ·   To see the argument values specified by default config file run:
113
114           ·   latrace -A cat**
115
116       ·   Same as above but using the pipe mode to get all the end symbols
117           printed:
118
119           ·   latrace -Ap cat**
120
121       ·   To see the argument values specified by specified config file run:
122
123           ·   latrace -a latrace.conf cat**
124
125       ·   To get output only for specified symbol (eg. read and write) run:
126
127           ·   latrace -A -s read,write cat**
128
129       ·   To get flow under the specified symbol (eg. sysconf) run:
130
131           ·   latrace -b sysconf kill**
132
133       ·   To get output only for specified library (eg. libproc) run:
134
135           ·   latrace -Al libproc w**
136
137       ·   To get symbol statistics run:
138
139           ·   latrace -c ls**
140
141       ·   To get symbol statistics sorted by time run:
142
143           ·   latrace -C time ls**
144
145       ·   To get output stored to the text file run:
146
147           ·   latrace -o output.latrace ls**
148
149       ·   To change the libkrava1.so dependency to the libkrava2.so run one
150           of these:
151
152           ·   latrace -L krava1%krava2 ex**
153
154           ·   latrace -L krava1~libkrava2.so ex**
155
156           ·   latrace -L libkrava1.so=libkrava2.so ex**
157

DISCUSSION

159   LD_AUDIT
160       This is just a brief and vague description of the LD_AUDIT feature. For
161       more information look to rtld-audit(7) man done by Petr Baudis or study
162       the glibc/latrace source code. Very brief explanation follows.
163
164       The libc dynamic linker audit feature allows to trace/audit program’s
165       symbols/libraries. The feature is enabled by the LD_AUDIT environment
166       variable. This variable must contain path to the audit shared library.
167       This audit library needs to follow specific interface. The interface
168       functions will be then called by the dynamic linker appropriatelly.
169
170       The audit library needs to export following symbols (the "la_PLTENTER"
171       and "la_PLTEXIT" names are architecture dependent).
172
173           "la_activity"
174           "la_objsearch"
175           "la_objopen"
176           "la_preinit"
177           "la_symbind32"
178           "la_symbind64"
179           "la_PLTENTER"
180           "la_PLTEXIT"
181           "la_objclose"
182
183       +
184
185       As for the latrace package the audit shared library is called
186       libltaudit.so.
187
188   OBJSEARCH
189       The objsearch LD_AUDIT interface provide means for changing traced
190       program shared object names/locations. The -L option argument should
191       have following form:
192
193       -L s1[,s2,...] where sN is src [=%~] dst
194
195       The src is the source pattern/name and dst is the destination
196       name/pattern.
197
198
199
200       =   Comparing src with the
201           library name. If matched,
202           replace the library name
203           with dst.
204                      library name         - /lib/krava1.so
205                      src                  - /lib/krava1.so
206                      dst                  - /lib/krava2.so
207
208                      final library name   - /lib/krava2.so
209
210
211       %   Looking for the src in the library name. If
212           found, replace the src with dst part.
213                      library name         - /lib/krava1.so
214                      src                  - krava1
215                      dst                  - krava2
216
217                      final library name   - /lib/krava2.so
218
219
220       ~   Looking for the src in the library name. If
221           found, replace the library name with dst.
222                      library name         - /lib/krava1.so
223                      src                  - krava1
224                      dst                  - /lib/krava2.so
225
226                      final library name   - /lib/krava2.so
227
228
229
230   PIPE mode
231       The latrace can work in two modes. The first one native does does the
232       output directly in the traced program process. The other one, pipe mode
233       use the IPC fifo mechanism to send the data from the traced process to
234       the latrace process. The latrace process is then responsible for the
235       output. Using the pipe mode you loose the traced program standard
236       output context with printed symbols.
237
238       By using the pipe mode, the latrace is not dependent on the trace
239       program usage/manipulation of the standard output descriptor. Also the
240       symbol statistics counts -c, -C options use the pipe mode to transfer
241       symbol information to the latrace binary, and the latrace binary does
242       the counts at the end.
243
244   CONFIG
245       The latrace config file allows user to define symbols as an classic C
246       functions with arguments. Argument names will be display together with
247       values as the latrace output. The more arguments are defined, the more
248       performance and memory penalties should be expected.
249
250       The package is delivered with several config files for the most
251       commonly used functions. List of the glibc header files used follows
252       (the list mostly follows the ltrace header files list, and author is
253       willing to update it according to the needs.
254
255           /usr/include/arpa/inet.h
256           /usr/include/ctype.h
257           /usr/include/stdlib.h
258           /usr/include/string.h
259           /usr/include/ctype.h
260           /usr/include/ncurses.h
261           /usr/include/stdio.h
262           /usr/include/dirent.h
263           /usr/include/unistd.h
264           /usr/include/libintl.h
265           /usr/include/dlfcn.h
266           /usr/include/fcntl.h
267           /usr/include/getopt.h
268           /usr/include/signal.h
269           /usr/include/sys/ioctl.h
270           /usr/include/sys/socket.h
271           /usr/include/netdb.h
272           /usr/include/pthread.h
273           /usr/include/sys/resource.h
274           /usr/include/sys/mman.h
275
276       +
277
278       The config file structure consists of /etc/latrace.conf file, which is
279       the default one read by latrace. This config file includes other config
280       files placed in the /etc/latrace.d directory. This directory contain
281       all the config files for the above mentioned header files.
282
283       As already mentioned, the latrace config file syntax lightly follows
284       the C language syntax. Following part describes the latrace config file
285       language.
286
287       ·   Several POD types (plain old data), are hardcoded in latrace. Size
288           of those arguments is determined by the sizeof macro. The list
289           follows.
290
291               void
292               char    u_char
293               short   u_short
294               int     u_int
295               long    u_long
296               llong   u_llong  # (long long)
297               float   double
298
299       ·   The typedef keyword allows to specify new type based on the already
300           existing one (POD or typedefed). Eventhough there’s a way for
301           multiple pointer layers in the type definition (*), only one is
302           taken.
303
304               typedef base_type new_type;
305               typedef base_type * new_type;
306               typedef base_type ** new_type;
307
308       ·    Comments follow the C style /\* \*/ logic.
309
310           /\* comments \*/
311
312       ·   The include keyword allows to include another config file.
313
314           #include "filename"
315
316       ·   The struct keyword allows to define the structure. The syntax
317           folows following grammar rules.
318
319               START::         struct NAME { STRUCT_DEF };
320               STRUCT_DEF::    DEF | EMPTY
321               DEF::           NAME NAME |
322                               NAME ´*´ NAME |
323                               struct NAME NAME |
324                               struct NAME ´*´ NAME
325               NAME::          [-0-9a-zA-Z_]+
326
327       ·   The function definition follows following syntax (DEF and NAME are
328           the same as for struct definition).
329
330               START::         DEF ´(´ ARGS ´)´ ´;´
331               ARGS::          ARGS ´,´ DEF | DEF | EMPTY
332
333       ·   The enum definition follows following syntax (NAME is same as for
334           struct definition).
335
336               START::         ENUM NAME ´{´ ENUM_DEF ´}´ ´;´
337               ENUM_DEF::      ENUM_DEF ´,´ ENUM_ELEM | ENUM_ELEM
338               ENUM_ELEM::     NAME ´=´ NAME | NAME
339
340       ·   Example of a simple latrace config file.
341
342               ---[ cut here ]-----------------------------
343               enum krava {
344                       krava1 = 1,
345                       krava2,
346                       krava3 = 100
347               };
348
349               #include "krava.conf"
350
351               typedef u_int pid_t;
352
353               struct ex_st {
354                       pid_t   p;
355                       int     cnt;
356                       char   *name;
357               };
358
359               int f1(pid_t p, struct ex_st *k);
360               int f2(char* name, struct ex_st k, int k = krava);
361               struct ex_st* f3(pid_t *p, struct ex_st k);
362               ---[ cut here ]-----------------------------
363
364       ·   Arrays are not supported yet, so there’s no way to define some
365           structures. For such a structures use void* type where the
366           structure argu- ment is passed by pointer. If it is passed by
367           value, there’s no workaround so far (aside from filling the
368           structure body with POD types up to the actual length of the
369           structure :).
370
371       ·   Variable argument lists (va_list/...) are not supported yet. The
372           function definition needs to stop before the first variable
373           argument list argument.
374

PORTS

376       Author is willing to port the latrace to any architecture, as long as
377       he got an access to corresponding system. Currently functional ports
378       are:
379
380
381       x86      ok
382
383       x86_64   ok
384
385       arm      ok (contributed and
386                maintained by Akos
387                Pasztory)
388
389
390       LD_AUDIT related glibc bugs:
391
392       ·    Bug 7055 (no longer reproducible) LD_AUDIT - gettimeofday function
393           segfaults if called from interface
394           http://sources.redhat.com/bugzilla/show_bug.cgi?id=7055
395
396       ·    Bug 9893 (FIXED in 2.10) LD_AUDIT - misaligned _dl_call_pltexit
397           parameter causing crash in audit library
398           http://sources.redhat.com/bugzilla/show_bug.cgi?id=9893
399
400       ·    Bug 3924 (FIXED in 2.7-2) LD_AUDIT implementation causing process
401           segfaulting http://sourceware.org/bugzilla/show_bug.cgi?id=3924
402

BUGS

404       MANY, plz report bugs to <olsajiri@gmail.com[1]>. You can also visit
405       the latrace.sf.net page to see the latest release notes information.
406

AUTHOR

408       Jiri Olsa <olsajiri@gmail.com[1]>
409

CONTRIBUTORS

411       ·   Nix <nix@esperi.org.uk[2]>
412
413       ·   Akos Pasztory <akos.pasztory@gmail.com[3]>
414

LICENSE

416       This is free software, distributed under the GPLv3 license.
417

SEE ALSO

419       strace(1), ltrace(1)
420

NOTES

422        1. olsajiri@gmail.com
423           mailto:olsajiri@gmail.com
424
425        2. nix@esperi.org.uk
426           mailto:nix@esperi.org.uk
427
428        3. akos.pasztory@gmail.com
429           mailto:akos.pasztory@gmail.com
430
431
432
433[FIXME: source]                   11/11/2010                        LATRACE(1)
Impressum