1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
|
-*-org-*-
* Version 0.8.0
** Prototype libraries
- Each DSO can now ship an ltrace config file (called prototype
library) that ltrace will open when that DSO is loaded to process
image. See ltrace(1) for details.
- ltrace.conf is no longer part of installation tarball. Instead,
we now ship libc.so.conf, libm.so.conf, libacl.so.conf, and
syscalls.conf. Those are now istalled to /usr/share/ltrace by
default. /etc/ltrace.conf and $HOME/.ltrace.conf are still
loaded if present, and can contain arbitrary user configuration.
- The option -F was retrofitted to be a colon-separated list of
prototype libraries, and directories to look for prototype
libraries in. On Linux, ltrace looks into XDG_CONFIG_HOME,
XDG_CONFIG_DIRS, and /usr/share/ltrace as well.
- Wide character strings are supported in prototypes. Use "string"
lens as usual, but use array of integers as underlying type.
libc.so.conf now contains prototypes of wide character functions.
- Sole void function parameter such as in the following example, is
now considered obsolete:
| int fork(void); |
This use is still accepted, taken to mean "hide(int)", but
produces a warning, and will be removed in future.
- Prototypes are now read from DWARF debug info, if available. This
complements the data available in config files
** Architectural support
- MIPS and MIPSel are now handled by the same backend.
- ARMv6, ARMv7 and ARMv8 (AArch64) are supported, including full
fetch backend. ARMv8 backend doesn't support tracing of 32-bit
binaries, as currently there's no 32-bit userspace available for
ARM64 processors.
- Imagination Technologies Meta is now supported.
- On Linux, tracing of IFUNC symbols is supported. On i386,
x86_64, ppc32 with secure PLT and ppc64, IRELATIVE PLT slots are
traced as well.
** -w output now shows full library path
The output format is similar to glibc's backtrace_symbols, e.g.:
> /bin/ls(_init+0x19be) [0x40398e]
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7f50cbc3676d]
> /bin/ls(_init+0x25fd) [0x4045cd]
* Version 0.7.3 [2013-09-15 Sun]
** Bugfixes
*** [MIPS] Fix build on mips big endian
This bug caused messages like:
| Making all in mips
| /bin/sh: line 17: cd: mips: No such file or directory
*** [MIPS] Fix SIGSEGV on mips big endian
This bug caused runtime messages like:
| [0x4000000] --- SIGSEGV (Segmentation fault) ---
| [0xffffffff] +++ killed by SIGSEGV +++
*** Fix build with CLANG on FREEBSD
* Version 0.7.2 [2012-12-07 Fri]
** Bugfixes
*** (Again) detect VDSO entry in r_debug linkmap with non-empty name
This bug caused messages like:
| Couldn't determine base address of linux-vdso32.so.1
| Couldn't load ELF object linux-vdso32.so.1: No such file or directory
*** Fix building with libunwind 1.1
*** Fix prototype lookup for -x symbols from shared libraries
Ltrace was unable to find prototypes of static symbols in shared
libraries. It changed the symbol name internally to the form
name@libfoo.so. Thus mangled, symbols were not found in config
files.
* Version 0.7.1 [2012-11-29 Thu]
** Bugfixes
*** ltrace.conf.5 is now installed to man5 as it should be
*** [PowerPC] A header file necessary for building is now shipped
*** [MIPS] Work around duplicate symbol request bug
This fixes the ltrace abort:
| ./ltrace: proc.c: 755: breakpoint_for_symbol: Assertion `bp->libsym == ((void *)0)' failed.
*** Detect VDSO entry in r_debug linkmap with non-empty name
This bug caused messages like:
| Couldn't determine base address of linux-vdso32.so.1
| Couldn't load ELF object linux-vdso32.so.1: No such file or directory
*** Temporary files are wiped properly after the test suite has been run
*** Parsing typedefs with common prefix now works as it should
More exactly, if there were typedefs X and XY (in this order), and
a reference was made to X, ltrace would match XY instead.
** Cofiguration Files
*** The following prototypes in ltrace.conf were added or updated
__ctype_get_mb_cur_max, __endmntent, __getmntent_r, __setmntent,
a64l, abort, abs, addmntent, getmntent_r, hasmntopt, inet_addr,
inet_aton, inet_lnaof, inet_makeaddr, inet_netof, inet_network,
inet_ntoa, kill, l64a, labs, memcpy, memmove, setlocale,
sigaction, sigaddset, sigandset, sigdelset, sigemptyset,
sigfillset, sigisemptyset, sigismember, signal, sigorset,
sigpending, sigprocmask, sigsuspend.
*** Duplicate typedefs are now guarded against
*** It's now possible to define recursive structures
Please read ltrace.conf(5) man page, chapter "recursive
structures", to learn about this new feature.
*** New lens "bitvec" is available
This allows displaying various data types as bit vectors. Please
read ltrace.conf(5) to learn more.
*** Octal lens renamed to "oct"
For reasons of consistency with "hex". "octal" is still valid and
will be for forseeable future.
*** The hex lens can now format floating point arguments
* Version 0.7.0 [2012-11-09 Fri]
** Tracing
*** Full support for tracing multi-threaded processes
Ltrace now understands thread groups, and it stops all threads
before manipulating breakpoints. The downside is that performance
of multi-threaded processes is rather bad, because handling any
event implies stopping the whole job. The upside is that
individual threads don't get random SIGILL's and SIGSEGV's and
events are not missed.
*** Support for tracing inter-library calls
-e and -x were extended to allow library selectors. See the man
page for details.
*** Better support for parameter passing ("fetch backend")
This version brings more complete support for parameter passing,
including passing structures in registers, passing double on i386,
and other edge cases that were not handled correctly before. The
following architectures now have implementation of fetch backend:
i386, x86_64, ppc, ppc64, ia64, s390, s390x, m68k.
*** Awareness of deny_ptrace SELinux boolean
The deny_ptrace boolean denies all processes from being able to
use ptrace to manipulate other processes. Ltrace now understands
that this boolean exists, and recommends turning it off, if it is
on and ltrace fails to attach to a process.
*** Limited support for tracing returns from tail call functions
*** -e, -x and -l selectors now allow using globs and regular expressions
See the man page for details of the selector syntax. This changes
the way -x and -l behave with respect to tracing libraries opened
by dlopen:
- In 0.6.0, only those -x symbols that were unmatched in main
binary were used to search through symbol table of libraries
opened with dlopen. In 0.7.0, -x and -e are applied uniformly
to each mapped binary: the main binary, dependent DSO's, and any
dlopened libraries.
- In 0.6.0, -l argument was a filename to open and inspect. In
0.7.0, -l is a glob expression matched against each mapped
binary.
*** -g command line option dropped
This option was introduced in 0.6.0 with the meaning identical to
-L, which should be used instead.
*** Test suite can now be run under valgrind
Use --enable-valgrind to turn this on.
*** [ppc] Support both BSS and secure PLTs for 32-bit processes
*** [mips] Implement software singlestepping
*** [mips] Add support for CPIC main programs
*** Support tracing PIE binaries
** Configuration Files
*** New abstraction: parameter pack
Parameter packs describe zero or more of actual arguments, whose
type can be determined in runtime. The only parameter pack
currently implemented is "format" for decoding printf-style format
strings.
In future, it should be relatively straightforward to add more
parameter packs for functions like execl, and others.
*** New expression: zero
When used in array length expressions, it means "this array ends
at the first element with zero value". C strings are essentially
array(char, zero)*.
*** Lenses: change the way that underlying type is rendered
Lenses are used similarly to parametrized types, e.g.:
| void func(lens(int)); |
**** octal
"octal", which used to be a separate type, is now lens, which can
be used to render any underlying type in base 8. Plain "octal"
is still valid and means the same thing as "octal(int)".
**** hex, hide, bool
Similarly, "hex" lens was introduced to format as base 16.
"hide" was introduced to conceal given argument. "bool" lens was
added to format objects as either true, or false.
**** enum
"enum" became lens as well. Because enum already uses
parentheses to denote the list of enumeration values, the
underlying type is selected by square brackets:
| void func(enum[short](RED,GREEN,BLUE)); |
**** string
"string" was also turned to lens. The argument can be either a
char*, or pointer to array of char, or array of char. The latter
is useful in cases like the following:
| void func_struct_2(struct(string(array(char, 6)))); |
*** Misspelling of "int" as "itn" temporarily accepted, but deprecated
Pre-0.7 ltrace shipped a buggy version of ltrace.conf that
contained the following prototype:
| itn acl_valid(addr); |
To support extant versions of ltrace.conf, that use is now
considered valid, and "itn" is a synonym of "int". It is however
deprecated, and will produce a warning in future.
*** Using void as top-level function argument now deprecated
Functions that take no arguments shouldn't pretend to take one
parameter of void type. For example the following:
| int fork(void); |
... should be declared like this:
| int fork(); |
To support extant versions of ltrace.conf, that use is now
considered valid. It is however deprecated, and will produce a
warning in future.
*** Using void to hide one argument is now obsolete
Ltrace needs to know the exact underlying type to decide what the
calling convention is. The use of void to mean "hide this
argument", such as the following example, is therefore obsolete:
| void func(void, array(int, arg1)); |
Instead, rewrite the prototype depending on the exact underlying
type:
| void func(hide(int), array(int, arg1)); |
| void func(hide(long), array(int, arg1)); |
To support extant versions of ltrace.conf, this use is still
accepted, and "void" is taken to mean "hide(int)". It is however
obsolete, produces a warning, and will be removed in future.
** Documentation
*** New manual page ltrace.conf(5)
*** README, INSTALL brought up to date
*** New file CREDITS with a list of contributors
** Bugfixes
*** Fix detaching from a process
Earlier, a process that ltrace detached from would sometimes die
of SIGSEGV, SIGTRAP, or SIGILL. These were caused by ltrace
detaching from the process just after that process hit a
breakpoint. Program counter would thus be left pointing
mid-instruction, or signals would be left pending.
*** Argument to -n is now checked for validity
*** Fix tracing across exec in a stripped binary
*** [x86] ORIG_RAX/ORIG_EAX may not contain original syscall number
In cases where the system call shouldn't be restarted, these are
set to -1. In that case assume that the return is from the
topmost syscall. This gets rid of some "unexpected breakpoint"
messages on x86_64 and i386.
*** [ppc] Fix races in tracing -e events in 64-bit processes
On ppc, the contents of PLT table change after the first call.
Ltrace used to handle this by reinserting the (now overwritten)
breakpoint after the function returns. This introduced a window
where calls to the same function from the same binary (either a
recursive calls, or calls from another thread) weren't traced.
This is fixed as of 0.7.0.
As a side effect, events requested via -e now only hit when a PLT
call is made, which is consistent with other architectures.
*** [ppc] Allow stepping over lwarx instruction
** Known bugs
*** [arm] Tracing is not supported at all on ARM
ltrace might work on older kernels, but no attempt was made to
fully support it. Newer kernels don't support PTRACE_SINGLESTEP,
which ltrace depends on. Before singlestepping is implemented in
software, ARM is considered unsupported.
* Version 0.6.0 [2011-01-06 Thu]
** General Features
*** Use autotools for building
*** New option -b: disables output of signals received by the tracee
*** New option -w: print stack trace of events
Pass --with-libunwind to configure to enable the feature. This
requires libunwind.
*** Support tracing of symbols from libraries opened with dlopen
These symbols are selected by -x.
** Architecture-specific Changes
*** Various fixes for MIPS and PowerPC
*** Support for ARM Thumb mode
*** Implement fetching of 5th and further function arguments on s390
*** Support fork/exec syscalls on 31-bit s390
*** Support for float and double arguments on x86_64
*** Fixes for return arguments (after '+') in nested calls on x86_64
* License
-------------------------------------------------------------------------------
Copyright (C) 2012-2014 Petr Machata <pmachata@redhat.com>
This file is part of ltrace.
ltrace is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
ltrace is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
|