Abstract

I want to make it easier to parse the strace’s output. Since the well-structured output in JSON is much better than the current classical output for program analysis. I am going to import a new feature to strace to make it support output in JSON. In my method, I will refactor the currently output-related code in strace and then import a totally-new framework to decouple the currently tightly-coupled high-level format and the low-level output functions.

Current Work

Currently, I had already finished a simple output hook framework and a event handling system in a new file output.c and I made some small modifications to tprintf()/tprints() to use this hook framework. I will first modify those sys_* functions(sys_read(), sys_write() etc.) in io.c to use the hook framework. I also provide a test framework implmented in python to automatically compare json output to the original output. I encoutered some small troubles in git/repository and the working flow of strace. I am now cleaning my repository and merge all current work to the new repository.

HowTo(Not Avaliable yet, coming soon. I'm now cleaning my repository.)

It's easy to use my modified strace, just like you compling any other linux source code.
1. git clone https://github.com/zym0017d/strace_GSOC2014.git
2. cd strace_GSOC2014 && git checkout devel
3. make clean && ./configure && make
4. cd strace_GSOC2014/test && make

After this, You should have the newly compiled strace in the top directory.
Note: You'd better not run make install

Let me show you in one simple example:

1) First we run strace without option “-j” to see the classical output:
$ ./strace -r -T -i -e trace=open,read,write -o test_result_classical.txt ./test

~~~~~~ The content of test_classical_json.txt.(Only partial of the entire output)
0.000032 [0000003b3acdb400] open("this_is_a_simple_test", O_WRONLY|O_CREAT|O_TRUNC, 0777) = 4 <0.000046> 0.000068 [0000003b3acdb5f0] read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"..., 3500) = 3500 <0.000009> 0.000029 [0000003b3acdb650] write(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"..., 3500) = 3500 <0.000016> ~~~~~~

2) Then we run strace with option “-j” to see the new output:
$ ./strace -r -T -i -j -e trace=open,read,write -o test_result_json.txt ./test

~~~~~~ The content of test_result_json.txt.(Only partial of the entire output)
{ "TimeRelative" : " 0.000035", "Pointer" : "0000003b3acdb400", "Type" : "syscall", "Name" : "open", "Args" : [ "this_is_a_simple_test", "O_WRONLY|O_CREAT|O_TRUNC", "0777", ], "Return" : "4", "TimeSpent" : "0.000054", } { "TimeRelative" : " 0.000079", "Pointer" : "0000003b3acdb5f0", "Type" : "syscall", "Name" : "read", "Args" : [ "3", ""\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"...", "3500", ], "Return" : "3500", "TimeSpent" : "0.000010", } { "TimeRelative" : " 0.000034", "Pointer" : "0000003b3acdb650", "Type" : "syscall", "Name" : "write", "Args" : [ "4", ""\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"...", "3500", ], "Return" : "3500", "TimeSpent" : "0.000019", } ~~~~~~

You can find the JSON output are exactly 3 object corresponding to the classical output. There are still some small format problems in the “TimeRelative” (the leading spaces) and the “Args” (the quotes). I’m keep on working to eliminate these problems. If you have ANY question or suggestion, please feel free to contact me.

Events and Timeline

TODO List

Gsoc2014StructuredJsonOutput (last edited 2018-02-26 06:14:40 by eSyr)