Abstract
I want to make it easier to parse the strace’s output. Since the well-structured output in JSON is much better than the current classical output for program analysis. I am going to import a new feature to strace to make it support output in JSON. In my method, I will refactor the currently output-related code in strace and then import a totally-new framework to decouple the currently tightly-coupled high-level format and the low-level output functions.
Current Work
Currently, I had already finished a simple output hook framework and a event handling system in a new file output.c and I made some small modifications to tprintf()/tprints() to use this hook framework. I will first modify those sys_* functions(sys_read(), sys_write() etc.) in io.c to use the hook framework. I also provide a test framework implmented in python to automatically compare json output to the original output. I encoutered some small troubles in git/repository and the working flow of strace. I am now cleaning my repository and merge all current work to the new repository.
HowTo(Not Avaliable yet, coming soon. I'm now cleaning my repository.)
It's easy to use my modified strace, just like you compling any other linux source code.
1. git clone https://github.com/zym0017d/strace_GSOC2014.git
2. cd strace_GSOC2014 && git checkout devel
3. make clean && ./configure && make
4. cd strace_GSOC2014/test && make
After this, You should have the newly compiled strace in the top directory.
Note: You'd better not run make install
Let me show you in one simple example:
1) First we run strace without option “-j” to see the classical output:
$ ./strace -r -T -i -e trace=open,read,write -o test_result_classical.txt ./test
~~~~~~
The content of test_classical_json.txt.(Only partial of the entire output)
0.000032 [0000003b3acdb400] open("this_is_a_simple_test", O_WRONLY|O_CREAT|O_TRUNC, 0777) = 4 <0.000046>
0.000068 [0000003b3acdb5f0] read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"..., 3500) = 3500 <0.000009>
0.000029 [0000003b3acdb650] write(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"..., 3500) = 3500 <0.000016>
~~~~~~
2) Then we run strace with option “-j” to see the new output:
$ ./strace -r -T -i -j -e trace=open,read,write -o test_result_json.txt ./test
~~~~~~
The content of test_result_json.txt.(Only partial of the entire output)
{
"TimeRelative" : " 0.000035",
"Pointer" : "0000003b3acdb400",
"Type" : "syscall",
"Name" : "open",
"Args" : [ "this_is_a_simple_test", "O_WRONLY|O_CREAT|O_TRUNC", "0777", ],
"Return" : "4",
"TimeSpent" : "0.000054",
}
{
"TimeRelative" : " 0.000079",
"Pointer" : "0000003b3acdb5f0",
"Type" : "syscall",
"Name" : "read",
"Args" : [ "3", ""\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"...", "3500", ],
"Return" : "3500",
"TimeSpent" : "0.000010",
}
{
"TimeRelative" : " 0.000034",
"Pointer" : "0000003b3acdb650",
"Type" : "syscall",
"Name" : "write",
"Args" : [ "4", ""\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\200\5@\0\0\0\0\0"...", "3500", ],
"Return" : "3500",
"TimeSpent" : "0.000019",
}
~~~~~~
You can find the JSON output are exactly 3 object corresponding to the classical output. There are still some small format problems in the “TimeRelative” (the leading spaces) and the “Args” (the quotes). I’m keep on working to eliminate these problems. If you have ANY question or suggestion, please feel free to contact me.
Events and Timeline
- April 21 -- May 19: Community Bonding Period
- May 20 -- June 23: Working Period
- June 23 -- June 27: Mid-term Evaluation
- June 27 -- August 11: Working Period
- August 18 : Pencil Down!
TODO List
- write a test application to automaticaly compare the json output to the original output. I'm now using python to first translate the strace output in json style(with option '-j') to the original strace output. And then compare these two output to decide whether any error occuried.
- modify more functions in io.c