Debugging Tools
Postmodern strace
strace is a diagnostic, debugging and instructional utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. In this talk the maintainer of strace will describe new features implemented since FOSDEM 2018.
Several interesting features were implemented within strace project since FOSDEM 2018, including:
seccomp-assisted system call filtering
system call return status filtering
PTRACE_GET_SYSCALL_INFO API support
new options: -DD, -DDD, -X, -z, -Z
In this talk the maintainer of strace will describe these new features and demonstrate what kinds of problems they help to solve.
Additional information
| Type | devroom |
|---|
More sessions
| 2/2/20 |
HawkTracer is low-overhead instrumentation-based profiler built at Amazon Video for platforms with limited capabilities. It's written in C but can be used almost with any other language (we've successfully used it with JavaScript, LUA, Python and Rust). It's highly extensible (at compile time) and portable so it can be run on almost any embedded device. In this talk I'll introduce the architecture of the profiler, present it's advantages and limitations, show how can you instrument the code and ...
|
| 2/2/20 |
We introduce a GDB plugin for working with large data structures in the inferior. This plugin brings some of the flexibility of Unix pipelines to the GDB command prompt, providing the ability to conveniently run some action on every element in a data structure that matches certain criteria. One big aim of this plugin is to make it easy and convenient for a user to write their own sub-commands to iterate over the data structures used in their own program. This is intended for anyone who has found ...
|
| 2/2/20 |
GDB has had a curses-based interface for many years. Come see what new features are available and how it can improve your debugging experience.
|
| 2/2/20 |
Valgrind's Memcheck tool reports various kinds of errors. One of the most important are those where an if-condition or a memory address uses undefined data. Detecting that reliably on optimized code is challenging, and recent compiler development has made the problem worse.
|
| 2/2/20 |
The talk gives an overview of various optimisations implemented in strace over the past several years. While most of them are quite trivial (like caching of frequently-used data or avoiding syscalls whenever possible), some of them are a bit more tricky (like usage of seccomp BPF programs for avoiding excessive ptrace stops) and/or target more specific use cases (like the infamous thread queueing patch[1], which was carried as a RHEL downstream patch for almost 10 years). [1] ...
|
| 2/2/20 |
strace is known to add significant overhead to any application it traces. Even when users are interested in a handful of syscalls, strace will by default intercept all syscalls made by the observed processes, involving several context switches per syscall. Since strace v5.3, the --seccomp-bpf option allows reducing this overhead, by stopping observed processes only at syscalls of interest. This option relies on seccomp-bpf and inherits a few of its limitations. In this talk, we will describe the ...
|
| 2/2/20 |
By allowing to safely load programs from user space and to execute them in the kernel, eBPF (extended Berkeley Packet Filter) has brought new possibilities to the Linux kernel, in particular in terms of tracing and network processing. But when a program fails to load, or when it does not return the expected values, what tools do we have to examine, inspect and debug eBPF objects? This talk focuses on the different tools and mechanisms available to help eBPF developers debug their programs, at ...
|
