10#include <cosmos/BitMask.hxx>
11#include <cosmos/io/StdLogger.hxx>
12#include <cosmos/main.hxx>
13#include <cosmos/types.hxx>
16#include <clues/Engine.hxx>
17#include <clues/EventConsumer.hxx>
18#include <clues/SystemCall.hxx>
27 public cosmos::MainPlainArgs {
32 TermTracer(
const TermTracer&) =
delete;
33 TermTracer& operator=(
const TermTracer&) =
delete;
46 enum class FollowChildMode {
58 using Flags = cosmos::BitMask<Flag>;
66 void printABISyscalls(
const std::string &abi);
70 cosmos::ExitStatus main(
const int argc,
const char **argv)
override;
72 bool configureTracee(
const cosmos::ProcessID pid);
76 void configureLogger();
78 std::string formatTraceeInvocation(
const Tracee &tracee);
79 std::string formatTraceeInvocation(
const std::string &exe,
const cosmos::StringVector &cmdline)
const;
80 void printPar(std::ostream &trace,
const SystemCallItem &value)
const;
84 bool followExecutionContext(
Tracee &tracee);
119 bool hasActiveSyscall(
const Tracee &tracee)
const {
120 return hasActiveSyscall(tracee.pid());
123 bool hasActiveSyscall(
const cosmos::ProcessID pid)
const {
124 return activeSyscall(pid) !=
nullptr;
127 const SystemCall* activeSyscall(
const cosmos::ProcessID pid)
const {
133 if (std::get<cosmos::ProcessID>(info) != pid) {
137 return std::get<const SystemCall*>(info);
140 const SystemCall* activeSyscall(
const Tracee &tracee)
const {
141 return activeSyscall(tracee.pid());
144 const SystemCall* activeSyscall()
const {
160 const SystemCall*
findSyscall(
const Tracee &tracee)
const;
162 bool isExecSyscall(
const SystemCall &sc)
const;
165 bool isEnabled(
const SystemCall *sc)
const;
174 void cleanupTracee(
const Tracee &tracee);
177 void updateTracee(
const Tracee &tracee,
const cosmos::ProcessID old_pid);
179 bool seenInitialExec()
const {
192 void checkABI(
const Tracee &tracee,
const SystemCallInfo &info);
196 void syscallEntry(Tracee &tracee,
const SystemCall &sc,
const StatusFlags flags)
override;
198 void syscallExit(Tracee &tracee,
const SystemCall &sc,
const StatusFlags flags)
override;
200 void signaled(Tracee &tracee,
const cosmos::SigInfo &info)
override;
202 void attached(Tracee &tracee)
override;
204 void exited(Tracee &tracee,
const cosmos::WaitStatus status,
const StatusFlags flags)
override;
207 const std::string &old_exe,
208 const cosmos::StringVector &old_cmdline,
209 const std::optional<cosmos::ProcessID> old_pid)
override;
214 const cosmos::ptrace::Event event,
215 const StatusFlags flags)
override;
217 void stopped(Tracee &tracee)
override;
219 void disappeared(Tracee &tracee,
const cosmos::ChildState &data)
override;
228 cosmos::Init m_cosmos;
274 std::map<cosmos::ProcessID, std::pair<cosmos::ProcessID, cosmos::ptrace::Event>>
m_new_tracees;
Callback interface for consumers of tracing events.
Base class for any kind of system call parameter or return value.
std::vector< SystemCallItemPtr > ParameterVector
Vector of the parameters required for a system call.
const SystemCall * findSyscall(const Tracee &tracee) const
Find any active or unfinished system call for pid.
void newChildProcess(Tracee &parent, Tracee &child, const cosmos::ptrace::Event event, const StatusFlags flags) override
A new child process has been created.
std::optional< std::tuple< cosmos::ProcessID, const SystemCall * > > m_active_syscall
The currently active system call, if any.
void syscallExit(Tracee &tracee, const SystemCall &sc, const StatusFlags flags) override
A system call has been finished.
const SystemCall * currentSyscall(const Tracee &tracee) const
Returns the system call last seen for tracee, or nullptr if there's none.
Flags m_flags
State flags with global context or carried between different callbacks.
void checkABI(const Tracee &tracee, const SystemCallInfo &info)
Checks the current system call's ABI and reports ABI changes.
std::string m_exec_context_arg
optional argument to m_follow_exec (e.g. path, glob, script)
bool storeUnfinishedSyscallCtx()
Store an active system call in m_unfinished_syscalls.
Args m_args
Command line arguments and parser.
void syscallEntry(Tracee &tracee, const SystemCall &sc, const StatusFlags flags) override
A system call is about to be executed in the Tracee.
void abortSyscall(const Tracee &tracee)
Abort syscall if one was active for tracee.
std::ostream & traceStream(const Tracee &tracee, const bool new_line=true)
Returns the currently active trace output stream, starting a new output line.
std::map< cosmos::ProcessID, std::pair< cosmos::ProcessID, cosmos::ptrace::Event > > m_new_tracees
Newly created tracees that haven't seen any ptrace stop yet.
void signaled(Tracee &tracee, const cosmos::SigInfo &info) override
The tracee has received a signal.
void updateTracee(const Tracee &tracee, const cosmos::ProcessID old_pid)
Update internal data structures in case a tracee changed PID.
clues::ABI m_last_abi
The ABI of the last system call we've seen.
FollowChildMode m_follow_children
Behaviour upon newChildProcess()
FollowExecContext
What to do upon execve.
void exited(Tracee &tracee, const cosmos::WaitStatus status, const StatusFlags flags) override
The tracee is about to end execution.
@ DROPPED_TO_LAST_TRACEE
whether we've returned to tracing only a single PID anymore.
@ SEEN_INITIAL_EXEC
whether we've seen a ChildTracee's initial newExecutionContext().
std::map< cosmos::ProcessID, const SystemCall * > m_unfinished_syscalls
Unfinished / preempted system calls.
FollowExecContext m_follow_exec
Behaviour upon newExecutionContext()
size_t m_par_truncation_len
Maximum length of of system call parameter values to print before truncating the output.
void checkResumedSyscall(const Tracee &tracee)
Check whether tracee has an unfinished system call pending.
void stopped(Tracee &tracee) override
The tracee entered group-stop due to a stopping signal.
size_t m_num_tracees
The number of tracees we're currently dealing with.
cosmos::StdLogger m_logger
cosmos ILogger instance for clues library logging.
void disappeared(Tracee &tracee, const cosmos::ChildState &data) override
The tracee disappeared for unclear reasons.
std::set< SystemCallNr > m_syscall_filter
Whitelist of system calls to trace, if any.
void attached(Tracee &tracee) override
The tracee is now properly attached to.
void startNewLine(std::ostream &trace, const Tracee &tracee)
Start a new output line concerning `tracee.
bool isEnabled(const SystemCall *sc) const
Returns true if sc is set and supposed to the printed.
Engine m_engine
libclues main object.
void newExecutionContext(Tracee &tracee, const std::string &old_exe, const cosmos::StringVector &old_cmdline, const std::optional< cosmos::ProcessID > old_pid) override
A new program is executed in the tracee.
cosmos::ProcessID m_main_tracee_pid
The PID of the main process we're tracing (the one we created or attached to).
std::optional< cosmos::WaitStatus > m_main_status
The WaitStatus of the main process we've seen upon it exiting.
bool m_print_pars
Whether to print system call parameters at all (-s 0 disables it).
Base class for traced processes.
1.13.2