4

How to view call stack, return value and arguments of the simply program below, with dtrace

 /** Trival code **/ #include <stdio.h> int foo (int *a, int *b) { *a = *b; *b = 4; return 0; } int main (void) { int a, b; a = 1; b = 2; foo (&a, &b); printf ("Value a: %d, Value b: %d\n", a, b); return 0; }
Improve this question

1 Answer 1

Reset to default
12

First off, here's the script:

pid$target::foo:entry { ustack(); self->arg0 = arg0; self->arg1 = arg1; printf("arg0 = 0x%x\n", self->arg0); printf("*arg0 = %d\n", *(int *)copyin(self->arg0, 4)); printf("arg1 = 0x%x\n", self->arg1); printf("*arg1 = %d\n", *(int *)copyin(self->arg1, 4)); } pid$target::foo:return { ustack(); printf("arg0 = 0x%x\n", self->arg0); printf("*arg0 = %d\n", *(int *)copyin(self->arg0, 4)); printf("arg1 = 0x%x\n", self->arg1); printf("*arg1 = %d\n", *(int *)copyin(self->arg1, 4)); printf("return = %d\n", arg1); }

How this works. ustack() prints the stack of the user process.

In an function entry, argN is the Nth argument to the function. Since the arguments are pointers, you need to use copyin() to copy in the actual data before you dereference it.

For a function return, you no longer have access to the function arguments. So you save the parameters for later use.

Finally, for a function return, you can access the value returned by the function with arg1.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Actually, reading the args at entry time can cause errors because the memory address might have not been paged in yet. docs.oracle.com/cd/E18752_01/html/819-5488/gcgkk.html#gcgkr

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.