dtrace discuss - Aug 2008 - proc::postsig:signal-handle in leopard

disclaimer: I am a dtrace beginner.
A common convention in Umix is that a process rereads its
configuration files when sent
a SIGHUP signal. So I thought smart to write a dtrace script (shown
below) that prints the files opened
by a process that receive any signal.  I starts the said script, next
I do a "sudo killall -1 httpd" and I get nothing except  lines like :

trace: error on enabled probe ID 2 (ID 17602: syscall::open:entry):
invalid user access in predicate at DIF offset 4
dtrace: error on enabled probe ID 3 (ID 17603: syscall::open:return):
invalid user access in predicate at DIF offset 4

I am using leopard.
What am I doing wrong?

#! /usr/sbin/dtrace -s

proc::postsig:signal-handle  {
  this->pid = pid;
  printf("%s with pid %d got a signal %d\n", execname, pid, arg0);
}
syscall::open:entry /this->pid == pid/ {   this->file = copyinstr(arg0); 
}
syscall::open:return /this->pid == pid/ {   printf( "%s  %s %d\n",
execname,  this->file, arg0); }



-- 
cognominal stef

On Mon, Aug 04, 2008 at 11:27:37PM +0200, St?phane Payrard
wrote:
> disclaimer: I am a dtrace beginner.
> A common convention in Umix is that a process rereads its
> configuration files when sent
> a SIGHUP signal. So I thought smart to write a dtrace script (shown
> below) that prints the files opened
> by a process that receive any signal.  I starts the said script, next
> I do a "sudo killall -1 httpd" and I get nothing except  lines
like :
> 
> trace: error on enabled probe ID 2 (ID 17602: syscall::open:entry):
> invalid user access in predicate at DIF offset 4
> dtrace: error on enabled probe ID 3 (ID 17603: syscall::open:return):
> invalid user access in predicate at DIF offset 4
> 
> I am using leopard.
> What am I doing wrong?
There are a couple basic issues with your code:

1.  "this->" variables are only guaranteed to keep their values
during
    a single firing (i.e. for any number of blocks with the *same* probe
    definition).  For your purposes, either "self->"
(thread-local" or
    global associative arrays make more sense.

2.  The "postsig" part of proc::postsig:signal-handle is a private
    implementation detail, and should be removed;  that way, your script
    will also work under Solaris.

3.  copyin actions are only likely to succeed if they happen after a known
    user or kernel reading of the data;  i.e. it''s better to do the
copyinstr()
    in the *return* probe.

Your original program:
> #! /usr/sbin/dtrace -s
> 
> proc::postsig:signal-handle  {
>   this->pid = pid;
>   printf("%s with pid %d got a signal %d\n", execname, pid,
arg0);
> }
> syscall::open:entry /this->pid == pid/ {   this->file =
copyinstr(arg0);  }
> syscall::open:return /this->pid == pid/ {   printf( "%s  %s
%d\n",
> execname,  this->file, arg0); }
How I''d do it:

--- cut here ---
#!/usr/sbin/dtrace -qs

proc:::signal-handle
{
    gotsignal[pid] = 1;
    printf("%s with pid %d got a signal %d\n", execname, pid, arg0);
}

syscall::open:entry
/gotsignal[pid]/
{
     self->file = arg0;
}

syscall::open:return
/self->file/
{
	printf("%s  %s %d\n", execname, copyinstr(self->file), arg0);
	self->file = 0;
}

proc:::exit
/gotsignal[pid]/
{
	gotsignal[pid] = 0;
}
--- cut here ---

(the last part cleans up old state as processes exit)

Cheers,
- jonathan