1*387f9dfdSAndroid Build Coastguard WorkerDemonstrations of shmsnoop, the Linux eBPF/bcc version. 2*387f9dfdSAndroid Build Coastguard Worker 3*387f9dfdSAndroid Build Coastguard Workershmsnoop traces shm*() syscalls, for example: 4*387f9dfdSAndroid Build Coastguard Worker 5*387f9dfdSAndroid Build Coastguard Worker# ./shmsnoop.py 6*387f9dfdSAndroid Build Coastguard WorkerPID COMM SYS RET ARGs 7*387f9dfdSAndroid Build Coastguard Worker19813 server SHMGET 10000 key: 0x78020001, size: 20, shmflg: 0x3b6 (IPC_CREAT|0666) 8*387f9dfdSAndroid Build Coastguard Worker19813 server SHMAT 7f1cf8b1f000 shmid: 0x10000, shmaddr: 0x0, shmflg: 0x0 9*387f9dfdSAndroid Build Coastguard Worker19816 client SHMGET 10000 key: 0x78020001, size: 20, shmflg: 0x1b6 (0666) 10*387f9dfdSAndroid Build Coastguard Worker19816 client SHMAT 7f4fd8ee7000 shmid: 0x10000, shmaddr: 0x0, shmflg: 0x0 11*387f9dfdSAndroid Build Coastguard Worker19816 client SHMDT 0 shmaddr: 0x7f4fd8ee7000 12*387f9dfdSAndroid Build Coastguard Worker19813 server SHMDT 0 shmaddr: 0x7f1cf8b1f000 13*387f9dfdSAndroid Build Coastguard Worker19813 server SHMCTL 0 shmid: 0x10000, cmd: 0, buf: 0x0 14*387f9dfdSAndroid Build Coastguard Worker 15*387f9dfdSAndroid Build Coastguard Worker 16*387f9dfdSAndroid Build Coastguard WorkerEvery call the shm* syscall (SHM column) is displayed 17*387f9dfdSAndroid Build Coastguard Workeron separate line together with process info (PID/COMM 18*387f9dfdSAndroid Build Coastguard Workercolumns) and argument details: return value (RET column) 19*387f9dfdSAndroid Build Coastguard Workerand syscall arguments (ARGs column). 20*387f9dfdSAndroid Build Coastguard Worker 21*387f9dfdSAndroid Build Coastguard WorkerThe ARGs column contains 'arg: value' couples that represent 22*387f9dfdSAndroid Build Coastguard Workergiven syscall arguments as described in their manpage. 23*387f9dfdSAndroid Build Coastguard Worker 24*387f9dfdSAndroid Build Coastguard WorkerThis works by tracing shm* system calls and sending 25*387f9dfdSAndroid Build Coastguard Workerargument details to the python script. 26*387f9dfdSAndroid Build Coastguard Worker 27*387f9dfdSAndroid Build Coastguard WorkerA -T option can be used to include a timestamp column, 28*387f9dfdSAndroid Build Coastguard Workerand a -n option to match on a command name. Regular 29*387f9dfdSAndroid Build Coastguard Workerexpressions are allowed. For example, matching commands 30*387f9dfdSAndroid Build Coastguard Workercontaining "server" with timestamps: 31*387f9dfdSAndroid Build Coastguard Worker 32*387f9dfdSAndroid Build Coastguard Worker# ./shmsnoop.py -T -n server 33*387f9dfdSAndroid Build Coastguard WorkerTIME(s) PID COMM SYS RET ARGs 34*387f9dfdSAndroid Build Coastguard Worker0.563194000 19825 server SHMDT 0 shmaddr: 0x7f74362e4000 35*387f9dfdSAndroid Build Coastguard Worker0.563237000 19825 server SHMCTL 0 shmid: 0x18000, cmd: 0, buf: 0x0 36*387f9dfdSAndroid Build Coastguard Worker 37*387f9dfdSAndroid Build Coastguard Worker 38*387f9dfdSAndroid Build Coastguard WorkerA -p option can be used to trace only selected process: 39*387f9dfdSAndroid Build Coastguard Worker 40*387f9dfdSAndroid Build Coastguard Worker# ./shmsnoop.py -p 19855 41*387f9dfdSAndroid Build Coastguard WorkerPID COMM SYS RET ARGs 42*387f9dfdSAndroid Build Coastguard Worker19855 server SHMDT 0 shmaddr: 0x7f4329ff8000 43*387f9dfdSAndroid Build Coastguard Worker19855 server SHMCTL 0 shmid: 0x20000, cmd: 0, buf: 0x0 44*387f9dfdSAndroid Build Coastguard Worker 45*387f9dfdSAndroid Build Coastguard WorkerUSAGE message: 46*387f9dfdSAndroid Build Coastguard Worker# ./shmsnoop.py -h 47*387f9dfdSAndroid Build Coastguard Workerusage: shmsnoop.py [-h] [-T] [-p PID] [-t TID] [-d DURATION] [-n NAME] 48*387f9dfdSAndroid Build Coastguard Worker 49*387f9dfdSAndroid Build Coastguard WorkerTrace shm*() syscalls 50*387f9dfdSAndroid Build Coastguard Worker 51*387f9dfdSAndroid Build Coastguard Workeroptional arguments: 52*387f9dfdSAndroid Build Coastguard Worker -h, --help show this help message and exit 53*387f9dfdSAndroid Build Coastguard Worker -T, --timestamp include timestamp on output 54*387f9dfdSAndroid Build Coastguard Worker -p PID, --pid PID trace this PID only 55*387f9dfdSAndroid Build Coastguard Worker -t TID, --tid TID trace this TID only 56*387f9dfdSAndroid Build Coastguard Worker -d DURATION, --duration DURATION 57*387f9dfdSAndroid Build Coastguard Worker total duration of trace in seconds 58*387f9dfdSAndroid Build Coastguard Worker -n NAME, --name NAME only print process names containing this name 59*387f9dfdSAndroid Build Coastguard Worker 60*387f9dfdSAndroid Build Coastguard Workerexamples: 61*387f9dfdSAndroid Build Coastguard Worker ./shmsnoop # trace all shm*() syscalls 62*387f9dfdSAndroid Build Coastguard Worker ./shmsnoop -T # include timestamps 63*387f9dfdSAndroid Build Coastguard Worker ./shmsnoop -p 181 # only trace PID 181 64*387f9dfdSAndroid Build Coastguard Worker ./shmsnoop -t 123 # only trace TID 123 65*387f9dfdSAndroid Build Coastguard Worker ./shmsnoop -d 10 # trace for 10 seconds only 66*387f9dfdSAndroid Build Coastguard Worker ./shmsnoop -n main # only print process names containing "main" 67