kxxt / tracexec Goto Github PK
View Code? Open in Web Editor NEWTracer for execve{,at} and pre-exec behavior, launcher for debuggers.
License: GNU General Public License v2.0
Tracer for execve{,at} and pre-exec behavior, launcher for debuggers.
License: GNU General Public License v2.0
Allow users to load settings from ~/.config/tracexec/config.toml
.
Add a new subcommand for supporting system-wide exec tracing.
It cannot be implemented with ptrace so ebpf or systemtap is probably the solution.
Show if the process is running, exited, killed, etc in TUI.
Nice tool, but I am getting the following error on my Mac M1, how to fix it ?
➜ ~ cargo install tracexec --bin tracexec
Updating crates.io index
Downloaded tracexec v0.0.5
Downloaded 1 crate (417.5 KB) in 0.06s
Installing tracexec v0.0.5
Updating crates.io index
Downloaded backtrace v0.3.71
Downloaded rustc-demangle v0.1.24
Downloaded tracing-error v0.2.0
Downloaded supports-color v2.1.0
Downloaded serde v1.0.201
Downloaded syn v2.0.61
Downloaded object v0.32.2
Downloaded gimli v0.28.1
Downloaded color-eyre v0.6.3
Downloaded seccompiler v0.4.0
Downloaded cc v1.0.97
Downloaded strum_macros v0.26.2
Downloaded rustversion v1.0.16
Downloaded owo-colors v3.5.0
Downloaded num-traits v0.2.19
Downloaded kxxt-owo-colors v4.0.0
Downloaded autocfg v1.3.0
Downloaded anstyle v1.0.7
Downloaded addr2line v0.21.0
Downloaded strum v0.26.2
Downloaded shell-quote v0.5.0
Downloaded proc-macro2 v1.0.82
Downloaded pretty_env_logger v0.5.0
Downloaded libc v0.2.154
Downloaded is_ci v1.2.0
Downloaded colorchoice v1.0.1
Downloaded atoi v2.0.0
Downloaded is_terminal_polyfill v1.70.0
Downloaded color-spantrace v0.2.1
Downloaded anstyle-query v1.0.3
Downloaded anstyle-parse v0.2.4
Downloaded anstream v0.6.14
Downloaded 32 crates (3.2 MB) in 0.30s
Compiling libc v0.2.154
Compiling memchr v2.7.2
Compiling once_cell v1.19.0
Compiling cfg-if v1.0.0
Compiling proc-macro2 v1.0.82
Compiling unicode-ident v1.0.12
Compiling regex-syntax v0.8.3
Compiling lazy_static v1.4.0
Compiling pin-project-lite v0.2.14
Compiling sharded-slab v0.1.7
Compiling utf8parse v0.2.1
Compiling autocfg v1.3.0
Compiling tracing-core v0.1.32
Compiling thread_local v1.1.8
Compiling aho-corasick v1.1.3
Compiling cc v1.0.97
Compiling rustversion v1.0.16
Compiling tracing-subscriber v0.3.18
Compiling tracing v0.1.40
Compiling regex-automata v0.4.6
Compiling backtrace v0.3.71
Compiling num-traits v0.2.19
Compiling anstyle-parse v0.2.4
Compiling anstyle v1.0.7
Compiling gimli v0.28.1
Compiling anstyle-query v1.0.3
Compiling is_terminal_polyfill v1.70.0
Compiling eyre v0.6.12
Compiling colorchoice v1.0.1
Compiling quote v1.0.36
Compiling syn v2.0.61
Compiling is-terminal v0.4.12
Compiling adler v1.0.2
Compiling anstream v0.6.14
Compiling miniz_oxide v0.7.2
Compiling regex v1.10.4
Compiling tracing-error v0.2.0
Compiling object v0.32.2
Compiling owo-colors v3.5.0
Compiling addr2line v0.21.0
Compiling heck v0.5.0
Compiling log v0.4.21
Compiling clap_lex v0.7.0
Compiling termcolor v1.4.1
Compiling is_ci v1.2.0
Compiling humantime v2.1.0
Compiling rustc-demangle v0.1.24
Compiling strsim v0.11.1
Compiling heck v0.4.1
Compiling indenter v0.3.3
Compiling clap_builder v4.5.2
Compiling env_logger v0.10.2
Compiling supports-color v2.1.0
Compiling color-spantrace v0.2.1
Compiling bstr v1.9.1
Compiling bitflags v2.5.0
Compiling atoi v2.0.0
Compiling nix v0.27.1
Compiling shell-quote v0.5.0
Compiling kxxt-owo-colors v4.0.0
Compiling strum_macros v0.26.2
Compiling clap_derive v4.5.4
Compiling color-eyre v0.6.3
Compiling pretty_env_logger v0.5.0
Compiling seccompiler v0.4.0
error[E0425]: cannot find value `SECCOMP_FILTER_FLAG_TSYNC` in crate `libc`
--> /Users/andrewssobral/.cargo/registry/src/index.crates.io-6f17d22bba15001f/seccompiler-0.4.0/src/lib.rs:328:47
|
328 | apply_filter_with_flags(bpf_filter, libc::SECCOMP_FILTER_FLAG_TSYNC)
| ^^^^^^^^^^^^^^^^^^^^^^^^^ not found in `libc`
error[E0425]: cannot find function `prctl` in crate `libc`
--> /Users/andrewssobral/.cargo/registry/src/index.crates.io-6f17d22bba15001f/seccompiler-0.4.0/src/lib.rs:347:29
|
347 | let rc = unsafe { libc::prctl(libc::PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) };
| ^^^^^ not found in `libc`
error[E0425]: cannot find value `PR_SET_NO_NEW_PRIVS` in crate `libc`
--> /Users/andrewssobral/.cargo/registry/src/index.crates.io-6f17d22bba15001f/seccompiler-0.4.0/src/lib.rs:347:41
|
347 | let rc = unsafe { libc::prctl(libc::PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) };
| ^^^^^^^^^^^^^^^^^^^ not found in `libc`
error[E0425]: cannot find value `SYS_seccomp` in crate `libc`
--> /Users/andrewssobral/.cargo/registry/src/index.crates.io-6f17d22bba15001f/seccompiler-0.4.0/src/lib.rs:363:19
|
363 | libc::SYS_seccomp,
| ^^^^^^^^^^^ not found in `libc`
error[E0308]: mismatched types
--> /Users/andrewssobral/.cargo/registry/src/index.crates.io-6f17d22bba15001f/seccompiler-0.4.0/src/lib.rs:376:38
|
376 | return Err(Error::ThreadSync(rc));
| ----------------- ^^ expected `i64`, found `i32`
| |
| arguments to this enum variant are incorrect
|
note: tuple variant defined here
--> /Users/andrewssobral/.cargo/registry/src/index.crates.io-6f17d22bba15001f/seccompiler-0.4.0/src/lib.rs:242:5
|
242 | ThreadSync(libc::c_long),
| ^^^^^^^^^^
help: you can convert an `i32` to an `i64`
|
376 | return Err(Error::ThreadSync(rc.into()));
| +++++++
Some errors have detailed explanations: E0308, E0425.
For more information about an error, try `rustc --explain E0308`.
error: could not compile `seccompiler` (lib) due to 5 previous errors
warning: build failed, waiting for other jobs to finish...
error: failed to compile `tracexec v0.0.5`, intermediate artifacts can be found at `/var/folders/4y/0hm48z794zd2d15cwsg10kcm0000gn/T/cargo-install2rFoLE`.
To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.
➜ ~
I have an app my-app and another app B. There's a bug that occurs only when B executes my-app. I want to directly debug my-app when executing B.
And BTW it's very painful to debug multi-process applications in gdb.
Maybe I could implement gdb server protocol in tracexec and let gdb as a client connect to it. This way further exec events can also be traced.
Maybe export it to json/yaml? And implement a viewer command.
Add a new kind of breakpoint that break on process fork/clone.
There should be two ways to add such breakpoint:
Displaying full path takes significant large spaces in the TUI. Sometimes relative paths are easier to reason about and more concise.
But this would generate incorrect information if chroots are involved. So putting a warning somewhere is desired.
It's nice to have shell auto-completion
For the following use case:
Something works on machine A but doesn't work on machine B.
A user might want to capture the baseline environment fro machine A and run tracexec on machine B with the baseline env from machine A.
This fits pretty well into the build system analysis scenario - let's say you want to build the Linux kernel, you have a big process tree and need to find what takes the most time (to optimize/disable these areas). It would be nice to track how long each process takes.
Add a shortcut key T
for TUI to toggle list/tree.
Inspired by https://blog.quarticcat.com/posts/no-more-oom/ ,
I think tracexec is the perfect place to control the parallelism of build system. r8(it's not a linker anyway) really pushes my system near/to OOM when building AOSP based systems.
Define a group as a collection of filename patterns(plain text or regex). e.g. linker group with /ld
and /ld.ldd
. Then we can control how many processes can run at the same time by pausing excessive processes at execve syscall exit stop and continuing them once old processes exit.
Similar to #4, but we can export the exec events as commonly used formats like compile_commands.json
used by clangd: https://clang.llvm.org/docs/JSONCompilationDatabase.html
Currently TUI is already theme-able at compile time. It would be nice to theme it at runtime by loading configuration files(TOML should be fine). And I want to make several themes.
Note that themes can also be installed system-wide.
Add an eBPF backend for
- System-wide tracing (#33)
This should be fairly easy because we only need to attach to execve{,at}_sys{enter,exit} tracepoints/(fentry/fexit) and listen for events then passing them back to userspace.
Some changes are required at TUI layer to remove Breakpoint Manager and Hit Manager for this mode.
- Emulating old follow-fork behavior to provide a mostly compatible interface like the old one
This is probably hard. We need to create a BPF map to keep track of all descendant pids originating from the root tracee, then use this map to filter all the execve{,at} events. To do so I think hooking do_fork
using eBPF should be much easier than hooking all clone{,3}/fork/vfork
syscalls. (And we need to take care of possible pid reuse as well)
Or alternatively maybe create a new pidns and only do tracing in that pid namespace.
Sometimes the built-in terminal is not enough, and people might want to run tracexec tui -- konsole
.
But konsole and the new shell session brings many changes into the environment, thus making the env diff more noisy.
It would be great to let people to change the baseline environment at runtime to make the environment diff more readable.
Currently the pseudo term inside tracexec isn't feature complete. But it's already very helpful for using it on remote servers where X11/Wayland isn't available.
But if X11/Wayland is available, It would be nice to launch a separate terminal emulator that is feature complete. This means that the current monolith architecture need to be refactored into a client/server model because we need to spawn a worker process inside the new terminal emulator.
IPC can be hard so I am labeling this feature as low-priority
For now there's lots of clones involved in the code. We could use something like https://github.com/thomcc/arcstr to optimize the memory footprint.
The tui can already handle 100000 events with a very low idle cpu usage without hassle thanks to the complex multi-layer cache system I implemented. But the memory usage doesn't look nice to me (total ram 16GB).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.