search

wkz / ply

Light-weight Dynamic Tracer for Linux
https://wkz.github.io/ply
GNU General Public License v2.0
402 stars 156 forks source link

Deactivating on lost events #16

Closed aravind closed 5 years ago

aravind commented 5 years ago

I find that ply will simply deactivate and quit with a message saying it lost events in some cases. In my particular example I was trying to find all the files emacs opens on launch, but a trivial example is to open two shells, launch ply on one of them with this:

sudo ply 'kprobe:do_sys_open / !strcmp(comm, "find") / { printf("%v(%v): %s\n", comm, pid, str(arg1)); }'

In another shell run a find command like find / -type f -print

After a little bit ply quits with this message:

error: lost 52 eventsply: deactivating
ERR:75

Happy to attach the output of ply -S if you think it's useful.

wkz commented 5 years ago

Yes, this the expected behavior. Unless the user explicitly allows lost events, traces should be complete.

The option to override this was available in 1.x, but I hadn't gotten around to add the option to 2.x. Now it's there :smile:

aravind commented 5 years ago

thank you for the fast fix!