How can I get dtruss on Mac OS X to successfully trace child processes?
Asked Answered
D

0

9

The dtruss man page says:

       -f     follow children as they are forked

which sounds like exactly what I want. However, observe the following behavior:

WhiteAndNerdy% uname -a
Darwin WhiteAndNerdy.local 13.4.0 Darwin Kernel Version 13.4.0: Wed Dec 17 19:05:52 PST 2014; root:xnu-2422.115.10~1/RELEASE_X86_64 x86_64
WhiteAndNerdy% sudo dtruss -f -t writev /bin/echo hello world
hello world
    PID/THRD  SYSCALL(args)          = return
37273/0x90e264:  writev(0x1, 0x7F8832D00000, 0x4)        = 12 0

WhiteAndNerdy% sudo dtruss -f -t writev sh -c '/bin/echo hello world'
    PID/THRD  SYSCALL(args)          = return

WhiteAndNerdy% sudo dtruss -f -t writev bash -c '/bin/echo hello world'
    PID/THRD  SYSCALL(args)          = return

WhiteAndNerdy% sudo dtruss -f -t writev zsh -c '/bin/echo hello world'
    PID/THRD  SYSCALL(args)          = return
37295/0x90e39b:  fork()      = 0 0

WhiteAndNerdy% sudo dtruss -f -t writev env /bin/echo hello world
    PID/THRD  SYSCALL(args)          = return

WhiteAndNerdy%

Note that except for the first case, "hello world" is not printed. (And it isn't just a matter of the output not being seen; if I run a process that takes a long time, it doesn't take any time under the sh -c and similar cases. In all the experiments I've done, it appears that execution simply stops at the first exec.)

So, I'm puzzled what dtruss -f actually does. How can I get it to behave like strace -f on Linux, which does what I want?

Motivation: I'm doing some Haskell development on OS X, and would like to trace what's happening during a run of cabal (Haskell's build system). Running dtruss -f on cabal returns without doing anything at all, because in the OS X version of the Haskell Platform, /usr/bin/cabal is a shell script which execs /Library/Haskell/bin/cabal.real. Of course, I can get around that problem by just running /Library/Haskell/bin/cabal.real directly, but that still doesn't buy me much, since cabal.real is just going to turn around and exec a bunch of other stuff. (Think make if you're not familiar with Haskell.)

Diversify answered 28/4, 2015 at 4:18 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.