This is the mail archive of the
mailing list for the Archer project.
Re: Syscall tracing
I consider this just a special case of pretty printing. The registers at
syscall entry/exit are a record of a giant variant record type, with the
syscall number register as its top-level variant discriminator.
There are two pieces to helpful examination/display of the data. The first
piece is the physical layout of data types in memory. The second piece is
displaying that in a semantically helpful form. (I promise I'll replace
"semantically helpful" with "pretty" from now on, like a normal person.)
To pretty-print an object of a type defined by some DSO, for the first
piece we use the DWARF type descriptions that encode the ABI's layout,
names, and types. I'd always figured this is the right thing to do for the
syscall ABI too. This enables not just pretty-printing, but using the
details in expression evaluation, GUI data inspectors, etc.
So that unifies the second piece with the general pretty-printing issue.
The kernel delivering its syscall ABI and how to make that pretty is just
like some user libraries delivering its DSO ABIs and how to make that data