(CommandList children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:tracing) op: Equal rhs: {(/sys/kernel/debug/tracing)} spids: [148] ) ] spids: [148] ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:flock) op: Equal rhs: {(/var/tmp/.ftrace-lock)} spids: [151] ) ] spids: [151] ) terminator: <Op_Semi ";"> ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:wroteflock) op:Equal rhs:{(0)} spids:[155])] spids: [155] ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:opt_duration) op:Equal rhs:{(0)} spids:[158])] spids: [158] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:duration) op:Equal rhs:{(SQ )} spids:[162])] spids: [162] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:opt_name) op:Equal rhs:{(0)} spids:[165])] spids: [165] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:name) op:Equal rhs:{(SQ )} spids:[169])] spids: [169] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:opt_pid) op:Equal rhs:{(0)} spids:[172])] spids: [172] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pid) op:Equal rhs:{(SQ )} spids:[176])] spids: [176] ) terminator: <Op_Semi ";"> ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:ftext) op:Equal rhs:{(SQ )} spids:[179])] spids: [179] ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:opt_time) op:Equal rhs:{(0)} spids:[181])] spids: [181] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:opt_fail) op:Equal rhs:{(0)} spids:[185])] spids: [185] ) terminator: <Op_Semi ";"> ) (Sentence child: (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:opt_file) op:Equal rhs:{(0)} spids:[189])] spids: [189] ) terminator: <Op_Semi ";"> ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:file) op:Equal rhs:{(SQ )} spids:[193])] spids: [193] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:kevent_entry) op: Equal rhs: {(events/syscalls/sys_enter_kill)} spids: [195] ) ] spids: [195] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:kevent_return) op: Equal rhs: {(events/syscalls/sys_exit_kill)} spids: [198] ) ] spids: [198] ) (C {(trap)} {(SQ <":">)} {(INT)} {(QUIT)} {(TERM)} {(PIPE)} {(HUP)}) (FuncDef name: usage body: (BraceGroup children: [ (SimpleCommand words: [{(cat)}] redirects: [ (HereDoc op_id: Redir_DLessDash fd: -1 body: { (DQ ("USAGE: killsnoop [-hst] [-d secs] [-p PID] [-n name] [filename]\n") (" -d seconds # trace duration, and use buffers\n") (" -n name # process name to match \n") (" -p PID # PID to match on kill issue\n") (" -t # include time (seconds)\n") (" -s # human readable signal names\n") (" -h # this usage message\n") (" eg,\n") (" killsnoop # watch kill()s live (unbuffered)\n") (" killsnoop -d 1 # trace 1 sec (buffered)\n") ( " killsnoop -p 181 # trace kill()s issued to PID 181 only\n" ) ("\n") ("See the man page and example file for more info.\n") ) } do_expansion: True here_end: END was_filled: True spids: [230] ) (Redir op_id:Redir_GreatAnd fd:-1 arg_word:{(2)} spids:[233]) ] ) (C {(exit)}) ] spids: [225] ) spids: [221 224] ) (FuncDef name: warn body: (BraceGroup children: [ (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children:[(C {(eval)} {(DQ ($ VSub_At "$@"))})] negated:True) terminator: <Op_Semi ";"> ) ] action: [ (SimpleCommand words: [ {(echo)} { (DQ ("WARNING: command failed ") (EscapedLiteralPart token: <Lit_EscapedChar "\\\""> ) ($ VSub_At "$@") (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) ) } ] redirects: [(Redir op_id:Redir_GreatAnd fd:-1 arg_word:{(2)} spids:[278])] ) ] spids: [-1 273] ) ] spids: [-1 289] ) ] spids: [259] ) spids: [255 258] ) (FuncDef name: end body: (BraceGroup children: [ (SimpleCommand words: [{(echo)}] redirects: [(Redir op_id:Redir_Great fd:2 arg_word:{(/dev/null)} spids:[307])] ) (SimpleCommand words: [{(echo)} {(DQ ("Ending tracing..."))}] redirects: [(Redir op_id:Redir_Great fd:2 arg_word:{(/dev/null)} spids:[317])] ) (C {(cd)} {($ VSub_Name "$tracing")}) (C {(warn)} {(DQ ("echo 0 > ") ($ VSub_Name "$kevent_entry") (/enable))}) (C {(warn)} {(DQ ("echo 0 > ") ($ VSub_Name "$kevent_return") (/enable))}) (C {(warn)} {(DQ ("echo > trace"))}) (AndOr children: [ (DParen child:(ArithVarRef name:wroteflock)) (C {(warn)} {(DQ ("rm ") ($ VSub_Name "$flock"))}) ] op_id: Op_DAmp ) ] spids: [298] ) spids: [294 297] ) (FuncDef name: die body: (BraceGroup children: [ (SimpleCommand words: [{(echo)} {(DQ ($ VSub_At "$@"))}] redirects: [(Redir op_id:Redir_GreatAnd fd:-1 arg_word:{(2)} spids:[379])] ) (C {(exit)} {(1)}) ] spids: [374] ) spids: [370 373] ) (FuncDef name: edie body: (BraceGroup children: [ (SimpleCommand words: [{(echo)} {(DQ ($ VSub_At "$@"))}] redirects: [(Redir op_id:Redir_GreatAnd fd:-1 arg_word:{(2)} spids:[407])] ) (SimpleCommand words: [{(exec)}] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[417]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[420]) ] ) (C {(end)}) (C {(exit)} {(1)}) ] spids: [398] ) spids: [394 397] ) (While cond: [ (C {(getopts)} {(d) (Lit_Other ":") (hn) (Lit_Other ":") (p) (Lit_Other ":") (st)} {(opt)}) ] body: (DoGroup children: [ (Case to_match: {($ VSub_Name "$opt")} arms: [ (case_arm pat_list: [{(d)}] action: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_duration) op: Equal rhs: {(1)} spids: [464] ) ] spids: [464] ) terminator: <Op_Semi ";"> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:duration) op: Equal rhs: {($ VSub_Name "$OPTARG")} spids: [468] ) ] spids: [468] ) ] spids: [461 462 471 -1] ) (case_arm pat_list: [{(n)}] action: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_name) op: Equal rhs: {(1)} spids: [477] ) ] spids: [477] ) terminator: <Op_Semi ";"> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:name) op: Equal rhs: {($ VSub_Name "$OPTARG")} spids: [481] ) ] spids: [481] ) ] spids: [474 475 484 -1] ) (case_arm pat_list: [{(p)}] action: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_pid) op: Equal rhs: {(1)} spids: [490] ) ] spids: [490] ) terminator: <Op_Semi ";"> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:pid) op: Equal rhs: {($ VSub_Name "$OPTARG")} spids: [494] ) ] spids: [494] ) ] spids: [487 488 497 -1] ) (case_arm pat_list: [{(t)}] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_time) op: Equal rhs: {(1)} spids: [503] ) ] spids: [503] ) ] spids: [500 501 506 -1] ) (case_arm pat_list: [{(s)}] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_fancy) op: Equal rhs: {(1)} spids: [512] ) ] spids: [512] ) ] spids: [509 510 515 -1] ) (case_arm pat_list: [{(h)} {(Lit_Other "?")}] action: [(C {(usage)})] spids: [518 521 525 -1] ) ] spids: [454 458 528] ) ] spids: [451 530] ) ) (C {(shift)} { (ArithSubPart anode: (ArithBinary op_id: Arith_Minus left: (ArithWord w:{($ VSub_Name "$OPTIND")}) right: (ArithWord w:{(Lit_Digits 1)}) ) spids: [534 543] ) } ) (AndOr children: [(DParen child:(ArithWord w:{($ VSub_Pound "$#")})) (C {(usage)})] op_id: Op_DAmp ) (AndOr children: [ (DParen child: (ArithBinary op_id: Arith_DAmp left: (ArithVarRef name:opt_pid) right: (ArithVarRef name:opt_name) ) ) (C {(die)} {(DQ ("ERROR: use either -p or -n."))}) ] op_id: Op_DAmp ) (AndOr children: [ (DParen child:(ArithVarRef name:opt_pid)) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ftext) op: Equal rhs: {(DQ (" issued to PID ") ($ VSub_Name "$pid"))} spids: [588] ) ] spids: [588] ) ] op_id: Op_DAmp ) (AndOr children: [ (DParen child:(ArithVarRef name:opt_name)) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ftext) op: Equal rhs: { (DQ (" issued by process name ") (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) ($ VSub_Name "$name") (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) ) } spids: [603] ) ] spids: [603] ) ] op_id: Op_DAmp ) (If arms: [ (if_arm cond: [ (Sentence child: (DParen child:(ArithVarRef name:opt_duration)) terminator: <Op_Semi ";"> ) ] action: [ (C {(echo)} { (DQ ("Tracing kill()s") ($ VSub_Name "$ftext") (" for ") ($ VSub_Name "$duration") (" seconds (buffered)...") ) } ) ] spids: [-1 621] ) ] else_action: [(C {(echo)} {(DQ ("Tracing kill()s") ($ VSub_Name "$ftext") (". Ctrl-C to end."))})] spids: [634 645] ) (AndOr children: [ (DBracket expr:(BoolUnary op_id:BoolUnary_x child:{(/usr/bin/mawk)})) (AndOr children: [ (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:awk) op:Equal rhs:{(DQ (mawk))} spids:[664])] spids: [664] ) (AndOr children: [ (C {(mawk)} {(-W)} {(interactive)}) (AndOr children: [ (C {(Lit_Other "[")} {($ VSub_QMark "$?")} {(-eq)} {(0)} {(Lit_Other "]")}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:awk) op: Equal rhs: {(DQ ("mawk -W interactive"))} spids: [692] ) ] spids: [692] ) ] op_id: Op_DAmp ) ] op_id: Op_DAmp ) ] op_id: Op_DAmp ) ] op_id: Op_DAmp ) (AndOr children: [ (DBracket expr:(BoolUnary op_id:BoolUnary_x child:{(/usr/bin/gawk)})) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:awk) op: Equal rhs: {(DQ ("gawk --non-decimal-data"))} spids: [710] ) ] spids: [710] ) ] op_id: Op_DAmp ) (AndOr children: [ (C {(cd)} {($ VSub_Name "$tracing")}) (C {(die)} { (DQ ("ERROR: accessing tracing. Root user? Kernel has FTRACE?\n") (" debugfs mounted? (mount -t debugfs debugfs /sys/kernel/debug)") ) } ) ] op_id: Op_DPipe ) (AndOr children: [ (DBracket expr:(BoolUnary op_id:BoolUnary_e child:{($ VSub_Name "$flock")})) (C {(die)} { (DQ ("ERROR: ftrace may be in use by PID ") (CommandSubPart command_list: (CommandList children:[(C {(cat)} {($ VSub_Name "$flock")})]) left_token: <Left_CommandSub "$("> spids: [750 754] ) (" ") ($ VSub_Name "$flock") ) } ) ] op_id: Op_DAmp ) (AndOr children: [ (SimpleCommand words: [{(echo)} {($ VSub_Dollar "$$")}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{($ VSub_Name "$flock")} spids:[763])] ) (C {(die)} {(DQ ("ERROR: unable to write ") ($ VSub_Name "$flock") (.))}) ] op_id: Op_DPipe ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:wroteflock) op:Equal rhs:{(1)} spids:[777])] spids: [777] ) (SimpleCommand words: [{(echo)} {(nop)}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(current_tracer)} spids:[788])] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [ (SimpleCommand words: [{(echo)} {(1)}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {($ VSub_Name "$kevent_entry") (/enable)} spids: [800] ) ] ) ] negated: True ) terminator: <Op_Semi ";"> ) ] action: [(C {(edie)} {(DQ ("ERROR: enabling kill() entry tracepoint Exiting."))})] spids: [-1 806] ) ] spids: [-1 815] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [ (SimpleCommand words: [{(echo)} {(1)}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {($ VSub_Name "$kevent_return") (/enable)} spids: [825] ) ] ) ] negated: True ) terminator: <Op_Semi ";"> ) ] action: [(C {(edie)} {(DQ ("ERROR: enabling kill() return tracepoint. Exiting."))})] spids: [-1 831] ) ] spids: [-1 840] ) (AndOr children: [ (DParen child:(ArithVarRef name:opt_time)) (C {(printf)} {(DQ ("%-16s "))} {(DQ (TIMEs))}) ] op_id: Op_DAmp ) (C {(printf)} {(DQ ("%-16.16s %-6s %-8s %-10s %4s") (EscapedLiteralPart token:<Lit_EscapedChar "\\n">))} {(DQ (COMM))} {(DQ (PID))} {(DQ (TPID))} {(DQ (SIGNAL))} {(DQ (RETURN))} ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:offset) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {($ VSub_Name "$awk")} { (SQ <"BEGIN { o = 0; }\n"> <" $1 == \"#\" && $2 ~ /TASK/ && NF == 6 { o = 1; }\n"> <" $2 ~ /TASK/ { print o; exit }"> ) } {(trace)} ) ] ) left_token: <Left_CommandSub "$("> spids: [911 921] ) } spids: [910] ) ] spids: [910] ) (C {(warn)} {(DQ ("echo > trace"))}) (Pipeline children: [ (Subshell child: (If arms: [ (if_arm cond: [ (Sentence child: (DParen child:(ArithVarRef name:opt_duration)) terminator: <Op_Semi ";"> ) ] action: [(C {(sleep)} {($ VSub_Name "$duration")}) (C {(cat)} {(trace)})] spids: [-1 945] ) ] else_action: [(C {(cat)} {(trace_pipe)})] spids: [961 972] ) spids: [933 974] ) (C {($ VSub_Name "$awk")} {(-v)} {(Lit_VarLike "o=") ($ VSub_Name "$offset")} {(-v)} {(Lit_VarLike "opt_name=") ($ VSub_Name "$opt_name")} {(-v)} {(Lit_VarLike "name=") ($ VSub_Name "$name")} {(-v)} {(Lit_VarLike "opt_duration=") ($ VSub_Name "$opt_duration")} {(-v)} {(Lit_VarLike "opt_time=") ($ VSub_Name "$opt_time")} {(-v)} {(Lit_VarLike "opt_pid=") ($ VSub_Name "$pid")} {(-v)} {(Lit_VarLike "opt_fancy=") ($ VSub_Name "$opt_fancy")} { (SQ <"\n"> <" # fancy signal names\n"> <" BEGIN {\n"> <" signals[1] = \"SIGHUP\"\n"> <" signals[2] = \"SIGINT\"\n"> <" signals[3] = \"SIGQUIT\"\n"> <" signals[4] = \"SIGILL\"\n"> <" signals[6] = \"SIGABRT\"\n"> <" signals[8] = \"SIGFPE\"\n"> <" signals[9] = \"SIGKILL\"\n"> <" signals[11] = \"SIGSEGV\"\n"> <" signals[13] = \"SIGPIPE\"\n"> <" signals[14] = \"SIGALRM\"\n"> <" signals[15] = \"SIGTERM\"\n"> <" signals[10] = \"SIGUSR1\"\n"> <" signals[12] = \"SIGUSR2\"\n"> <" signals[17] = \"SIGCHLD\"\n"> <" signals[18] = \"SIGCONT\"\n"> <" signals[19] = \"SIGSTOP\"\n"> <" signals[20] = \"SIGTSTP\"\n"> <" signals[21] = \"SIGTTIN\"\n"> <" signals[22] = \"SIGTTOU\"\n"> <" }\n"> <"\n"> <" # common fields\n"> <" $1 != \"#\" {\n"> <" # task name can contain dashes\n"> <" comm = pid = $1\n"> <" sub(/-[0-9][0-9]*/, \"\", comm)\n"> <" if (opt_name && match(comm, name) == 0)\n"> <" next\n"> <" sub(/.*-/, \"\", pid)\n"> <" }\n"> <"\n"> <" # sys_kill() entry\n"> <" $1 != \"#\" && $(4+o) ~ /sys_kill/ && $(5+o) !~ /->/ {\n"> <" #\n"> <" # eg: ... sys_kill(pid:...\n"> <" #\n"> <" kpid = $(5+o)\n"> <" signal = $(7+o)\n"> <" sub(/,$/, \"\", kpid)\n"> <" sub(/\\)$/, \"\", signal)\n"> <" kpid = int(\"0x\"kpid)\n"> <" signal = int(\"0x\"signal)\n"> <" current[pid,\"kpid\"] = kpid\n"> <" current[pid,\"signal\"] = signal\n"> <" }\n"> <"\n"> <" # sys_kill exit\n"> <" $1 != \"#\" && $(5+o) ~ /->/ {\n"> <" rv = int($NF)\n"> <" killed_pid = current[pid,\"kpid\"]\n"> <" signal = current[pid,\"signal\"]\n"> <"\n"> <" delete current[pid,\"kpid\"]\n"> <" delete current[pid,\"signal\"]\n"> <"\n"> <" if(opt_pid && killed_pid != opt_pid) {\n"> <" next\n"> <" }\n"> <"\n"> <" if (opt_time) {\n"> <" time = $(3+o); sub(\":\", \"\", time)\n"> <" printf \"%-16s \", time\n"> <" }\n"> <"\n"> <" if (opt_fancy) {\n"> <" if (signals[signal] != \"\") {\n"> <" signal = signals[signal]\n"> <" }\n"> <" }\n"> <"\n"> < " printf \"%-16.16s %-6s %-8s %-10s %-4s\\n\", comm, pid, killed_pid, signal,\n" > <" rv\n"> <" }\n"> <"\n"> <" $0 ~ /LOST.*EVENTS/ { print \"WARNING: \" $0 > \"/dev/stderr\" }\n"> ) } ) ] negated: False ) (C {(end)}) ] )