rr
rr copied to clipboard
rr-debugger
Trace file formats
Are there any docs on the file format and purpose of each file? I have already read the technical pdf.
$ tree ~/.local/share/rr
├── cpu_lock
├── postgres-1
│ ├── data
│ ├── events
│ ├── mmap_hardlink_3_postgres
│ ├── mmaps
│ ├── tasks
│ └── version
rr dump gives me
{
real_time:116021.545297 global_time:3, event:`SYSCALL: write' (state:ENTERING_SYSCALL) tid:19309, ticks:12
rax:0xffffffffffffffda rbx:0x55a9550347d0 rcx:0xffffffffffffffff rdx:0x4 rsi:0x7ffced30d500 rdi:0xffffffff rbp:0xa rsp:0x7ffced30d498 r8:0x7f91dcf4b280 r9:0x7ffced30d570 r10:0x0 r11:0x246 r12:0x55a955036fc0 r13:0x3e9 r14:0x55a955039ca0 r15:0x55a955038220 rip:0x7f91dce50a3d eflags:0x246 cs:0x33 ss:0x2b ds:0x0 es:0x0 fs:0x0 gs:0x0 orig_rax:0x1 fs_base:0x7f91dcd2d740 gs_base:0x0
}
{
real_time:116021.545327 global_time:4, event:`SYSCALL: write' (state:EXITING_SYSCALL) tid:19309, ticks:12
rax:0xfffffffffffffff7 rbx:0x55a9550347d0 rcx:0xffffffffffffffff rdx:0x4 rsi:0x7ffced30d500 rdi:0xffffffff rbp:0xa rsp:0x7ffced30d498 r8:0x7f91dcf4b280 r9:0x7ffced30d570 r10:0x0 r11:0x246 r12:0x55a955036fc0 r13:0x3e9 r14:0x55a955039ca0 r15:0x55a955038220 rip:0x7f91dce50a3d eflags:0x246 cs:0x33 ss:0x2b ds:0x0 es:0x0 fs:0x0 gs:0x0 orig_rax:0x1 fs_base:0x7f91dcd2d740 gs_base:0x0
}
I am most interested in how to access/view the memory changes from syscalls.
It's not well-documented, but that's in the data file. Studying DumpCommand.cc should help.
I am most interested in how to access/view the memory changes from syscalls.
For this particular case dump -m will help.
Note that for unbuffered syscalls it's pretty simple (rr dump -m summarizes it and the records are very simple), but when syscall buffering is enabled it's pretty complex to extract the memory written by syscalls, because it comes down to C code in syscallbuf.c copying data out of the syscallbuf buffer.