(CommandList children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:tracing spids:[148]) op: Equal rhs: {(/sys/kernel/debug/tracing)} spids: [148] ) ] spids: [148] ) (CommandList children: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:flock spids:[151]) op: Equal rhs: {(/var/tmp/.ftrace-lock)} spids: [151] ) ] spids: [151] ) terminator: <Op_Semi ';'> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:wroteflock spids:[155]) op: Equal rhs: {(0)} spids: [155] ) ] spids: [155] ) ] ) (CommandList children: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_duration spids:[158]) op: Equal rhs: {(0)} spids: [158] ) ] spids: [158] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:duration spids:[162]) op: Equal rhs: (EmptyWord) spids: [162] ) ] spids: [162] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_name spids:[165]) op: Equal rhs: {(0)} spids: [165] ) ] spids: [165] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:name spids:[169]) op: Equal rhs: (EmptyWord) spids: [169] ) ] spids: [169] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_pid spids:[172]) op: Equal rhs: {(0)} spids: [172] ) ] spids: [172] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:pid spids:[176]) op: Equal rhs: (EmptyWord) spids: [176] ) ] spids: [176] ) terminator: <Op_Semi ';'> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ftext spids:[179]) op: Equal rhs: (EmptyWord) spids: [179] ) ] spids: [179] ) ] ) (CommandList children: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_time spids:[181]) op: Equal rhs: {(0)} spids: [181] ) ] spids: [181] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_fail spids:[185]) op: Equal rhs: {(0)} spids: [185] ) ] spids: [185] ) terminator: <Op_Semi ';'> ) (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_file spids:[189]) op: Equal rhs: {(0)} spids: [189] ) ] spids: [189] ) terminator: <Op_Semi ';'> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:file spids:[193]) op: Equal rhs: (EmptyWord) spids: [193] ) ] spids: [193] ) ] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:kevent_entry spids:[195]) op: Equal rhs: {(events/syscalls/sys_enter_kill)} spids: [195] ) ] spids: [195] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:kevent_return spids:[198]) op: Equal rhs: {(events/syscalls/sys_exit_kill)} spids: [198] ) ] spids: [198] ) (C {(trap)} {(SQ <':'>)} {(INT)} {(QUIT)} {(TERM)} {(PIPE)} {(HUP)}) (FuncDef name: usage body: (BraceGroup children: [ (SimpleCommand words: [{(cat)}] redirects: [ (HereDoc op: <Redir_DLessDash '<<-'> fd: 16777215 here_begin: {(END)} here_end_span_id: 250 stdin_parts: [ ('USAGE: killsnoop [-hst] [-d secs] [-p PID] [-n name] [filename]\n') (' -d seconds # trace duration, and use buffers\n') (' -n name # process name to match \n') (' -p PID # PID to match on kill issue\n') (' -t # include time (seconds)\n') (' -s # human readable signal names\n') (' -h # this usage message\n') (' eg,\n') (' killsnoop # watch kill()s live (unbuffered)\n') (' killsnoop -d 1 # trace 1 sec (buffered)\n') (' killsnoop -p 181 # trace kill()s issued to PID 181 only\n') ('\n') ('See the man page and example file for more info.\n') ] ) (Redir op:<Redir_GreatAnd '>&'> fd:16777215 arg_word:{(2)}) ] ) (ControlFlow token:<ControlFlow_Exit exit>) ] spids: [225] ) spids: [221 224] ) (FuncDef name: warn body: (BraceGroup children: [ (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children:[(C {(eval)} {(DQ ($ VSub_At '$@'))})] negated:T) terminator: <Op_Semi ';'> ) ] action: [ (SimpleCommand words: [ {(echo)} { (DQ ('WARNING: command failed ') (EscapedLiteralPart token: <Lit_EscapedChar '\\"'> ) ($ VSub_At '$@') (EscapedLiteralPart token:<Lit_EscapedChar '\\"'>) ) } ] redirects: [(Redir op:<Redir_GreatAnd '>&'> fd:16777215 arg_word:{(2)})] ) ] spids: [16777215 275] ) ] spids: [16777215 291] ) ] spids: [261] ) spids: [257 260] ) (FuncDef name: end body: (BraceGroup children: [ (SimpleCommand words: [{(echo)}] redirects: [(Redir op:<Redir_Great '2>'> fd:2 arg_word:{(/dev/null)})] ) (SimpleCommand words: [{(echo)} {(DQ ('Ending tracing...'))}] redirects: [(Redir op:<Redir_Great '2>'> fd:2 arg_word:{(/dev/null)})] ) (C {(cd)} {($ VSub_Name '$tracing')}) (C {(warn)} {(DQ ('echo 0 > ') ($ VSub_Name '$kevent_entry') (/enable))}) (C {(warn)} {(DQ ('echo 0 > ') ($ VSub_Name '$kevent_return') (/enable))}) (C {(warn)} {(DQ ('echo > trace'))}) (AndOr ops: [Op_DAmp] children: [ (DParen child: (ArithVarRef token:<Lit_ArithVarLike wroteflock>) spids: [353 358] ) (C {(warn)} {(DQ ('rm ') ($ VSub_Name '$flock'))}) ] ) ] spids: [300] ) spids: [296 299] ) (FuncDef name: die body: (BraceGroup children: [ (SimpleCommand words: [{(echo)} {(DQ ($ VSub_At '$@'))}] redirects: [(Redir op:<Redir_GreatAnd '>&'> fd:16777215 arg_word:{(2)})] ) (ControlFlow token:<ControlFlow_Exit exit> arg_word:{(1)}) ] spids: [376] ) spids: [372 375] ) (FuncDef name: edie body: (BraceGroup children: [ (SimpleCommand words: [{(echo)} {(DQ ($ VSub_At '$@'))}] redirects: [(Redir op:<Redir_GreatAnd '>&'> fd:16777215 arg_word:{(2)})] ) (SimpleCommand words: [{(exec)}] redirects: [ (Redir op:<Redir_Great '>'> fd:16777215 arg_word:{(/dev/null)}) (Redir op:<Redir_GreatAnd '2>&'> fd:2 arg_word:{(1)}) ] ) (C {(end)}) (ControlFlow token:<ControlFlow_Exit exit> arg_word:{(1)}) ] spids: [400] ) spids: [396 399] ) (WhileUntil keyword: <KW_While while> cond: [ (C {(getopts)} {(d) (Lit_Other ':') (hn) (Lit_Other ':') (p) (Lit_Other ':') (st)} {(opt)}) ] body: (DoGroup children: [ (Case to_match: {($ VSub_Name '$opt')} arms: [ (case_arm pat_list: [{(d)}] action: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_duration spids:[466]) op: Equal rhs: {(1)} spids: [466] ) ] spids: [466] ) terminator: <Op_Semi ';'> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:duration spids:[470]) op: Equal rhs: {($ VSub_Name '$OPTARG')} spids: [470] ) ] spids: [470] ) ] spids: [463 464 473 16777215] ) (case_arm pat_list: [{(n)}] action: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_name spids:[479]) op: Equal rhs: {(1)} spids: [479] ) ] spids: [479] ) terminator: <Op_Semi ';'> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:name spids:[483]) op: Equal rhs: {($ VSub_Name '$OPTARG')} spids: [483] ) ] spids: [483] ) ] spids: [476 477 486 16777215] ) (case_arm pat_list: [{(p)}] action: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_pid spids:[492]) op: Equal rhs: {(1)} spids: [492] ) ] spids: [492] ) terminator: <Op_Semi ';'> ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:pid spids:[496]) op: Equal rhs: {($ VSub_Name '$OPTARG')} spids: [496] ) ] spids: [496] ) ] spids: [489 490 499 16777215] ) (case_arm pat_list: [{(t)}] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_time spids:[505]) op: Equal rhs: {(1)} spids: [505] ) ] spids: [505] ) ] spids: [502 503 508 16777215] ) (case_arm pat_list: [{(s)}] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:opt_fancy spids:[514]) op: Equal rhs: {(1)} spids: [514] ) ] spids: [514] ) ] spids: [511 512 517 16777215] ) (case_arm pat_list: [{(h)} {(Lit_Other '?')}] action: [(C {(usage)})] spids: [520 523 527 16777215] ) ] spids: [456 460 530] ) ] spids: [453 532] ) ) (C {(shift)} { (ArithSubPart anode: (ArithBinary op_id: Arith_Minus left: (ArithWord w:{($ VSub_Name '$OPTIND')}) right: (ArithWord w:{(Lit_Digits 1)}) ) spids: [536 545] ) } ) (AndOr ops: [Op_DAmp] children: [(DParen child:(ArithWord w:{($ VSub_Pound '$#')}) spids:[547 552]) (C {(usage)})] ) (AndOr ops: [Op_DAmp] children: [ (DParen child: (ArithBinary op_id: Arith_DAmp left: (ArithVarRef token:<Lit_ArithVarLike opt_pid>) right: (ArithVarRef token:<Lit_ArithVarLike opt_name>) ) spids: [562 571] ) (C {(die)} {(DQ ('ERROR: use either -p or -n.'))}) ] ) (AndOr ops: [Op_DAmp] children: [ (DParen child:(ArithVarRef token:<Lit_ArithVarLike opt_pid>) spids:[581 586]) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ftext spids:[590]) op: Equal rhs: {(DQ (' issued to PID ') ($ VSub_Name '$pid'))} spids: [590] ) ] spids: [590] ) ] ) (AndOr ops: [Op_DAmp] children: [ (DParen child:(ArithVarRef token:<Lit_ArithVarLike opt_name>) spids:[596 601]) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ftext spids:[605]) op: Equal rhs: { (DQ (' issued by process name ') (EscapedLiteralPart token:<Lit_EscapedChar '\\"'>) ($ VSub_Name '$name') (EscapedLiteralPart token:<Lit_EscapedChar '\\"'>) ) } spids: [605] ) ] spids: [605] ) ] ) (If arms: [ (if_arm cond: [ (Sentence child: (DParen child: (ArithVarRef token:<Lit_ArithVarLike opt_duration>) spids: [615 620] ) terminator: <Op_Semi ';'> ) ] action: [ (C {(echo)} { (DQ ('Tracing kill()s') ($ VSub_Name '$ftext') (' for ') ($ VSub_Name '$duration') (' seconds (buffered)...') ) } ) ] spids: [16777215 623] ) ] else_action: [(C {(echo)} {(DQ ('Tracing kill()s') ($ VSub_Name '$ftext') ('. Ctrl-C to end.'))})] spids: [636 647] ) (AndOr ops: [Op_DAmp Op_DAmp Op_DAmp Op_DAmp] children: [ (DBracket expr:(BoolUnary op_id:BoolUnary_x child:{(/usr/bin/mawk)})) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:awk spids:[666]) op: Equal rhs: {(DQ (mawk))} spids: [666] ) ] spids: [666] ) (C {(mawk)} {(-W)} {(interactive)}) (C {(Lit_Other '[')} {($ VSub_QMark '$?')} {(-eq)} {(0)} {(Lit_Other ']')}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:awk spids:[694]) op: Equal rhs: {(DQ ('mawk -W interactive'))} spids: [694] ) ] spids: [694] ) ] ) (AndOr ops: [Op_DAmp] children: [ (DBracket expr:(BoolUnary op_id:BoolUnary_x child:{(/usr/bin/gawk)})) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:awk spids:[712]) op: Equal rhs: {(DQ ('gawk --non-decimal-data'))} spids: [712] ) ] spids: [712] ) ] ) (AndOr ops: [Op_DPipe] children: [ (C {(cd)} {($ VSub_Name '$tracing')}) (C {(die)} { (DQ ('ERROR: accessing tracing. Root user? Kernel has FTRACE?\n') (' debugfs mounted? (mount -t debugfs debugfs /sys/kernel/debug)') ) } ) ] ) (AndOr ops: [Op_DAmp] children: [ (DBracket expr:(BoolUnary op_id:BoolUnary_e child:{($ VSub_Name '$flock')})) (C {(die)} { (DQ ('ERROR: ftrace may be in use by PID ') (CommandSubPart command_list: (CommandList children:[(C {(cat)} {($ VSub_Name '$flock')})]) left_token: <Left_CommandSub '$('> spids: [752 756] ) (' ') ($ VSub_Name '$flock') ) } ) ] ) (AndOr ops: [Op_DPipe] children: [ (SimpleCommand words: [{(echo)} {($ VSub_Dollar '$$')}] redirects: [(Redir op:<Redir_Great '>'> fd:16777215 arg_word:{($ VSub_Name '$flock')})] ) (C {(die)} {(DQ ('ERROR: unable to write ') ($ VSub_Name '$flock') (.))}) ] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:wroteflock spids:[779]) op:Equal rhs:{(1)} spids:[779])] spids: [779] ) (SimpleCommand words: [{(echo)} {(nop)}] redirects: [(Redir op:<Redir_Great '>'> fd:16777215 arg_word:{(current_tracer)})] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [ (SimpleCommand words: [{(echo)} {(1)}] redirects: [ (Redir op: <Redir_Great '>'> fd: 16777215 arg_word: {($ VSub_Name '$kevent_entry') (/enable)} ) ] ) ] negated: T ) terminator: <Op_Semi ';'> ) ] action: [(C {(edie)} {(DQ ('ERROR: enabling kill() entry tracepoint Exiting.'))})] spids: [16777215 808] ) ] spids: [16777215 817] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [ (SimpleCommand words: [{(echo)} {(1)}] redirects: [ (Redir op: <Redir_Great '>'> fd: 16777215 arg_word: {($ VSub_Name '$kevent_return') (/enable)} ) ] ) ] negated: T ) terminator: <Op_Semi ';'> ) ] action: [(C {(edie)} {(DQ ('ERROR: enabling kill() return tracepoint. Exiting.'))})] spids: [16777215 833] ) ] spids: [16777215 842] ) (AndOr ops: [Op_DAmp] children: [ (DParen child:(ArithVarRef token:<Lit_ArithVarLike opt_time>) spids:[844 849]) (C {(printf)} {(DQ ('%-16s '))} {(DQ (TIMEs))}) ] ) (C {(printf)} {(DQ ('%-16.16s %-6s %-8s %-10s %4s') (Lit_Other '\\') (n))} {(DQ (COMM))} {(DQ (PID))} {(DQ (TPID))} {(DQ (SIGNAL))} {(DQ (RETURN))} ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:offset spids:[913]) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {($ VSub_Name '$awk')} { (SQ <'BEGIN { o = 0; }\n'> <' $1 == "#" && $2 ~ /TASK/ && NF == 6 { o = 1; }\n'> <' $2 ~ /TASK/ { print o; exit }'> ) } {(trace)} ) ] ) left_token: <Left_CommandSub '$('> spids: [914 924] ) } spids: [913] ) ] spids: [913] ) (C {(warn)} {(DQ ('echo > trace'))}) (Pipeline children: [ (Subshell child: (If arms: [ (if_arm cond: [ (Sentence child: (DParen child: (ArithVarRef token:<Lit_ArithVarLike opt_duration>) spids: [940 945] ) terminator: <Op_Semi ';'> ) ] action: [(C {(sleep)} {($ VSub_Name '$duration')}) (C {(cat)} {(trace)})] spids: [16777215 948] ) ] else_action: [(C {(cat)} {(trace_pipe)})] spids: [964 975] ) spids: [936 977] ) (C {($ VSub_Name '$awk')} {(-v)} {(Lit_VarLike 'o=') ($ VSub_Name '$offset')} {(-v)} {(Lit_VarLike 'opt_name=') ($ VSub_Name '$opt_name')} {(-v)} {(Lit_VarLike 'name=') ($ VSub_Name '$name')} {(-v)} {(Lit_VarLike 'opt_duration=') ($ VSub_Name '$opt_duration')} {(-v)} {(Lit_VarLike 'opt_time=') ($ VSub_Name '$opt_time')} {(-v)} {(Lit_VarLike 'opt_pid=') ($ VSub_Name '$pid')} {(-v)} {(Lit_VarLike 'opt_fancy=') ($ VSub_Name '$opt_fancy')} { (SQ <'\n'> <' # fancy signal names\n'> <' BEGIN {\n'> <' signals[1] = "SIGHUP"\n'> <' signals[2] = "SIGINT"\n'> <' signals[3] = "SIGQUIT"\n'> <' signals[4] = "SIGILL"\n'> <' signals[6] = "SIGABRT"\n'> <' signals[8] = "SIGFPE"\n'> <' signals[9] = "SIGKILL"\n'> <' signals[11] = "SIGSEGV"\n'> <' signals[13] = "SIGPIPE"\n'> <' signals[14] = "SIGALRM"\n'> <' signals[15] = "SIGTERM"\n'> <' signals[10] = "SIGUSR1"\n'> <' signals[12] = "SIGUSR2"\n'> <' signals[17] = "SIGCHLD"\n'> <' signals[18] = "SIGCONT"\n'> <' signals[19] = "SIGSTOP"\n'> <' signals[20] = "SIGTSTP"\n'> <' signals[21] = "SIGTTIN"\n'> <' signals[22] = "SIGTTOU"\n'> <' }\n'> <'\n'> <' # common fields\n'> <' $1 != "#" {\n'> <' # task name can contain dashes\n'> <' comm = pid = $1\n'> <' sub(/-[0-9][0-9]*/, "", comm)\n'> <' if (opt_name && match(comm, name) == 0)\n'> <' next\n'> <' sub(/.*-/, "", pid)\n'> <' }\n'> <'\n'> <' # sys_kill() entry\n'> <' $1 != "#" && $(4+o) ~ /sys_kill/ && $(5+o) !~ /->/ {\n'> <' #\n'> <' # eg: ... sys_kill(pid:...\n'> <' #\n'> <' kpid = $(5+o)\n'> <' signal = $(7+o)\n'> <' sub(/,$/, "", kpid)\n'> <' sub(/\\)$/, "", signal)\n'> <' kpid = int("0x"kpid)\n'> <' signal = int("0x"signal)\n'> <' current[pid,"kpid"] = kpid\n'> <' current[pid,"signal"] = signal\n'> <' }\n'> <'\n'> <' # sys_kill exit\n'> <' $1 != "#" && $(5+o) ~ /->/ {\n'> <' rv = int($NF)\n'> <' killed_pid = current[pid,"kpid"]\n'> <' signal = current[pid,"signal"]\n'> <'\n'> <' delete current[pid,"kpid"]\n'> <' delete current[pid,"signal"]\n'> <'\n'> <' if(opt_pid && killed_pid != opt_pid) {\n'> <' next\n'> <' }\n'> <'\n'> <' if (opt_time) {\n'> <' time = $(3+o); sub(":", "", time)\n'> <' printf "%-16s ", time\n'> <' }\n'> <'\n'> <' if (opt_fancy) {\n'> <' if (signals[signal] != "") {\n'> <' signal = signals[signal]\n'> <' }\n'> <' }\n'> <'\n'> < ' printf "%-16.16s %-6s %-8s %-10s %-4s\\n", comm, pid, killed_pid, signal,\n' > <' rv\n'> <' }\n'> <'\n'> <' $0 ~ /LOST.*EVENTS/ { print "WARNING: " $0 > "/dev/stderr" }\n'> ) } ) ] negated: F ) (C {(end)}) ] )