Understanding a parser.

[Rishi Bhatt]

Hi,Thanks So which are the available syscalls for which i can implement the
decoders?

On Wed, Mar 22, 2017 at 7:12 AM, Eugene Syromyatnikov <evgsyr at gmail.com>
wrote:

> On Sun, Mar 19, 2017 at 01:47:22AM +0530, Rishi Bhatt wrote:
> > Hi,
> > Well i am currently understanding how to implement a parser,so i am
> > starting with the simple ones first i.e umask.c,readahead.c,mount.c.
> >
> > What i know about the implementation of parser:
> > What we do in these are use the tcb struct(u_arg[]) to get the values
> that
> > are passed in as arguments,i am not going into that detail for now (or
> > should i go?),i guess for now i should just accept it.
> You can check trace_syscall_entering() and specifically get_syscall_args()
> linux/*/get_syscall_args.c for the code which retrieves data from the
> tracee in
> case you are wondering how it is implemented. Basically, it retrieves
> data from registers used for passing function call arguments. For the most
> part, they trivially map on function arguments, except some peculiarities
> like
> passing 64-bit argument on 32-bit architectures.
>
> > Now taking an example of a parser lets say mount.c:
> > arguments of mount:source,target,filesystem,mountflags and data.
> >
> > So if i am implementing a mount parser i have to get the values that is
> > being passed in this syscall that i can get from registers(somehow), also
> > the return value and error values.
> This is done already in the beginning of trace_syscall_{entering,
> exiting}().
>
> > Also we have to consider printing the
> > appropriate things with appropriate wrappers like if we are printing
> source
> > and target in mount.c we are using printpath and if address ,it is
> prinnted
> > by printaddr and etc.
> Well, this is the current state of things. Printing is handled by
> decoders, there are some helpers defined in defs.h/util.c for printing
> specific formats, but in most cases it boils down to set of
> tprintf/tprints with
> appropriately casted/processed arguments.
>
> > And we have to first know what can be value of a specific parameter in
> > different condition,like in mount.c we are printing "mount_filesystem"
> as a
> > address or as string.(ignore_type)
> Yes, this is a part of mount syscall semantics.
>
> > So this should be the info to start implementing a parser?
> >
> > So please fill me up with more detail if i am missing something or i am
> > interpreting something in a wrong way,and if possible can you give me
> some
> > small parser related thing to implement so i can understand it better.So
> i
> > can try to start implementing a parser.
>
> First, which parser you want to implement? Usually it starts with
> figuring out the syscall argument semantics and the way arguments are
> handled by the kernel—strace tries to show the way kernel sees
> arguments, so one (while it uses strace) could try to extrapolate what
> kernel
> would do with them. Once this understanding is obtained, decoder
> implementation
> itself is relatively easy. Other tricky part is figuring out proper test
> cases
> which check whether decoder prints what it is intended to be printed as
> much as
> possible.
>
> Please, do not hesitate to ask specific questions.
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Strace-devel mailing list
> Strace-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/strace-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20170328/e77ff73d/attachment.html>