Feature request: hooks for execve calls

Thu Dec 15 21:57:36 UTC 2022

Hi strace list,

I'm wondering if it is possible,
to execute extra commands (hooks) everytime (before and/or after) 'strace' writes an 'execve' to its output file.
I would like to use this feature for analyzing complex build scripts.

I'll give a small example below in order to explain what I mean.

Currently I'm using Fedora 36 and strace 5.16.

And for the sake of the argument I would like to install hooks for 'gcc' calls.
Perhaps a list of 'possible calls', one would like to observe, would be even better.
The example below will generate a strace.log file.

Let's call the hooks
'/home/user/strace-hook-before.sh' and '/home/user/strace-hook-after.sh'

Inspecting the log file we see something like this

--- begin reduced strace.log ---
...
6203  write(1, "gcc -c test.c -o test.o\n", 24) = 24
6203  ...
6203  clone3({flags=CLONE_VM|CLONE_VFORK, exit_signal=SIGCHLD, stack=0x7f356077e000, stack_size=0x9000}, 88 <unfinished ...>
6205  ...
----> /* essentially call 'hook-before' here immediately before the execve syscall */
----> /* execve("/home/user/strace-hook-before.sh", ["/home/user/strace-hook-before.sh", "gcc", "-c", "test.c", "-o", "test.o"], ... */
6205  execve("/usr/bin/gcc", ["gcc", "-c", "test.c", "-o", "test.o"], 0x561fc7bfda80 /* 74 vars */ <unfinished ...> /**************/
6203  <... clone3 resumed>)             = 6205
6203  ...
6205  <... execve resumed>)             = 0
6203  ...
6203  wait4(-1,  <unfinished ...>
6205  brk(NULL)                         = 0x202b000
6205  ...
6205  exit_group(0)                     = ?
6205  +++ exited with 0 +++
6203  <... wait4 resumed>[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6205
----> /* essentially call 'hook-after' here immediately after the execve syscall */
----> /* execve("/home/user/strace-hook-after.sh", ["/home/user/strace-hook-after.sh", "gcc", "-c", "test.c", "-o", "test.o"], ... */
6203  ...
--- end reduced strace.log ---

Of course the installed hooks should be exempt from the given --follow-forks (-f) strace cmdline parameter below.
The hooks would only be installed if and only if the zeroth entry in the list of the /**************/ marked line
would have a perfect match within the to be given list of 'possible calls'.

Thus one would need to give
- the hooks
- a list of 'possible calls' we would like to observe
as arguments for a to be improved strace.

Question 1:
   Do you think this is doable?
Question 2:
   Can an effect like the one suggested already be done with a newer strace version?
Question 3:
   Might there already exist a different utility other than 'strace' that might accomplish this (on Fedora)?
Question 4:
   I've seen something like a 'Lua' interface while googling. I've even found patches.
   What is the situation there at the moment?
   grepping for 'Lua' within the repo
Question 5:
   Is there a chance for such a feature request to be merged?
Question 6:
   Which is currently the active repo for developers?
   https://gitlab.com/strace/strace/
   or
   https://github.com/strace/strace

Best regards
Andre

--- begin strace.log creation ---
[user at localhost ~]$ dnf list installed | grep strace
strace.x86_64                               5.16-1.fc36                         @fedora
[user at localhost strace]$ cat Makefile
all:
	rm -rf test.o
	gcc -c test.c -o test.o
	rm -rf test.o
	/usr/bin/gcc -c test.c -o test.o

[user at localhost strace]$ cat build.sh
#/usr/bin/bash

make

[user at localhost strace]$ cat Makefile
all:
	rm -rf test.o
	gcc -c test.c -o test.o
	rm -rf test.o
	/usr/bin/gcc -c test.c -o test.o

[user at localhost strace]$ cat test.c
#include <stdio.h>

int main()
{
	printf("hello world\n");
	return 0;
}

[user at localhost strace]$ strace -f -o strace.log sh ./build.sh
rm -rf test.o
gcc -c test.c -o test.o
rm -rf test.o
/usr/bin/gcc -c test.c -o test.o
--- end strace.log creation ---