Home

Awesome

lldb-trace

Gives complete trace of a function execution including all sub-calls.

Example use

a + 0x1c ==> b
     b + 0xd ==> usleep
         usleep + 0x0 === usleep + 0x0
         usleep + 0x31 ==> nanosleep
             nanosleep + 0x0 === nanosleep + 0x0
             nanosleep + 0x25 ==> pthread_testcancel
                 pthread_testcancel + 0x0 === pthread_testcancel + 0x0
                 pthread_testcancel + 0x20 === _pthread_testcancel + 0x0
                 _pthread_testcancel + 0x17 ==> OSSpinLockLock
                     OSSpinLockLock + 0x0 === _spin_lock + 0x0
                 _pthread_testcancel + 0x1c <==
                 _pthread_testcancel + 0x22 ==> OSSpinLockUnlock
                     OSSpinLockUnlock + 0x0 === _spin_unlock + 0x0
                 _pthread_testcancel + 0x27 <==
             nanosleep + 0x2a <==
             nanosleep + 0xc3 ==> __semwait_signal
                 __semwait_signal + 0x0 === __semwait_signal + 0x0
                 Syscall 0x000000000200014e
                 __semwait_signal + 0xf === cerror + 0x0
                 cerror + 0x8 ==> _pthread_exit_if_canceled
                     _pthread_exit_if_canceled + 0xa === _pthread_exit_if_canceled + 0x0
                 cerror + 0xd <==
                 cerror + 0xf ==> cerror_nocancel
                 cerror + 0x14 <==
             nanosleep + 0xc8 <==
             nanosleep + 0xcc ==> __error
                 __error + 0x0 === __error + 0x0
             nanosleep + 0xd1 <==
         usleep + 0x36 <==
     b + 0x12 <==
 a + 0x21 <==

where ==> denotes call to a function, === jmp to a different symbol, <== is a return, Syscall ID is where a syscall of a given ID is executed.

Help

(lldb) trace -h gives a list of options trace accepts, currently:

Options:
 -h, --help            show this help message and exit
 -v, --verbose         Produce verbose output, useful for debugging
 -f FILE, --file=FILE  Redirect output to the specified file
 -s, --stdout          Log to stdout directly, which is against lldb policy,
                       but produces incremental output (flush works)
 -m, --module-only     Trace only in the module where root symbol was defined

More advanced usage

Debugging

TODOs