Exact is what I'm focusing on here...
mmap(0x37aa74d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14d000) = 0x37aa74d000
All are saying that strace returns all syscalls used,but I grep entry.S and there's only sys_mmap not simply mmap,which means mmap is not syscall,should be sys_mmap.
So what exactly is strace outputing??
Another question is that开发者_StackOverflow中文版 I think = 0x37aa74d000 means the return value,right?But what if the function doesn't have return type?(void)?
strace produces the names of the system calls from user space's perspective: so mmap, open, read, write, etc. This will be different from the function call that was coded when the libc wrapper does something more complicated than just trap into the OS. For instance, if you call sigaction in your code, strace will show you a call to rt_sigaction, because for many years now, rt_sigaction has been the most general system call for setting signal actions, so GNU libc implements all of the signal-setting functions in terms of that primitive. (In this case, it happens that you cannot call rt_sigaction directly, because glibc doesn't expose a wrapper for it -- I don't know why that is.)
sys_mmap is the name of a function inside the Linux kernel that happens to be the entry point for the mmap system call. Linus could have chosen any naming convention he wanted for system call entry points -- mmap, mach_mmap, ZwMmap, whatever -- it's an implementation detail, irrelevant to user space. So strace does not show you those names.
The only system calls whose return type is void are the ones that terminate the process, such as exit_group. (From a programming-language-design perspective, it would be more accurate to say that they don't have a return type, because they don't return.) strace prints those like so:
exit_group(0) = ?
All other system calls return something, because all of them can, at least theoretically, fail, and they have to tell you if they did. If there's no value for them to return besides a success/failure indication, then they return an int which is zero for success or -1 for failure, and strace prints that verbatim. [Soapbox: This is a long-standing design error in Unix, going back at least as far as the first implementation of NFS. It should be impossible for resource deallocation primitives -- close, munmap, etc -- to fail, and their return type should be void to indicate that. I fully intend to fix this as soon as I get a time machine.]
mmap(2) is a libc wrapper around the system call sys_mmap. Use ltrace if you want to analyse library calls.
mmap's return type is void*, which is a non-typed pointer, which is what it returns upon successful mapping.
In addition to the excellent answers already given here, it is worth stressing that people often confuse system calls (which are requests made directly to the kernel) and library calls (which generally refer to calls to GlibC functions).
Many GlibC calls have the same name as system calls (eg read, write, open etc) and are simply wrappers for the system call they invoke. Others are not quite so simple, for example the exec family of GlibC functions all use the 'execve' system call to execute a program so all of them will show up as a call to execve in strace.
Often when people talk about system calls they really mean library calls and the function they are using will differ in the strace output.
Strace is printing syscalls, and mmap is out of them, check man mmap:
map or unmap files or devices into memory
Here is its definition:
void *mmap(void *addr, size_t lengthint " prot ", int " flags , int fd, off_t offset);int munmap(void *addr, size_t length);
and the last number is the return value:
On success,
mmap()returns a pointer to the mapped area. On error, the valueMAP_FAILED(that is,(void *) -1) is returned, and errno is set appropriately. On success,munmap()returns 0, on failure -1, and errno is set (probably toEINVAL).
For each syscall you can check their man pages. To learn more about strace output it-self, check man strace.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论